1832 lines
241 KiB
JSON
1832 lines
241 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56864321-e4c0-4a50-b7cf-1102ee4c2808",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:56:42.000Z",
|
||
|
"modified": "2020-12-30T13:56:42.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56864321-e4c0-4a50-b7cf-1102ee4c2808",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:56:42.000Z",
|
||
|
"modified": "2020-12-30T13:56:42.000Z",
|
||
|
"name": "RegretLocker - VMRay Analyzer Report for Sample #1500977",
|
||
|
"published": "2020-12-30T13:56:52Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--0d6149fa-7d99-43b7-9945-449c34054e55",
|
||
|
"url--0d6149fa-7d99-43b7-9945-449c34054e55",
|
||
|
"observed-data--1196afab-f33f-4bfa-87b7-dacb0f19f1de",
|
||
|
"url--1196afab-f33f-4bfa-87b7-dacb0f19f1de",
|
||
|
"observed-data--b47f9402-8287-47c5-93ec-7cbba8b5081c",
|
||
|
"url--b47f9402-8287-47c5-93ec-7cbba8b5081c",
|
||
|
"observed-data--66a9b551-e555-43f2-9716-55ec617d4bb3",
|
||
|
"mutex--66a9b551-e555-43f2-9716-55ec617d4bb3",
|
||
|
"observed-data--c0a3e8aa-1a13-45cc-bcbd-045aa63240db",
|
||
|
"domain-name--c0a3e8aa-1a13-45cc-bcbd-045aa63240db",
|
||
|
"observed-data--eb5ed5b8-1635-4ec6-abae-4c80efd17880",
|
||
|
"domain-name--eb5ed5b8-1635-4ec6-abae-4c80efd17880",
|
||
|
"observed-data--e3d57113-2296-4e3f-b871-0ac228405ede",
|
||
|
"url--e3d57113-2296-4e3f-b871-0ac228405ede",
|
||
|
"observed-data--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d",
|
||
|
"domain-name--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d",
|
||
|
"observed-data--9c61d329-ad4b-4ce8-8813-2086a0434292",
|
||
|
"url--9c61d329-ad4b-4ce8-8813-2086a0434292",
|
||
|
"observed-data--1726a7d8-2589-4985-ab3d-b8d0933a9854",
|
||
|
"domain-name--1726a7d8-2589-4985-ab3d-b8d0933a9854",
|
||
|
"observed-data--54e046eb-3dbc-4001-8e52-bb78aa43096d",
|
||
|
"url--54e046eb-3dbc-4001-8e52-bb78aa43096d",
|
||
|
"observed-data--b60efdd4-d26b-449a-a04a-454986ea4360",
|
||
|
"domain-name--b60efdd4-d26b-449a-a04a-454986ea4360",
|
||
|
"observed-data--015c0c28-8256-45bc-9588-e20cd7d75181",
|
||
|
"url--015c0c28-8256-45bc-9588-e20cd7d75181",
|
||
|
"observed-data--25c853cf-edbc-4141-b4c5-9a34fb100368",
|
||
|
"domain-name--25c853cf-edbc-4141-b4c5-9a34fb100368",
|
||
|
"observed-data--59c92eff-4581-4f5c-95c1-c37b0165ee20",
|
||
|
"url--59c92eff-4581-4f5c-95c1-c37b0165ee20",
|
||
|
"observed-data--31f77d87-72eb-47eb-a1cf-169fe11b227e",
|
||
|
"domain-name--31f77d87-72eb-47eb-a1cf-169fe11b227e",
|
||
|
"observed-data--dd085402-6038-4b45-8bb9-ffe3d850ca4f",
|
||
|
"url--dd085402-6038-4b45-8bb9-ffe3d850ca4f",
|
||
|
"observed-data--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84",
|
||
|
"domain-name--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84",
|
||
|
"observed-data--fc26844c-a53e-4324-899a-f38a118f0430",
|
||
|
"url--fc26844c-a53e-4324-899a-f38a118f0430",
|
||
|
"observed-data--937c7b3f-272a-46ac-ac14-1dadd6a30900",
|
||
|
"domain-name--937c7b3f-272a-46ac-ac14-1dadd6a30900",
|
||
|
"observed-data--b3babd8f-89fa-45d3-82dd-89d87dc38af0",
|
||
|
"url--b3babd8f-89fa-45d3-82dd-89d87dc38af0",
|
||
|
"observed-data--627c70a6-6880-4755-ab62-ac32ab4c920a",
|
||
|
"domain-name--627c70a6-6880-4755-ab62-ac32ab4c920a",
|
||
|
"observed-data--fcb3608f-a76c-4712-a42d-bc57002745ab",
|
||
|
"url--fcb3608f-a76c-4712-a42d-bc57002745ab",
|
||
|
"observed-data--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe",
|
||
|
"domain-name--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe",
|
||
|
"observed-data--d19d272a-0fba-4a5a-81ea-438a9b0c22c2",
|
||
|
"url--d19d272a-0fba-4a5a-81ea-438a9b0c22c2",
|
||
|
"observed-data--f7c244c9-61c0-498b-9ecd-5b45a9f828aa",
|
||
|
"windows-registry-key--f7c244c9-61c0-498b-9ecd-5b45a9f828aa",
|
||
|
"observed-data--0c999112-dd3a-4660-9ce4-1da25f63369b",
|
||
|
"windows-registry-key--0c999112-dd3a-4660-9ce4-1da25f63369b",
|
||
|
"observed-data--2c6e44ad-af7f-4860-8515-c07e11f0d73d",
|
||
|
"windows-registry-key--2c6e44ad-af7f-4860-8515-c07e11f0d73d",
|
||
|
"observed-data--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84",
|
||
|
"windows-registry-key--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84",
|
||
|
"observed-data--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"network-traffic--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"ipv4-addr--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"observed-data--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"network-traffic--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"ipv4-addr--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"observed-data--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"network-traffic--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"ipv4-addr--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"observed-data--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"network-traffic--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"ipv4-addr--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"observed-data--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"network-traffic--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"ipv4-addr--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"observed-data--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"network-traffic--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"ipv4-addr--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"observed-data--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"network-traffic--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"ipv4-addr--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"observed-data--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"network-traffic--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"ipv4-addr--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"process--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"process--eea27000-ec7d-48b2-a023-cd76aba10615",
|
||
|
"file--37201be6-55a2-491f-9de9-aa03d421f3b1",
|
||
|
"observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"process--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"process--756b698f-761d-43d2-9667-de6d7e3b716c",
|
||
|
"file--4b91f92d-bb8d-4bf2-b2d9-8081de4772cd",
|
||
|
"observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"process--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"process--d053a485-7406-40a4-be82-5939a32a96cb",
|
||
|
"file--420aa5ed-fd32-4f36-8b62-045b47035d6e",
|
||
|
"observed-data--9d0fadd9-70bb-4d31-a86b-b6995879f855",
|
||
|
"process--9d0fadd9-70bb-4d31-a86b-b6995879f855",
|
||
|
"process--e0c748b6-113a-4b37-83c4-1334e146eacc",
|
||
|
"file--a7dce264-f9b7-4d2d-804d-ad23561ac300",
|
||
|
"observed-data--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"process--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"process--5ac52658-6c39-4f61-a4fc-cf1ae023a0a5",
|
||
|
"file--5bc3957e-af3d-4a00-8644-734dd61418a1",
|
||
|
"observed-data--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"process--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"process--71b22502-3042-45f7-9bec-37ccc2015480",
|
||
|
"file--3f91250f-7fba-44e3-8102-3226033871cb",
|
||
|
"observed-data--8c814729-25fa-4f3d-9e74-f587c2676eb1",
|
||
|
"process--8c814729-25fa-4f3d-9e74-f587c2676eb1",
|
||
|
"process--a42909eb-6283-4c04-95ae-914a404df550",
|
||
|
"file--dc1d0063-99be-4cec-910c-aaa115c3adfe",
|
||
|
"observed-data--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5",
|
||
|
"windows-registry-key--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5",
|
||
|
"x-misp-object--ce8013e9-4d6d-48d5-82e5-190328228b00",
|
||
|
"relationship--c7d86733-3151-4867-a764-5522d492a29b",
|
||
|
"relationship--de362832-6b2a-40bc-b804-cdf09541eb2d",
|
||
|
"relationship--4ce9c944-09c1-4be7-b622-91b74aacbfe3",
|
||
|
"relationship--d413b672-5430-4a81-b5ed-9034273c621a",
|
||
|
"relationship--6bec5649-8990-45c0-964e-9dd43ad7f777",
|
||
|
"relationship--644cdda7-cfc5-47d1-9d0a-356fc6e1aae6",
|
||
|
"relationship--f7429a8d-3dce-4ac3-b9f5-6704c876cdbf",
|
||
|
"relationship--d9041b4b-2399-4157-9ceb-2456427209be",
|
||
|
"relationship--78b9e713-8d90-4630-ad1f-9f74462967ac",
|
||
|
"relationship--04178b7b-ee7a-4c79-a037-4c8c47da233b",
|
||
|
"relationship--29b2505a-add3-4e40-964e-30399fea946b",
|
||
|
"relationship--c7780a8b-f02b-4fca-ad7e-4255d4c8a2e2",
|
||
|
"relationship--e5c1f7bd-0d9e-4a70-b2fb-8c8353b07898",
|
||
|
"relationship--a3bc682d-c8eb-44e0-b4af-e41950ce448a",
|
||
|
"relationship--710af094-99d8-4436-97e6-c06caebc4b27",
|
||
|
"relationship--b2a6c279-f405-466e-bf15-220d906afd9f",
|
||
|
"relationship--e442b30c-5483-4a7c-ac1e-0c5752ff35c9",
|
||
|
"relationship--b83c444f-b21f-4a02-a0bc-cf86cfdc3175",
|
||
|
"relationship--d92b1655-95ad-47e9-8e0d-ad4e7807cb05",
|
||
|
"relationship--5da46971-af2c-484d-8c58-2f94ca1c4a2d",
|
||
|
"relationship--f944c3cb-e4ed-4165-a6d5-038e777e2ada",
|
||
|
"relationship--002309ad-3fba-4d24-99e6-46cc0baed20b",
|
||
|
"relationship--26a13409-df21-456b-9c79-e857e37072a6",
|
||
|
"relationship--6bb0de60-d69e-4769-9edf-a636aa1cccd0",
|
||
|
"relationship--f8d679f7-f42b-41ed-a19a-20d54f85c528",
|
||
|
"relationship--1e90cf7f-6993-45ad-8447-c51a49ef9a3f",
|
||
|
"relationship--d588f706-30a6-409c-b4af-8038aa597a98",
|
||
|
"relationship--2b498ca7-a6e8-4a43-9ac9-567a90a3b9b1",
|
||
|
"relationship--1c6fa1c4-ffe1-44e5-9049-2df020844f36"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_tcp_out_connection\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_install_startup_script_by_registry\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_request_dns_by_name\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_check_external_ip\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_change_folder_appearance\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_av_malicious_match\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_use_encryption_api\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_enumerate_processes\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_establish_http_connection\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_delay_execution_by_sleep\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_dynamic_api_usage_by_api\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_modify_windows_backup_settings\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_drop_pe_file\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_create_named_mutex\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_install_scheduled_task_by_schtasks\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_create_process_with_hidden_window\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_known_suspicious_file\"",
|
||
|
"misp-galaxy:misp-attack-pattern=\"vmray_delay_by_scheduled_task_delayed\"",
|
||
|
"misp-galaxy:ransomware=\"RegretLocker\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--0d6149fa-7d99-43b7-9945-449c34054e55",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--0d6149fa-7d99-43b7-9945-449c34054e55"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--0d6149fa-7d99-43b7-9945-449c34054e55",
|
||
|
"value": "api.ipify.org"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1196afab-f33f-4bfa-87b7-dacb0f19f1de",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--1196afab-f33f-4bfa-87b7-dacb0f19f1de"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--1196afab-f33f-4bfa-87b7-dacb0f19f1de",
|
||
|
"value": "nagano-19599.herokussl.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--b47f9402-8287-47c5-93ec-7cbba8b5081c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--b47f9402-8287-47c5-93ec-7cbba8b5081c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--b47f9402-8287-47c5-93ec-7cbba8b5081c",
|
||
|
"value": "elb097307-934924932.us-east-1.elb.amazonaws.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--66a9b551-e555-43f2-9716-55ec617d4bb3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"mutex--66a9b551-e555-43f2-9716-55ec617d4bb3"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "mutex",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "mutex--66a9b551-e555-43f2-9716-55ec617d4bb3",
|
||
|
"name": "svchost"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--c0a3e8aa-1a13-45cc-bcbd-045aa63240db",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--c0a3e8aa-1a13-45cc-bcbd-045aa63240db"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--c0a3e8aa-1a13-45cc-bcbd-045aa63240db",
|
||
|
"value": "elb097307-934924932.us-east-1.elb.amazonaws.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--eb5ed5b8-1635-4ec6-abae-4c80efd17880",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--eb5ed5b8-1635-4ec6-abae-4c80efd17880"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--eb5ed5b8-1635-4ec6-abae-4c80efd17880",
|
||
|
"value": "45.66.33.45"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e3d57113-2296-4e3f-b871-0ac228405ede",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--e3d57113-2296-4e3f-b871-0ac228405ede"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--e3d57113-2296-4e3f-b871-0ac228405ede",
|
||
|
"value": "45.66.33.45"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d",
|
||
|
"value": "110.4.47.139"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--9c61d329-ad4b-4ce8-8813-2086a0434292",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--9c61d329-ad4b-4ce8-8813-2086a0434292"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--9c61d329-ad4b-4ce8-8813-2086a0434292",
|
||
|
"value": "110.4.47.139"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1726a7d8-2589-4985-ab3d-b8d0933a9854",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--1726a7d8-2589-4985-ab3d-b8d0933a9854"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--1726a7d8-2589-4985-ab3d-b8d0933a9854",
|
||
|
"value": "203.218.5.141"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54e046eb-3dbc-4001-8e52-bb78aa43096d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--54e046eb-3dbc-4001-8e52-bb78aa43096d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--54e046eb-3dbc-4001-8e52-bb78aa43096d",
|
||
|
"value": "203.218.5.141"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--b60efdd4-d26b-449a-a04a-454986ea4360",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--b60efdd4-d26b-449a-a04a-454986ea4360"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--b60efdd4-d26b-449a-a04a-454986ea4360",
|
||
|
"value": "45.11.18.120"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--015c0c28-8256-45bc-9588-e20cd7d75181",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--015c0c28-8256-45bc-9588-e20cd7d75181"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--015c0c28-8256-45bc-9588-e20cd7d75181",
|
||
|
"value": "45.11.18.120"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--25c853cf-edbc-4141-b4c5-9a34fb100368",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--25c853cf-edbc-4141-b4c5-9a34fb100368"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--25c853cf-edbc-4141-b4c5-9a34fb100368",
|
||
|
"value": "185.220.102.242"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c92eff-4581-4f5c-95c1-c37b0165ee20",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59c92eff-4581-4f5c-95c1-c37b0165ee20"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59c92eff-4581-4f5c-95c1-c37b0165ee20",
|
||
|
"value": "185.220.102.242"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--31f77d87-72eb-47eb-a1cf-169fe11b227e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--31f77d87-72eb-47eb-a1cf-169fe11b227e"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--31f77d87-72eb-47eb-a1cf-169fe11b227e",
|
||
|
"value": "205.185.127.217"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--dd085402-6038-4b45-8bb9-ffe3d850ca4f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--dd085402-6038-4b45-8bb9-ffe3d850ca4f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--dd085402-6038-4b45-8bb9-ffe3d850ca4f",
|
||
|
"value": "205.185.127.217"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84",
|
||
|
"value": "23.129.64.211"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--fc26844c-a53e-4324-899a-f38a118f0430",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--fc26844c-a53e-4324-899a-f38a118f0430"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--fc26844c-a53e-4324-899a-f38a118f0430",
|
||
|
"value": "23.129.64.211"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--937c7b3f-272a-46ac-ac14-1dadd6a30900",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--937c7b3f-272a-46ac-ac14-1dadd6a30900"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--937c7b3f-272a-46ac-ac14-1dadd6a30900",
|
||
|
"value": "51.158.146.152"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--b3babd8f-89fa-45d3-82dd-89d87dc38af0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--b3babd8f-89fa-45d3-82dd-89d87dc38af0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--b3babd8f-89fa-45d3-82dd-89d87dc38af0",
|
||
|
"value": "51.158.146.152"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--627c70a6-6880-4755-ab62-ac32ab4c920a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--627c70a6-6880-4755-ab62-ac32ab4c920a"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--627c70a6-6880-4755-ab62-ac32ab4c920a",
|
||
|
"value": "45.154.35.222"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--fcb3608f-a76c-4712-a42d-bc57002745ab",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--fcb3608f-a76c-4712-a42d-bc57002745ab"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--fcb3608f-a76c-4712-a42d-bc57002745ab",
|
||
|
"value": "45.154.35.222"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"domain-name--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "domain-name",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "domain-name--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe",
|
||
|
"value": "45.79.157.103"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d19d272a-0fba-4a5a-81ea-438a9b0c22c2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--d19d272a-0fba-4a5a-81ea-438a9b0c22c2"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--d19d272a-0fba-4a5a-81ea-438a9b0c22c2",
|
||
|
"value": "45.79.157.103"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--f7c244c9-61c0-498b-9ecd-5b45a9f828aa",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--f7c244c9-61c0-498b-9ecd-5b45a9f828aa"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--f7c244c9-61c0-498b-9ecd-5b45a9f828aa",
|
||
|
"key": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--0c999112-dd3a-4660-9ce4-1da25f63369b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--0c999112-dd3a-4660-9ce4-1da25f63369b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--0c999112-dd3a-4660-9ce4-1da25f63369b",
|
||
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--2c6e44ad-af7f-4860-8515-c07e11f0d73d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--2c6e44ad-af7f-4860-8515-c07e11f0d73d"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--2c6e44ad-af7f-4860-8515-c07e11f0d73d",
|
||
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84",
|
||
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"ipv4-addr--495ba099-2877-417c-a395-0b775e682254"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"dst_ref": "ipv4-addr--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--495ba099-2877-417c-a395-0b775e682254",
|
||
|
"value": "50.19.252.36"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"ipv4-addr--3a0b0357-d641-4bf2-ad0e-9d67e935058c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"dst_ref": "ipv4-addr--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--3a0b0357-d641-4bf2-ad0e-9d67e935058c",
|
||
|
"value": "54.204.14.42"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"ipv4-addr--c1ca2e16-9132-456b-813b-c9bddcc1ef96"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"dst_ref": "ipv4-addr--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--c1ca2e16-9132-456b-813b-c9bddcc1ef96",
|
||
|
"value": "54.227.255.202"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"ipv4-addr--3d03ea7b-4b1a-4774-830b-bfeefcb2e767"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"dst_ref": "ipv4-addr--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--3d03ea7b-4b1a-4774-830b-bfeefcb2e767",
|
||
|
"value": "54.235.98.120"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"ipv4-addr--ddd9f951-eda5-421e-8408-1d8a21b790c5"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"dst_ref": "ipv4-addr--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--ddd9f951-eda5-421e-8408-1d8a21b790c5",
|
||
|
"value": "54.235.169.38"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"ipv4-addr--1ef6377b-4930-40fb-bbcd-082415d6548c"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"dst_ref": "ipv4-addr--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--1ef6377b-4930-40fb-bbcd-082415d6548c",
|
||
|
"value": "23.21.252.4"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"ipv4-addr--04612a82-d194-4360-8cf8-6a21b880534e"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"dst_ref": "ipv4-addr--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--04612a82-d194-4360-8cf8-6a21b880534e",
|
||
|
"value": "54.225.66.103"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"ipv4-addr--d2eb2254-d24d-4b17-a10d-9d92cfd44980"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"dst_ref": "ipv4-addr--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--d2eb2254-d24d-4b17-a10d-9d92cfd44980",
|
||
|
"value": "54.225.169.28"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"process--eea27000-ec7d-48b2-a023-cd76aba10615",
|
||
|
"file--37201be6-55a2-491f-9de9-aa03d421f3b1"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"pid": 4464,
|
||
|
"command_line": "\"%USERPROFILE%\\Desktop\\locker.exe\"",
|
||
|
"image_ref": "file--37201be6-55a2-491f-9de9-aa03d421f3b1",
|
||
|
"parent_ref": "process--eea27000-ec7d-48b2-a023-cd76aba10615",
|
||
|
"x_misp_name": "locker.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--eea27000-ec7d-48b2-a023-cd76aba10615",
|
||
|
"pid": 1376
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--37201be6-55a2-491f-9de9-aa03d421f3b1",
|
||
|
"name": "locker.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"process--756b698f-761d-43d2-9667-de6d7e3b716c",
|
||
|
"file--4b91f92d-bb8d-4bf2-b2d9-8081de4772cd"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"pid": 1340,
|
||
|
"command_line": "\"%WINDIR%\\System32\\cmd.exe\" /C schtasks /Create /SC MINUTE /TN \"Mouse Application\" /TR \"%USERPROFILE%\\Desktop\\locker.exe\" /f",
|
||
|
"image_ref": "file--4b91f92d-bb8d-4bf2-b2d9-8081de4772cd",
|
||
|
"parent_ref": "process--756b698f-761d-43d2-9667-de6d7e3b716c",
|
||
|
"x_misp_name": "cmd.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--756b698f-761d-43d2-9667-de6d7e3b716c",
|
||
|
"pid": 4464
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--4b91f92d-bb8d-4bf2-b2d9-8081de4772cd",
|
||
|
"name": "cmd.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"process--d053a485-7406-40a4-be82-5939a32a96cb",
|
||
|
"file--420aa5ed-fd32-4f36-8b62-045b47035d6e"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"pid": 3956,
|
||
|
"command_line": "\"%WINDIR%\\System32\\cmd.exe\" /C wmic SHADOWCOPY DELETE & wbadmin DELETE SYSTEMSTATEBACKUP & bcdedit.exe / set{ default } bootstatuspolicy ignoreallfailures & bcdedit.exe / set{ default } recoveryenabled No",
|
||
|
"image_ref": "file--420aa5ed-fd32-4f36-8b62-045b47035d6e",
|
||
|
"parent_ref": "process--d053a485-7406-40a4-be82-5939a32a96cb",
|
||
|
"x_misp_name": "cmd.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--d053a485-7406-40a4-be82-5939a32a96cb",
|
||
|
"pid": 4464
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--420aa5ed-fd32-4f36-8b62-045b47035d6e",
|
||
|
"name": "cmd.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--9d0fadd9-70bb-4d31-a86b-b6995879f855",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--9d0fadd9-70bb-4d31-a86b-b6995879f855",
|
||
|
"process--e0c748b6-113a-4b37-83c4-1334e146eacc",
|
||
|
"file--a7dce264-f9b7-4d2d-804d-ad23561ac300"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--9d0fadd9-70bb-4d31-a86b-b6995879f855",
|
||
|
"pid": 1664,
|
||
|
"command_line": "schtasks /Create /SC MINUTE /TN \"Mouse Application\" /TR \"%USERPROFILE%\\Desktop\\locker.exe\" /f",
|
||
|
"image_ref": "file--a7dce264-f9b7-4d2d-804d-ad23561ac300",
|
||
|
"parent_ref": "process--e0c748b6-113a-4b37-83c4-1334e146eacc",
|
||
|
"x_misp_name": "schtasks.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--e0c748b6-113a-4b37-83c4-1334e146eacc",
|
||
|
"pid": 1340
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--a7dce264-f9b7-4d2d-804d-ad23561ac300",
|
||
|
"name": "schtasks.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"process--5ac52658-6c39-4f61-a4fc-cf1ae023a0a5",
|
||
|
"file--5bc3957e-af3d-4a00-8644-734dd61418a1"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"pid": 1380,
|
||
|
"command_line": "wmic SHADOWCOPY DELETE",
|
||
|
"image_ref": "file--5bc3957e-af3d-4a00-8644-734dd61418a1",
|
||
|
"parent_ref": "process--5ac52658-6c39-4f61-a4fc-cf1ae023a0a5",
|
||
|
"x_misp_name": "wmic.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--5ac52658-6c39-4f61-a4fc-cf1ae023a0a5",
|
||
|
"pid": 3956
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5bc3957e-af3d-4a00-8644-734dd61418a1",
|
||
|
"name": "wmic.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"process--71b22502-3042-45f7-9bec-37ccc2015480",
|
||
|
"file--3f91250f-7fba-44e3-8102-3226033871cb"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"pid": 940,
|
||
|
"command_line": "%WINDIR%\\system32\\svchost.exe -k netsvcs",
|
||
|
"image_ref": "file--3f91250f-7fba-44e3-8102-3226033871cb",
|
||
|
"parent_ref": "process--71b22502-3042-45f7-9bec-37ccc2015480",
|
||
|
"x_misp_name": "svchost.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--71b22502-3042-45f7-9bec-37ccc2015480",
|
||
|
"pid": 572
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--3f91250f-7fba-44e3-8102-3226033871cb",
|
||
|
"name": "svchost.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--8c814729-25fa-4f3d-9e74-f587c2676eb1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"process--8c814729-25fa-4f3d-9e74-f587c2676eb1",
|
||
|
"process--a42909eb-6283-4c04-95ae-914a404df550",
|
||
|
"file--dc1d0063-99be-4cec-910c-aaa115c3adfe"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"process\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--8c814729-25fa-4f3d-9e74-f587c2676eb1",
|
||
|
"pid": 4472,
|
||
|
"command_line": "%USERPROFILE%\\Desktop\\locker.exe",
|
||
|
"image_ref": "file--dc1d0063-99be-4cec-910c-aaa115c3adfe",
|
||
|
"parent_ref": "process--a42909eb-6283-4c04-95ae-914a404df550",
|
||
|
"x_misp_name": "locker.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "process",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "process--a42909eb-6283-4c04-95ae-914a404df550",
|
||
|
"pid": 940
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--dc1d0063-99be-4cec-910c-aaa115c3adfe",
|
||
|
"name": "locker.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:49.000Z",
|
||
|
"modified": "2020-12-30T13:53:49.000Z",
|
||
|
"first_observed": "2020-12-30T13:53:49Z",
|
||
|
"last_observed": "2020-12-30T13:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"registry-key\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5",
|
||
|
"key": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
|
||
|
"values": [
|
||
|
{
|
||
|
"name": "Mouse Application",
|
||
|
"data": "%USERPROFILE%\\Desktop\\locker.exe",
|
||
|
"data_type": "REG_SZ"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ce8013e9-4d6d-48d5-82e5-190328228b00",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2020-12-30T13:53:51.000Z",
|
||
|
"modified": "2020-12-30T13:53:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"original-imported-file\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "attachment",
|
||
|
"object_relation": "imported-sample",
|
||
|
"value": "stix-report.xml",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "89759f96-feef-40b1-83f8-ed70f964aa62",
|
||
|
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOkFkZHJlc3NPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIiIHhtbG5zOkN1c3RvbU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0N1c3RvbU9iamVjdC0xIiB4bWxuczpGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIiB4bWxuczpXaW5SZWdpc3RyeUtleU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpblJlZ2lzdHJ5S2V5T2JqZWN0LTIiIHhtbG5zOkROU1JlY29yZE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ROU1JlY29yZE9iamVjdC0yIiB4bWxuczpNdXRleE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpVUklPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6UHJvY2Vzc09iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1Byb2Nlc3NPYmplY3QtMiIgeG1sbnM6c3RpeD0iaHR0cDovL3N0aXgubWl0cmUub3JnL3N0aXgtMSIgeG1sbnM6dHRwPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvVFRQLTEiIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczppbmRpY2F0b3I9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiIgeG1sbnM6Y3lib3g9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiIgeG1sbnM6c3RpeENvbW1vbj0iaHR0cDovL3N0aXgubWl0cmUub3JnL2NvbW1vbi0xIiB4bWxuczpWTVJheUFuYWx5emVyPSJodHRwOi8vdm1yYXkuY29tL2FuYWx5emVyIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvQWRkcmVzcy8yLjEvQWRkcmVzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQ3VzdG9tT2JqZWN0LTEgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9DdXN0b20vMS4xL0N1c3RvbV9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRmlsZS8yLjEvRmlsZV9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luUmVnaXN0cnlLZXlPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1dpbl9SZWdpc3RyeV9LZXkvMi4xL1dpbl9SZWdpc3RyeV9LZXlfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ROU1JlY29yZE9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRE5TX1JlY29yZC8yLjEvRE5TX1JlY29yZF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjTXV0ZXhPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL011dGV4LzIuMS9NdXRleF9PYmplY3QueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzEuMi4wL3N0aXhfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9VUkkvMi4xL1VSSV9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1Byb2Nlc3NPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1Byb2Nlc3MvMi4xL1Byb2Nlc3NfT2JqZWN0LnhzZCAgaHR0cDovL3N0aXgubWl0cmUub3JnL3N0aXgtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMS4yL3N0aXhfY29yZS54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9UVFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL3R0cC8xLjIvdHRwLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMi4xL2N5Ym94X2NvbW1vbi54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luZGljYXRvci8yLjIvaW5kaWNhdG9yLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMS4yL3N0aXhfY29tbW9uLnhzZCIgaWQ9IlZNUmF5QW5hbHl6ZXI6UGFja2FnZS0zNzMyN2RmMy1kYTk1LTQ2NDAtODhjYi0wYTczZTFmMmQxM2IiIHZlcnNpb249Ij
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "format",
|
||
|
"value": "STIX 1.1",
|
||
|
"category": "Other",
|
||
|
"uuid": "1018cdf0-f8e7-4b8f-9d3b-efde6e7b7c78"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "original-imported-file"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c7d86733-3151-4867-a764-5522d492a29b",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--de362832-6b2a-40bc-b804-cdf09541eb2d",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--4ce9c944-09c1-4be7-b622-91b74aacbfe3",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "created",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d413b672-5430-4a81-b5ed-9034273c621a",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "created",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--66a9b551-e555-43f2-9716-55ec617d4bb3"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6bec5649-8990-45c0-964e-9dd43ad7f777",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--b9bafe60-a9cc-43fa-a541-2dfb16d3aed5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--644cdda7-cfc5-47d1-9d0a-356fc6e1aae6",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--c0a3e8aa-1a13-45cc-bcbd-045aa63240db"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f7429a8d-3dce-4ac3-b9f5-6704c876cdbf",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--eb5ed5b8-1635-4ec6-abae-4c80efd17880"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d9041b4b-2399-4157-9ceb-2456427209be",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--939b73b1-0ac1-47a1-9ac6-ea1b312bbd0d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--78b9e713-8d90-4630-ad1f-9f74462967ac",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--1726a7d8-2589-4985-ab3d-b8d0933a9854"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--04178b7b-ee7a-4c79-a037-4c8c47da233b",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--b60efdd4-d26b-449a-a04a-454986ea4360"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--29b2505a-add3-4e40-964e-30399fea946b",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--25c853cf-edbc-4141-b4c5-9a34fb100368"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c7780a8b-f02b-4fca-ad7e-4255d4c8a2e2",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--31f77d87-72eb-47eb-a1cf-169fe11b227e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e5c1f7bd-0d9e-4a70-b2fb-8c8353b07898",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--43e9ee4c-61ce-46be-b5ad-5fb45bcc1c84"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a3bc682d-c8eb-44e0-b4af-e41950ce448a",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--937c7b3f-272a-46ac-ac14-1dadd6a30900"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--710af094-99d8-4436-97e6-c06caebc4b27",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--627c70a6-6880-4755-ab62-ac32ab4c920a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b2a6c279-f405-466e-bf15-220d906afd9f",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "read-from",
|
||
|
"source_ref": "observed-data--e09020d6-d77d-4080-a7a4-210312a7900c",
|
||
|
"target_ref": "observed-data--d9be3c9d-1473-4e1a-a28a-e1deb0a490fe"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e442b30c-5483-4a7c-ac1e-0c5752ff35c9",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"target_ref": "observed-data--9d0fadd9-70bb-4d31-a86b-b6995879f855"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b83c444f-b21f-4a02-a0bc-cf86cfdc3175",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "created",
|
||
|
"source_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"target_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d92b1655-95ad-47e9-8e0d-ad4e7807cb05",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"target_ref": "observed-data--f7c244c9-61c0-498b-9ecd-5b45a9f828aa"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5da46971-af2c-484d-8c58-2f94ca1c4a2d",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"target_ref": "observed-data--0c999112-dd3a-4660-9ce4-1da25f63369b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f944c3cb-e4ed-4165-a6d5-038e777e2ada",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--14eff187-01c0-4492-980e-90baa5cd56a5",
|
||
|
"target_ref": "observed-data--2c6e44ad-af7f-4860-8515-c07e11f0d73d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--002309ad-3fba-4d24-99e6-46cc0baed20b",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"target_ref": "observed-data--ad1f0004-c221-4a19-8edd-d9f836b88ee7"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--26a13409-df21-456b-9c79-e857e37072a6",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "created",
|
||
|
"source_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"target_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6bb0de60-d69e-4769-9edf-a636aa1cccd0",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"target_ref": "observed-data--f7c244c9-61c0-498b-9ecd-5b45a9f828aa"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f8d679f7-f42b-41ed-a19a-20d54f85c528",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"target_ref": "observed-data--0c999112-dd3a-4660-9ce4-1da25f63369b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1e90cf7f-6993-45ad-8447-c51a49ef9a3f",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--e0a0c460-3940-4815-9a71-e4aa3a01a058",
|
||
|
"target_ref": "observed-data--2c6e44ad-af7f-4860-8515-c07e11f0d73d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d588f706-30a6-409c-b4af-8038aa597a98",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"target_ref": "observed-data--aeca75dd-8858-48c1-9773-a4f670e63210"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2b498ca7-a6e8-4a43-9ac9-567a90a3b9b1",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "opened",
|
||
|
"source_ref": "observed-data--ad1f0004-c221-4a19-8edd-d9f836b88ee7",
|
||
|
"target_ref": "observed-data--2a26ccb1-3bc4-4d4c-9267-50f3e7cbad84"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1c6fa1c4-ffe1-44e5-9049-2df020844f36",
|
||
|
"created": "1970-01-01T00:00:00.000Z",
|
||
|
"modified": "1970-01-01T00:00:00.000Z",
|
||
|
"relationship_type": "child-of",
|
||
|
"source_ref": "observed-data--aeca75dd-8858-48c1-9773-a4f670e63210",
|
||
|
"target_ref": "observed-data--8c814729-25fa-4f3d-9e74-f587c2676eb1"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|