2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59ac43b3-d8a8-4fcf-9543-4a8f02de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:52:03.000Z",
|
|
|
|
"modified": "2017-12-18T10:52:03.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--59ac43b3-d8a8-4fcf-9543-4a8f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:52:03.000Z",
|
|
|
|
"modified": "2017-12-18T10:52:03.000Z",
|
|
|
|
"name": "OSINT - Javascript malware hosted on US government site which launches powershell to connect to C2.",
|
|
|
|
"published": "2017-12-18T10:53:26Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--59ac43e1-dff8-46a7-9514-4f4702de0b81",
|
|
|
|
"url--59ac43e1-dff8-46a7-9514-4f4702de0b81",
|
|
|
|
"indicator--59ac43f8-6c28-48c0-99e0-453402de0b81",
|
|
|
|
"indicator--59ac4419-3df8-4eda-9312-421002de0b81",
|
|
|
|
"indicator--59ac4419-4af4-416c-aa4f-4cb302de0b81",
|
|
|
|
"observed-data--59ac4419-ddd0-47d5-a136-4ac002de0b81",
|
|
|
|
"url--59ac4419-ddd0-47d5-a136-4ac002de0b81",
|
|
|
|
"indicator--59ac444f-e13c-4f0d-9ff7-aa5c02de0b81",
|
|
|
|
"observed-data--59ac4475-de90-483c-81a6-492502de0b81",
|
|
|
|
"url--59ac4475-de90-483c-81a6-492502de0b81",
|
|
|
|
"indicator--5a3781ac-e49c-4f47-a5c0-47a9950d210f",
|
|
|
|
"observed-data--5a37820a-a000-466c-bff1-44e1950d210f",
|
|
|
|
"url--5a37820a-a000-466c-bff1-44e1950d210f",
|
|
|
|
"indicator--7bbbd45c-82a1-44f6-ab72-7fdf191b8148",
|
|
|
|
"x-misp-object--8328c6e4-df62-4f8a-b9c4-309693e5d9f9",
|
|
|
|
"indicator--5e701ff1-51b4-4e2b-aacd-421636d9c852",
|
|
|
|
"x-misp-object--801bce9a-1810-4811-a6e0-b8338414db9d",
|
2023-12-14 14:30:15 +00:00
|
|
|
"relationship--b9f11750-8f93-42fd-9253-d1699869db3a",
|
|
|
|
"relationship--050360c5-fba4-40d1-b8fe-accd7b970324"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"osint:source-type=\"blog-post\"",
|
|
|
|
"osint:source-type=\"pastie-website\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59ac43e1-dff8-46a7-9514-4f4702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"first_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"last_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59ac43e1-dff8-46a7-9514-4f4702de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"pastie-website\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59ac43e1-dff8-46a7-9514-4f4702de0b81",
|
|
|
|
"value": "https://pastebin.com/0eAPV7Lc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59ac43f8-6c28-48c0-99e0-453402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T10:51:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59ac4419-3df8-4eda-9312-421002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '898e4131496d0ae8eb3fd2a742a30830be3989f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T10:51:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59ac4419-4af4-416c-aa4f-4cb302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-03T18:04:09.000Z",
|
|
|
|
"modified": "2017-09-03T18:04:09.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c714ca63fc9fccce002941c171c07e4d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-03T18:04:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59ac4419-ddd0-47d5-a136-4ac002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"first_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"last_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59ac4419-ddd0-47d5-a136-4ac002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59ac4419-ddd0-47d5-a136-4ac002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd/analysis/1504118595/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59ac444f-e13c-4f0d-9ff7-aa5c02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"description": "Javascript malware hosted on US government site which launches powershell to connect to C2.",
|
|
|
|
"pattern": "[url:value = 'http://dms.nwcg.gov/pipermail/ross-suggestion/attachments/20170304/9ee8a89e/attachment.zip']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T10:51:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59ac4475-de90-483c-81a6-492502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"first_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"last_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59ac4475-de90-483c-81a6-492502de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"admiralty-scale:source-reliability=\"f\"",
|
|
|
|
"osint:source-type=\"blog-post\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59ac4475-de90-483c-81a6-492502de0b81",
|
|
|
|
"value": "https://blog.newskysecurity.com/us-government-site-unwittingly-hosting-malware-f1f4f11b6a1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a3781ac-e49c-4f47-a5c0-47a9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T08:54:51.000Z",
|
|
|
|
"modified": "2017-12-18T08:54:51.000Z",
|
|
|
|
"description": "Cerber Ransomware",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T08:54:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"workflow:todo=\"expansion\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a37820a-a000-466c-bff1-44e1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"first_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"last_observed": "2017-12-18T10:51:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5a37820a-a000-466c-bff1-44e1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\"",
|
|
|
|
"osint:source-type=\"pastie-website\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5a37820a-a000-466c-bff1-44e1950d210f",
|
|
|
|
"value": "https://pastebin.com/HAiqH0Wq"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7bbbd45c-82a1-44f6-ab72-7fdf191b8148",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:58.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:58.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c714ca63fc9fccce002941c171c07e4d' AND file:hashes.SHA1 = '898e4131496d0ae8eb3fd2a742a30830be3989f6' AND file:hashes.SHA256 = '1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T10:51:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8328c6e4-df62-4f8a-b9c4-309693e5d9f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd/analysis/1504922776/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
|
|
|
|
"uuid": "5a379dcb-1d74-48e4-8937-48b002de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/60",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
|
|
|
|
"uuid": "5a379dcb-5f38-4007-a029-423d02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-09-09T02:06:16",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "- Xchecked via VT: 1e6851e6e0ff2e0e430e882c8326334471ab2e35ebbac4104bd2aa27128ea6bd",
|
|
|
|
"uuid": "5a379dcb-d190-49b0-adbe-42a502de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5e701ff1-51b4-4e2b-aacd-421636d9c852",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:58.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:58.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '61bcd1f3233b857be0aee9ceba6779f3' AND file:hashes.SHA1 = 'f996046fea268074d2edd430e628f23942d7b5b6' AND file:hashes.SHA256 = '1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-12-18T10:51:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--801bce9a-1810-4811-a6e0-b8338414db9d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/1f15415da53df8a8e0197aa7e17e594d24ea6d7fbe80fe3bb4a5cd41bc8f09f6/analysis/1504623436/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Cerber Ransomware",
|
|
|
|
"uuid": "5a379dcb-2534-458c-b5be-40a602de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "51/64",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Cerber Ransomware",
|
|
|
|
"uuid": "5a379dcb-1b28-4489-b32e-4db702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-09-05T14:57:16",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Cerber Ransomware",
|
|
|
|
"uuid": "5a379dcb-ab70-4d4e-8fba-4c1c02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--b9f11750-8f93-42fd-9253-d1699869db3a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2017-12-18T10:51:55.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:55.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--7bbbd45c-82a1-44f6-ab72-7fdf191b8148",
|
|
|
|
"target_ref": "x-misp-object--8328c6e4-df62-4f8a-b9c4-309693e5d9f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 14:30:15 +00:00
|
|
|
"id": "relationship--050360c5-fba4-40d1-b8fe-accd7b970324",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2017-12-18T10:51:56.000Z",
|
|
|
|
"modified": "2017-12-18T10:51:56.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--5e701ff1-51b4-4e2b-aacd-421636d9c852",
|
|
|
|
"target_ref": "x-misp-object--801bce9a-1810-4811-a6e0-b8338414db9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|