2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5a96f935-0b24-47b8-b0a7-4fff02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:53:36.000Z" ,
"modified" : "2018-02-28T18:53:36.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a96f935-0b24-47b8-b0a7-4fff02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:53:36.000Z" ,
"modified" : "2018-02-28T18:53:36.000Z" ,
"name" : "OSINT - Sofacy Attacks Multiple Government Entities" ,
"published" : "2018-02-28T18:54:29Z" ,
"object_refs" : [
"x-misp-attribute--5a96f942-14cc-4704-b7bf-498502de0b81" ,
"observed-data--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81" ,
"url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81" ,
"indicator--5a96f9a4-b05c-4b29-bb64-cc4302de0b81" ,
"indicator--5a96f9a4-f0fc-4ce7-b5ac-cc4302de0b81" ,
"indicator--5a96f9a5-19fc-4235-a3fd-cc4302de0b81" ,
"indicator--5a96f9a5-0f8c-4997-87e4-cc4302de0b81" ,
"indicator--5a96f9f3-548c-494e-82e6-451202de0b81" ,
"indicator--5a96fa18-6d2c-48e6-9d3d-4d5c02de0b81" ,
"indicator--5a96fa2c-f7ac-4d1c-9fe9-cc4302de0b81" ,
"indicator--5a96faac-c9cc-49d9-b08f-a2ac02de0b81" ,
"indicator--3a3a5634-7788-4951-adea-a060896c5315" ,
"x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513" ,
"indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd" ,
"x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1" ,
"indicator--cc27a1e8-563a-4861-9364-893e483254d0" ,
"x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9" ,
"indicator--30244c7f-5815-4434-9169-08ff43a5c2cd" ,
"x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c" ,
2023-12-14 14:30:15 +00:00
"relationship--07f693ac-9c28-4bc8-820a-528cfe573dbe" ,
"relationship--ae8bbd23-8948-4f7d-ae94-b054a6938383" ,
"relationship--cbfbe85b-5f76-4193-b738-7ed649946b10" ,
"relationship--5ea2d05a-0989-423d-a1cd-d0d68925bb00"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"Sofacy\"" ,
"misp-galaxy:mitre-intrusion-set=\"APT28\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a96f942-14cc-4704-b7bf-498502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:07.000Z" ,
"modified" : "2018-02-28T18:50:07.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "The Sofacy group (AKA APT28, Fancy Bear, STRONTIUM, Sednit, Tsar Team, Pawn Storm) is a well-known adversary that remains highly active in the new calendar year of 2018. Unit 42 actively monitors this group due to their persistent nature globally across all industry verticals. Recently, we discovered a campaign launched at various Ministries of Foreign Affairs around the world. Interestingly, there appear to be two parallel efforts within the campaign, with each effort using a completely different toolset for the attacks. In this blog, we will discuss one of the efforts which leveraged tools that have been known to be associated with the Sofacy group."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:08.000Z" ,
"modified" : "2018-02-28T18:50:08.000Z" ,
"first_observed" : "2018-02-28T18:50:08Z" ,
"last_observed" : "2018-02-28T18:50:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a96f94d-5a5c-4c6e-af00-4f5d02de0b81" ,
"value" : "https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96f9a4-b05c-4b29-bb64-cc4302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:49:08.000Z" ,
"modified" : "2018-02-28T18:49:08.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:49:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96f9a4-f0fc-4ce7-b5ac-cc4302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:49:08.000Z" ,
"modified" : "2018-02-28T18:49:08.000Z" ,
"pattern" : "[file:hashes.SHA256 = '12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:49:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96f9a5-19fc-4235-a3fd-cc4302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:49:09.000Z" ,
"modified" : "2018-02-28T18:49:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:49:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96f9a5-0f8c-4997-87e4-cc4302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:49:09.000Z" ,
"modified" : "2018-02-28T18:49:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:49:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96f9f3-548c-494e-82e6-451202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:27.000Z" ,
"modified" : "2018-02-28T18:50:27.000Z" ,
"pattern" : "[domain-name:value = 'cdnverify.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:50:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96fa18-6d2c-48e6-9d3d-4d5c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:51:04.000Z" ,
"modified" : "2018-02-28T18:51:04.000Z" ,
"pattern" : "[email-message:subject = 'Upcoming Defense events February 2018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:51:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-subject\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96fa2c-f7ac-4d1c-9fe9-cc4302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:51:24.000Z" ,
"modified" : "2018-02-28T18:51:24.000Z" ,
"pattern" : "[email-message:body_multipart[*].body_raw_ref.name = 'Upcoming Events February 2018.xls']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:51:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-attachment\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a96faac-c9cc-49d9-b08f-a2ac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:53:32.000Z" ,
"modified" : "2018-02-28T18:53:32.000Z" ,
"pattern" : "[domain-name:value = 'hotfixmsupload.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:53:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3a3a5634-7788-4951-adea-a060896c5315" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:12.000Z" ,
"modified" : "2018-02-28T18:50:12.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aa2cd9d9fc5d196caa6f8fd5979e3f14' AND file:hashes.SHA1 = '5bb9f53636efafdd30023d44be1be55bf7c7b7d5' AND file:hashes.SHA256 = '12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:13.000Z" ,
"modified" : "2018-02-28T18:50:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8/analysis/1518023007/" ,
"category" : "External analysis" ,
"uuid" : "5a96f9e6-1bf0-46f3-957f-4a2802de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/66" ,
"category" : "Other" ,
"uuid" : "5a96f9e7-dd80-4575-bc61-4a5d02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-07T17:03:27" ,
"category" : "Other" ,
"uuid" : "5a96f9e7-ca8c-4adc-91a7-449302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:20.000Z" ,
"modified" : "2018-02-28T18:50:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '56f98e3ed00e48ff9cb89dea5f6e11c1' AND file:hashes.SHA1 = 'b06930c9809ab5e4cb6659089ac6fcec470c9c16' AND file:hashes.SHA256 = 'cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:50:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:20.000Z" ,
"modified" : "2018-02-28T18:50:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cb85072e6ca66a29cb0b73659a0fe5ba2456d9ba0b52e3a4c89e86549bc6e2c7/analysis/1518446184/" ,
"category" : "External analysis" ,
"uuid" : "5a96f9ec-049c-4d4a-9963-47e302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/59" ,
"category" : "Other" ,
"uuid" : "5a96f9ed-fb0c-48bb-9e60-4b3002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-12T14:36:24" ,
"category" : "Other" ,
"uuid" : "5a96f9ed-1a50-4b58-9bb5-417302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cc27a1e8-563a-4861-9364-893e483254d0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:25.000Z" ,
"modified" : "2018-02-28T18:50:25.000Z" ,
"pattern" : "[file:hashes.MD5 = '7c43b406119ade8f1f2a2a5a93c94248' AND file:hashes.SHA1 = 'd7ddb9a511a50edd6b1093a9477a6c7830fc84c3' AND file:hashes.SHA256 = '23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:50:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:24.000Z" ,
"modified" : "2018-02-28T18:50:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701/analysis/1518309936/" ,
"category" : "External analysis" ,
"uuid" : "5a96f9f0-367c-420d-97d5-4cd002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/66" ,
"category" : "Other" ,
"uuid" : "5a96f9f1-a2c4-4143-b8b4-441302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-11T00:45:36" ,
"category" : "Other" ,
"uuid" : "5a96f9f1-f488-4847-94ae-400802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--30244c7f-5815-4434-9169-08ff43a5c2cd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:29.000Z" ,
"modified" : "2018-02-28T18:50:29.000Z" ,
"pattern" : "[file:hashes.MD5 = '36524c90ca1fac2102e7653dfadb31b2' AND file:hashes.SHA1 = '8d6db316ea4e348021cb59cf3c6ec65c390f0497' AND file:hashes.SHA256 = 'ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-28T18:50:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-28T18:50:30.000Z" ,
"modified" : "2018-02-28T18:50:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ff808d0a12676bfac88fd26f955154f8884f2bb7c534b9936510fd6296c543e8/analysis/1518448247/" ,
"category" : "External analysis" ,
"uuid" : "5a96f9f6-c63c-41e5-9384-4f5c02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/67" ,
"category" : "Other" ,
"uuid" : "5a96f9f7-1b34-4913-ad01-401f02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-12T15:10:47" ,
"category" : "Other" ,
"uuid" : "5a96f9f7-f5e8-4296-943b-4c3602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--07f693ac-9c28-4bc8-820a-528cfe573dbe" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-28T18:50:32.000Z" ,
"modified" : "2018-02-28T18:50:32.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3a3a5634-7788-4951-adea-a060896c5315" ,
"target_ref" : "x-misp-object--988368d2-22c9-4bde-a9f8-ad5500255513"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ae8bbd23-8948-4f7d-ae94-b054a6938383" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-28T18:50:32.000Z" ,
"modified" : "2018-02-28T18:50:32.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f1420c02-11ef-4439-90cf-d43f40ae89dd" ,
"target_ref" : "x-misp-object--e5d785de-6c7f-4956-a86d-5a7402d45de1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--cbfbe85b-5f76-4193-b738-7ed649946b10" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-28T18:50:32.000Z" ,
"modified" : "2018-02-28T18:50:32.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cc27a1e8-563a-4861-9364-893e483254d0" ,
"target_ref" : "x-misp-object--6bcda4f7-7a38-490b-b7f6-adc285652eb9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--5ea2d05a-0989-423d-a1cd-d0d68925bb00" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-28T18:50:32.000Z" ,
"modified" : "2018-02-28T18:50:32.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--30244c7f-5815-4434-9169-08ff43a5c2cd" ,
"target_ref" : "x-misp-object--a0a39fa0-fab2-4a6c-9b5b-8eb73b363b3c"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}