5995 lines
828 KiB
JSON
5995 lines
828 KiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--5c687e12-522c-41f4-a498-486d02de0b81",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:21:59.000Z",
|
||
|
|
"modified": "2019-02-16T21:21:59.000Z",
|
||
|
|
"name": "CIRCL",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "report",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "report--5c687e12-522c-41f4-a498-486d02de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:21:59.000Z",
|
||
|
|
"modified": "2019-02-16T21:21:59.000Z",
|
||
|
|
"name": "VMRay Analyzer Report for Sample #252574 (related amf-fr.org)",
|
||
|
|
"published": "2019-02-16T21:26:49Z",
|
||
|
|
"object_refs": [
|
||
|
|
"x-misp-attribute--980017ac-8689-4856-8609-a7e93799f9a1",
|
||
|
|
"x-misp-attribute--7835ddd1-3eca-42d1-adbe-867661488e64",
|
||
|
|
"x-misp-attribute--e3a7649e-190f-4bfa-8b1a-b316f0b85a63",
|
||
|
|
"x-misp-attribute--5b3ba8d7-70c0-4252-823c-c67d07279b44",
|
||
|
|
"x-misp-attribute--15272f14-eff1-4d57-9bfe-eb50c88dddd3",
|
||
|
|
"x-misp-attribute--3c2bc824-66a1-47d9-a5da-cc6bf00f3487",
|
||
|
|
"x-misp-attribute--98278a38-fc12-4326-9dbf-cd4fefd3bab8",
|
||
|
|
"x-misp-attribute--fda97354-4f7b-4ee0-9231-35f0b1a95e45",
|
||
|
|
"x-misp-attribute--aa5c6047-8e3e-4b93-9030-50c3b0f76a89",
|
||
|
|
"x-misp-attribute--d5eb49cb-82cf-425a-aaa5-867e334de8bd",
|
||
|
|
"observed-data--c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
|
||
|
|
"windows-registry-key--c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
|
||
|
|
"observed-data--fb07c709-9a1f-4e37-b483-75407bbb9230",
|
||
|
|
"windows-registry-key--fb07c709-9a1f-4e37-b483-75407bbb9230",
|
||
|
|
"observed-data--2968c724-74e2-4077-ad10-ed897489aadf",
|
||
|
|
"windows-registry-key--2968c724-74e2-4077-ad10-ed897489aadf",
|
||
|
|
"observed-data--12dea9cb-410b-4691-8b7b-083f9d47c75a",
|
||
|
|
"windows-registry-key--12dea9cb-410b-4691-8b7b-083f9d47c75a",
|
||
|
|
"observed-data--07e706e6-0d49-4662-8b1b-5599df36dbaf",
|
||
|
|
"windows-registry-key--07e706e6-0d49-4662-8b1b-5599df36dbaf",
|
||
|
|
"observed-data--9fcf4e94-d16b-4540-b69e-75fe834c4a88",
|
||
|
|
"windows-registry-key--9fcf4e94-d16b-4540-b69e-75fe834c4a88",
|
||
|
|
"observed-data--5d7889d3-396b-4ab6-a221-dee0d544bc1c",
|
||
|
|
"windows-registry-key--5d7889d3-396b-4ab6-a221-dee0d544bc1c",
|
||
|
|
"observed-data--88b4dff4-51b1-425d-a897-55fabb69f64b",
|
||
|
|
"windows-registry-key--88b4dff4-51b1-425d-a897-55fabb69f64b",
|
||
|
|
"observed-data--47554dfd-1690-4f7d-944d-fa95e510cfbc",
|
||
|
|
"windows-registry-key--47554dfd-1690-4f7d-944d-fa95e510cfbc",
|
||
|
|
"observed-data--8839c1e5-c3ae-4361-9d77-36ef93dee014",
|
||
|
|
"windows-registry-key--8839c1e5-c3ae-4361-9d77-36ef93dee014",
|
||
|
|
"observed-data--dfc2f46a-8042-49c8-8960-58f12dd86c0b",
|
||
|
|
"windows-registry-key--dfc2f46a-8042-49c8-8960-58f12dd86c0b",
|
||
|
|
"observed-data--ae28d749-b2ed-4147-91b3-78e2b65d02d8",
|
||
|
|
"windows-registry-key--ae28d749-b2ed-4147-91b3-78e2b65d02d8",
|
||
|
|
"observed-data--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
|
||
|
|
"windows-registry-key--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
|
||
|
|
"observed-data--795c1bae-831b-4b11-b279-32138c042af0",
|
||
|
|
"windows-registry-key--795c1bae-831b-4b11-b279-32138c042af0",
|
||
|
|
"observed-data--42636628-4a98-4515-84c4-efb048624d16",
|
||
|
|
"windows-registry-key--42636628-4a98-4515-84c4-efb048624d16",
|
||
|
|
"observed-data--e325f097-a49e-4bd4-8362-4281735c0279",
|
||
|
|
"windows-registry-key--e325f097-a49e-4bd4-8362-4281735c0279",
|
||
|
|
"observed-data--e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
|
||
|
|
"windows-registry-key--e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
|
||
|
|
"observed-data--443e35c7-bed9-4736-acb7-8e27ca55d0d7",
|
||
|
|
"windows-registry-key--443e35c7-bed9-4736-acb7-8e27ca55d0d7",
|
||
|
|
"observed-data--855e5151-6ffb-47c0-8324-e69fe2310bf1",
|
||
|
|
"windows-registry-key--855e5151-6ffb-47c0-8324-e69fe2310bf1",
|
||
|
|
"observed-data--08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
|
||
|
|
"windows-registry-key--08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
|
||
|
|
"observed-data--97f32545-5fb2-430b-b895-83b91b1a3b42",
|
||
|
|
"windows-registry-key--97f32545-5fb2-430b-b895-83b91b1a3b42",
|
||
|
|
"observed-data--6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
|
||
|
|
"windows-registry-key--6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
|
||
|
|
"observed-data--ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
|
||
|
|
"file--ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
|
||
|
|
"observed-data--ff164482-8a8c-4cc0-82a5-52aeb66539dc",
|
||
|
|
"file--ff164482-8a8c-4cc0-82a5-52aeb66539dc",
|
||
|
|
"observed-data--693e271b-3966-4fb8-9787-de555149c589",
|
||
|
|
"file--693e271b-3966-4fb8-9787-de555149c589",
|
||
|
|
"observed-data--311d4452-d95d-4391-a29f-ebf1287efd4c",
|
||
|
|
"file--311d4452-d95d-4391-a29f-ebf1287efd4c",
|
||
|
|
"observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9",
|
||
|
|
"windows-registry-key--f5229ae9-caf0-4157-abf7-21c5e6c642b9",
|
||
|
|
"observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af",
|
||
|
|
"windows-registry-key--d93d30ca-8cd9-4258-9355-7c77e0de39af",
|
||
|
|
"observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
|
||
|
|
"windows-registry-key--ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
|
||
|
|
"observed-data--e1adf2b0-0fe3-4d55-810d-d22a5856138e",
|
||
|
|
"file--e1adf2b0-0fe3-4d55-810d-d22a5856138e",
|
||
|
|
"observed-data--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
|
||
|
|
"mutex--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
|
||
|
|
"observed-data--f33b60a8-86aa-4318-a304-95c782b1939c",
|
||
|
|
"windows-registry-key--f33b60a8-86aa-4318-a304-95c782b1939c",
|
||
|
|
"observed-data--cb9ad57a-983c-43eb-910b-1dc22121c017",
|
||
|
|
"windows-registry-key--cb9ad57a-983c-43eb-910b-1dc22121c017",
|
||
|
|
"observed-data--a22f23cb-3d81-4686-8581-9414b0aba1e1",
|
||
|
|
"windows-registry-key--a22f23cb-3d81-4686-8581-9414b0aba1e1",
|
||
|
|
"observed-data--6fdfde85-4599-44ab-aafc-956860f6e6c4",
|
||
|
|
"windows-registry-key--6fdfde85-4599-44ab-aafc-956860f6e6c4",
|
||
|
|
"observed-data--7dc2a39a-4944-49c1-891d-03c4a89752d2",
|
||
|
|
"windows-registry-key--7dc2a39a-4944-49c1-891d-03c4a89752d2",
|
||
|
|
"observed-data--f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
|
||
|
|
"windows-registry-key--f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
|
||
|
|
"observed-data--5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
|
||
|
|
"windows-registry-key--5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
|
||
|
|
"observed-data--73dd16a6-8e9b-4889-839e-2f6718a50041",
|
||
|
|
"windows-registry-key--73dd16a6-8e9b-4889-839e-2f6718a50041",
|
||
|
|
"observed-data--61af2af0-272f-413d-b70a-07611f8539c3",
|
||
|
|
"windows-registry-key--61af2af0-272f-413d-b70a-07611f8539c3",
|
||
|
|
"observed-data--0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
|
||
|
|
"windows-registry-key--0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
|
||
|
|
"observed-data--26d235e0-d8d7-4256-b82f-f9b190519b6d",
|
||
|
|
"windows-registry-key--26d235e0-d8d7-4256-b82f-f9b190519b6d",
|
||
|
|
"observed-data--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
|
||
|
|
"windows-registry-key--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
|
||
|
|
"observed-data--f10d6026-37f9-4894-8eb3-153f270ee3db",
|
||
|
|
"windows-registry-key--f10d6026-37f9-4894-8eb3-153f270ee3db",
|
||
|
|
"observed-data--c0437d42-5bc3-4938-a16d-90a243afd4d3",
|
||
|
|
"windows-registry-key--c0437d42-5bc3-4938-a16d-90a243afd4d3",
|
||
|
|
"observed-data--ee561233-deaa-4a0f-8583-83ed4fc026f1",
|
||
|
|
"windows-registry-key--ee561233-deaa-4a0f-8583-83ed4fc026f1",
|
||
|
|
"observed-data--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
|
||
|
|
"windows-registry-key--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
|
||
|
|
"observed-data--3c9637f6-32d8-45a7-b671-4eff38c122e7",
|
||
|
|
"windows-registry-key--3c9637f6-32d8-45a7-b671-4eff38c122e7",
|
||
|
|
"observed-data--f32b6230-41b9-4926-8e41-f651f5611b32",
|
||
|
|
"windows-registry-key--f32b6230-41b9-4926-8e41-f651f5611b32",
|
||
|
|
"observed-data--ff576e31-f7fd-4c36-9424-0b47e46cffaa",
|
||
|
|
"windows-registry-key--ff576e31-f7fd-4c36-9424-0b47e46cffaa",
|
||
|
|
"observed-data--d0ebef78-8280-4ae0-bc5c-26b59d85615e",
|
||
|
|
"windows-registry-key--d0ebef78-8280-4ae0-bc5c-26b59d85615e",
|
||
|
|
"observed-data--8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
|
||
|
|
"domain-name--8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
|
||
|
|
"observed-data--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"network-traffic--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"ipv4-addr--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"observed-data--259b1821-d418-4510-aa04-b59e92dd3820",
|
||
|
|
"windows-registry-key--259b1821-d418-4510-aa04-b59e92dd3820",
|
||
|
|
"observed-data--87f3ae04-29bd-479b-ba51-96c97f705aab",
|
||
|
|
"windows-registry-key--87f3ae04-29bd-479b-ba51-96c97f705aab",
|
||
|
|
"observed-data--23e7606b-8811-45df-b726-dabedcfcdd32",
|
||
|
|
"windows-registry-key--23e7606b-8811-45df-b726-dabedcfcdd32",
|
||
|
|
"observed-data--1f697f8c-84b1-4339-9906-1142cf955bef",
|
||
|
|
"windows-registry-key--1f697f8c-84b1-4339-9906-1142cf955bef",
|
||
|
|
"observed-data--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
|
||
|
|
"windows-registry-key--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
|
||
|
|
"observed-data--97492285-8474-4867-ae94-ec61a5fee43d",
|
||
|
|
"windows-registry-key--97492285-8474-4867-ae94-ec61a5fee43d",
|
||
|
|
"observed-data--90ec3953-0b63-4d04-9648-a9caa664dfbd",
|
||
|
|
"windows-registry-key--90ec3953-0b63-4d04-9648-a9caa664dfbd",
|
||
|
|
"observed-data--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
|
||
|
|
"windows-registry-key--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
|
||
|
|
"observed-data--13463837-8319-4893-96d4-d32a4bf2c6fa",
|
||
|
|
"windows-registry-key--13463837-8319-4893-96d4-d32a4bf2c6fa",
|
||
|
|
"observed-data--a333fb2c-9866-4a78-9e52-b97ab50ec549",
|
||
|
|
"windows-registry-key--a333fb2c-9866-4a78-9e52-b97ab50ec549",
|
||
|
|
"observed-data--4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
|
||
|
|
"windows-registry-key--4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
|
||
|
|
"observed-data--03ef6074-aaea-4605-a47c-44402d680d6e",
|
||
|
|
"windows-registry-key--03ef6074-aaea-4605-a47c-44402d680d6e",
|
||
|
|
"observed-data--02a75dd8-d84e-4901-9b20-df78e6681dba",
|
||
|
|
"windows-registry-key--02a75dd8-d84e-4901-9b20-df78e6681dba",
|
||
|
|
"observed-data--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"network-traffic--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"ipv4-addr--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"indicator--72915d1f-518f-4c2e-a438-8c736e648eae",
|
||
|
|
"observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"process--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"process--35ba0997-d509-4f32-9b8b-e26af9b9efbc",
|
||
|
|
"observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"process--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"process--e5ca629c-eb2e-4666-ba6a-1d06d033f257",
|
||
|
|
"observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"process--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"process--f3c12178-5032-4529-b970-b8bd2290b550",
|
||
|
|
"observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"process--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"process--12b2460b-30e3-4741-8a91-b6cba2b2b0d1",
|
||
|
|
"observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"process--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"process--bce67245-fb5d-49a8-9f94-d57a683b6523",
|
||
|
|
"observed-data--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"process--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"process--088f1799-557c-46ea-b729-5b45dba25897",
|
||
|
|
"observed-data--d9dfafca-d8bb-4c84-adce-89beb1814b15",
|
||
|
|
"process--d9dfafca-d8bb-4c84-adce-89beb1814b15",
|
||
|
|
"process--63808d45-2ef1-4073-8c92-b64a72630901",
|
||
|
|
"observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"process--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"process--d6b05a77-7647-4707-ab8f-09595e5c01a8",
|
||
|
|
"observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"process--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"process--a945fdf1-aa04-401e-bf8e-0c8dbe915e26",
|
||
|
|
"observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"process--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"process--9a3db6fc-d402-411a-8c03-293adbf890db",
|
||
|
|
"observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"process--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"process--3dde9650-9c02-4776-b668-857f2e5f6994",
|
||
|
|
"observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"process--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"process--5fa8229a-e960-4cc8-9cdf-d16a6d5c0e9b",
|
||
|
|
"observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"process--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"process--28220896-936f-4bf9-809f-9481312103af",
|
||
|
|
"observed-data--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"process--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"process--e52795d0-d993-4608-b353-bb8c5e013aef",
|
||
|
|
"observed-data--7130a770-0975-49c8-86ff-a9a719a229cf",
|
||
|
|
"process--7130a770-0975-49c8-86ff-a9a719a229cf",
|
||
|
|
"process--690575e6-11f0-420b-b0dc-6338dcb12cc9",
|
||
|
|
"observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"process--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"process--148177b0-6c6e-454b-bf64-719db4ef657e",
|
||
|
|
"observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"process--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"process--71b7c29b-fd39-41ce-857c-eb07b612e0c6",
|
||
|
|
"observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"process--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"process--cf003b7c-2185-4d05-85d0-af3f1168ae0a",
|
||
|
|
"observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"process--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"process--c1d0b21c-30b9-49f2-b772-b0c68df78108",
|
||
|
|
"observed-data--f49ae108-cec3-468c-9515-e52be2f2fb4f",
|
||
|
|
"process--f49ae108-cec3-468c-9515-e52be2f2fb4f",
|
||
|
|
"process--c8faa126-3558-4a2a-bf51-1d664fb2318f",
|
||
|
|
"observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"process--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"process--775972eb-d8fa-4cdd-8897-02cf028de937",
|
||
|
|
"observed-data--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"process--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"process--fe28b1c2-8207-4769-9afa-dca8428aaac1",
|
||
|
|
"observed-data--9f1ca1ce-1035-482d-b529-a8bf66044797",
|
||
|
|
"process--9f1ca1ce-1035-482d-b529-a8bf66044797",
|
||
|
|
"process--0cc543b8-3fcb-4584-a0bf-68fbf6cb4018",
|
||
|
|
"observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"process--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"process--db9955be-40b0-47b0-9e49-6345daed7651",
|
||
|
|
"observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"process--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"process--c49ca006-65cd-4790-b102-f08ed67bb796",
|
||
|
|
"observed-data--248da2ce-03f8-47fb-b4a0-07321377590f",
|
||
|
|
"file--248da2ce-03f8-47fb-b4a0-07321377590f",
|
||
|
|
"directory--eba94abd-7ec1-4328-8d19-5bb5aca72c11",
|
||
|
|
"observed-data--a2907899-5858-4892-a2a3-3018be097ef4",
|
||
|
|
"windows-registry-key--a2907899-5858-4892-a2a3-3018be097ef4",
|
||
|
|
"observed-data--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
|
||
|
|
"file--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
|
||
|
|
"directory--0185ab35-c474-45a8-b8f5-5e8f2dc22504",
|
||
|
|
"observed-data--54a84dcf-3588-458f-a3d9-5ce8629e89e2",
|
||
|
|
"file--54a84dcf-3588-458f-a3d9-5ce8629e89e2",
|
||
|
|
"directory--6e7f414a-4f32-4de9-b1c6-41b1c14a3aa1",
|
||
|
|
"observed-data--15e00eb8-9c77-47af-b71e-b15c945791fe",
|
||
|
|
"file--15e00eb8-9c77-47af-b71e-b15c945791fe",
|
||
|
|
"directory--aca6749e-5eb0-441e-9d54-9aca74306faf",
|
||
|
|
"observed-data--5776026d-9220-4878-ae0d-3afdf6bd6194",
|
||
|
|
"windows-registry-key--5776026d-9220-4878-ae0d-3afdf6bd6194",
|
||
|
|
"observed-data--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"network-traffic--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"ipv4-addr--e70d7790-643a-414f-bd05-fb52dadea184",
|
||
|
|
"observed-data--1a2c35db-7775-41b8-88cc-e83025d0125c",
|
||
|
|
"file--1a2c35db-7775-41b8-88cc-e83025d0125c",
|
||
|
|
"directory--a547f901-da10-4320-95af-721573374741",
|
||
|
|
"observed-data--3d1557ba-a402-4dbb-b600-c029a70d2f86",
|
||
|
|
"file--3d1557ba-a402-4dbb-b600-c029a70d2f86",
|
||
|
|
"directory--af05c737-cd65-4160-8063-2fc38fbceabf",
|
||
|
|
"observed-data--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
|
||
|
|
"windows-registry-key--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
|
||
|
|
"observed-data--b90ef13c-4165-4108-adc3-53234995361a",
|
||
|
|
"windows-registry-key--b90ef13c-4165-4108-adc3-53234995361a",
|
||
|
|
"observed-data--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"network-traffic--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"ipv4-addr--234fab5a-83d2-4cbe-bd6f-548baf670191",
|
||
|
|
"observed-data--c506a7b6-efe2-4710-969f-5f5b055eaa1a",
|
||
|
|
"file--c506a7b6-efe2-4710-969f-5f5b055eaa1a",
|
||
|
|
"directory--b63e2178-6d20-4316-afdb-6a18c0bab7de",
|
||
|
|
"observed-data--ed5b3977-3470-446e-a6f0-af41b68e5353",
|
||
|
|
"file--ed5b3977-3470-446e-a6f0-af41b68e5353",
|
||
|
|
"directory--16bc776f-0c26-4112-a0e9-7492e9724007",
|
||
|
|
"observed-data--8db13a1c-440f-41aa-92a6-41dc534e4efd",
|
||
|
|
"file--8db13a1c-440f-41aa-92a6-41dc534e4efd",
|
||
|
|
"directory--57f9a523-db11-4180-b26a-bd45307f0e97",
|
||
|
|
"observed-data--9521bc93-04e4-4844-9666-a0659854c7d7",
|
||
|
|
"file--9521bc93-04e4-4844-9666-a0659854c7d7",
|
||
|
|
"directory--92fffe01-16b0-45bf-969f-bb9169198d40",
|
||
|
|
"observed-data--81e50c7c-f333-4e67-aedf-775eec9a4fe1",
|
||
|
|
"windows-registry-key--81e50c7c-f333-4e67-aedf-775eec9a4fe1",
|
||
|
|
"observed-data--26856757-3649-4363-b5a9-68030b721470",
|
||
|
|
"file--26856757-3649-4363-b5a9-68030b721470",
|
||
|
|
"directory--556e5880-58e5-40cf-95a3-04a38f6d7716",
|
||
|
|
"observed-data--b6f3370e-44ff-4d65-887c-3ade077174a8",
|
||
|
|
"file--b6f3370e-44ff-4d65-887c-3ade077174a8",
|
||
|
|
"directory--4dfd289f-edd3-448c-ba77-da4d5c93f028",
|
||
|
|
"observed-data--45dac7ec-362e-49e2-a6ab-8d55e4d08276",
|
||
|
|
"windows-registry-key--45dac7ec-362e-49e2-a6ab-8d55e4d08276",
|
||
|
|
"observed-data--19c24c8e-9e77-470f-9f9f-a835a3631685",
|
||
|
|
"file--19c24c8e-9e77-470f-9f9f-a835a3631685",
|
||
|
|
"directory--928c938a-131a-4010-9af1-5befa7621de1",
|
||
|
|
"observed-data--9135f0d8-5dd2-4677-afc4-51f1488e9517",
|
||
|
|
"file--9135f0d8-5dd2-4677-afc4-51f1488e9517",
|
||
|
|
"directory--57b5066f-c692-4e46-a35b-b1f50c4a9f27",
|
||
|
|
"observed-data--e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
|
||
|
|
"file--e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
|
||
|
|
"directory--760db7a8-5589-44f4-998a-ffe84ee18857",
|
||
|
|
"observed-data--986b61a3-779e-49e4-94d0-f04e5546c9a8",
|
||
|
|
"file--986b61a3-779e-49e4-94d0-f04e5546c9a8",
|
||
|
|
"directory--ed8523b6-8355-4c5b-9ab4-e02c9685776a",
|
||
|
|
"observed-data--4d0ffbfc-0be3-4499-a722-4b64db129025",
|
||
|
|
"windows-registry-key--4d0ffbfc-0be3-4499-a722-4b64db129025",
|
||
|
|
"observed-data--d9b95f52-efdd-4083-abaa-20bf42be135a",
|
||
|
|
"file--d9b95f52-efdd-4083-abaa-20bf42be135a",
|
||
|
|
"directory--4faf9bac-d493-44e6-ab93-d8214b23f26f",
|
||
|
|
"observed-data--3e0e85ee-ceb1-442e-a652-351e691cfc60",
|
||
|
|
"file--3e0e85ee-ceb1-442e-a652-351e691cfc60",
|
||
|
|
"directory--8587bf98-0811-4078-8e1d-1c633b088f05",
|
||
|
|
"observed-data--2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
|
||
|
|
"windows-registry-key--2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
|
||
|
|
"observed-data--8e656cc6-482e-4952-869a-6cba4d726f83",
|
||
|
|
"windows-registry-key--8e656cc6-482e-4952-869a-6cba4d726f83",
|
||
|
|
"x-misp-object--6f35cd0b-d6ac-44f0-919b-80a383c946ef",
|
||
|
|
"x-misp-object--5c687e2a-e898-40f8-b69b-4bb402de0b81",
|
||
|
|
"x-misp-object--3ab643d5-68d0-4408-a644-cdd4da7df4ee",
|
||
|
|
"relationship--4f2bd7e0-c39d-4ff6-9730-d71c5da204e3",
|
||
|
|
"relationship--61857b0a-f610-4ec8-baff-6a12d77c0444",
|
||
|
|
"relationship--53816083-e0c1-4259-ae81-2b98a1b8f9d5",
|
||
|
|
"relationship--b47f70b1-d75e-4e16-90c3-5e3c6db114d7",
|
||
|
|
"relationship--d33be0aa-b273-44cd-9692-0155e2f333ad",
|
||
|
|
"relationship--b6f7d89c-d08c-40eb-87cb-2abce218e438",
|
||
|
|
"relationship--8c128c96-b9ea-4af4-b9c6-8004e338cbbe",
|
||
|
|
"relationship--faa0cd3f-4d65-4679-9204-f24c4670ec28",
|
||
|
|
"relationship--627cc1a6-533a-440e-aee4-a2f19f19f257",
|
||
|
|
"relationship--7cb69da8-565b-4bb8-8479-d467e0ef4966",
|
||
|
|
"relationship--4d8c0ed0-2162-4c5d-98a5-b851078dc874",
|
||
|
|
"relationship--812f5dd3-4bf7-4252-8203-d17b983e0018",
|
||
|
|
"relationship--2332be77-6964-4a76-ab43-e3bfc83e7cdb",
|
||
|
|
"relationship--c8ddb4b4-5e3f-434f-ac80-764790e80cd0",
|
||
|
|
"relationship--7ec86e9c-c7b0-4ead-b479-9a0e85934576",
|
||
|
|
"relationship--e8b39707-6817-43b4-976c-b05cbf615f7a",
|
||
|
|
"relationship--4a8dec6b-c2a8-44e6-83a9-b8110c0ce5d8",
|
||
|
|
"relationship--58a11719-5878-487e-9d5a-152fe795c008",
|
||
|
|
"relationship--d9a3ed70-7d3a-44a7-aefb-bdb923d8f91d",
|
||
|
|
"relationship--8340bf7c-80e5-47ce-92f0-1276c7cbe93b",
|
||
|
|
"relationship--30c22db9-dc24-41f1-bb0e-25b8ce068002",
|
||
|
|
"relationship--d23e684a-1f2b-489d-aaba-eb460d3efbcf",
|
||
|
|
"relationship--78cd9e14-15df-483b-aed8-fccae3c7dd63",
|
||
|
|
"relationship--5c8f09f6-6701-4f50-b327-43d2358b6d2b",
|
||
|
|
"relationship--012a041c-75f7-4b51-9d8b-f60c36cb63d8",
|
||
|
|
"relationship--35612096-20cf-4b3d-98de-2b2d71ee0052",
|
||
|
|
"relationship--c1712a81-a6bf-4420-ad18-cbe8949c1bc6",
|
||
|
|
"relationship--20151309-1bf0-4c8d-bcbe-d8a8e4c3bcb0",
|
||
|
|
"relationship--1b5250d6-3377-4d0f-b362-281f2ee4c9d5",
|
||
|
|
"relationship--b363cd6c-9f60-46c1-9f1c-f402cbd56f2d",
|
||
|
|
"relationship--2500b8ba-a93d-46a6-b2ee-213bf14cf931",
|
||
|
|
"relationship--7ddf7778-9ad8-4081-829b-3e05570314a9",
|
||
|
|
"relationship--e6ab9877-3b82-45d9-80c2-47a5e2e9a9a3",
|
||
|
|
"relationship--bafbf020-6965-4938-87ff-4782c9f578ea",
|
||
|
|
"relationship--0ad64c9a-6430-4e8a-a696-b663ba4d5c92",
|
||
|
|
"relationship--4ba463e6-c4c2-4619-ba3d-0f4bdb78c877",
|
||
|
|
"relationship--2a9ec09e-2151-428f-be98-adcc5f17a424",
|
||
|
|
"relationship--35167c97-fb1d-4da1-bd6d-97cb2c313e46",
|
||
|
|
"relationship--9eda88b4-f0c1-4b3d-b88a-1497dbeb3136",
|
||
|
|
"relationship--2aff34af-c0f0-4e1d-a42b-e49eaea06c29",
|
||
|
|
"relationship--969624d6-088e-41cb-be2a-f8066de84bb9",
|
||
|
|
"relationship--2b4a4a0e-c4f9-45f7-9c83-1e535c74fdd9",
|
||
|
|
"relationship--5f235789-1b29-48df-a397-5c1080e78aa7",
|
||
|
|
"relationship--b5bd559f-d9b7-4584-9dcc-6500a448bbf2",
|
||
|
|
"relationship--1de80b1e-94e2-4b47-96df-3499c4d73527",
|
||
|
|
"relationship--cff8115e-dae1-453e-b4cf-319aa7b55acc",
|
||
|
|
"relationship--674cccb1-9262-4b8c-9d35-31363dff4019",
|
||
|
|
"relationship--e0719810-6ab8-466f-8736-5e11580236ad",
|
||
|
|
"relationship--876770d2-09c1-4653-8807-27966ca79ca4",
|
||
|
|
"relationship--ecba2215-b02c-4475-89fb-bca8e9d208df",
|
||
|
|
"relationship--ef23d865-fccc-4be8-a600-a9a425751b0e",
|
||
|
|
"relationship--61aef0d9-6d8f-4a99-a822-9e93a1d4da1f",
|
||
|
|
"relationship--5bafe638-20ee-4f25-b6a1-59a1f558b571",
|
||
|
|
"relationship--b5055614-3531-4716-9f2d-4f718b87055e",
|
||
|
|
"relationship--1db037a4-f190-412d-a038-bbc7e5731732",
|
||
|
|
"relationship--5913c9f3-6501-427a-addf-cab97ed76adb",
|
||
|
|
"relationship--4d0e6978-67f0-43d3-9f63-ae1c939dcfcd",
|
||
|
|
"relationship--e530cce1-9781-4f6a-918e-54f7d15eaa13",
|
||
|
|
"relationship--6b92f350-a66d-4208-80c7-20601c6fe085",
|
||
|
|
"relationship--b26efdf8-7438-4d82-a8e0-74184339b310",
|
||
|
|
"relationship--4128169c-d8bd-4a3a-a684-45d1461424fc",
|
||
|
|
"relationship--19f6bdff-c5d1-43c0-846d-1105d4d1f5f0",
|
||
|
|
"relationship--f0c179de-f64b-4044-aa41-db861c26fe6c",
|
||
|
|
"relationship--f4c0f689-cdd0-4d31-a158-569bd9f37ff3",
|
||
|
|
"relationship--db82b1b5-a5ab-41db-a099-6d7026c2648f",
|
||
|
|
"relationship--a208a328-4f10-4532-bd99-c0790fd3c8b9",
|
||
|
|
"relationship--eca153b3-4fc4-4f36-b507-a4e0da7bc193",
|
||
|
|
"relationship--d0f31577-ab35-4ff3-9a71-15e01e045759",
|
||
|
|
"relationship--ffb92d1b-5ac7-4baf-a727-3dfb98c3ffda",
|
||
|
|
"relationship--08bbb985-22fa-4da3-8440-5748f0344f15",
|
||
|
|
"relationship--2edf10fd-0727-49b1-aff4-d7053af3b2e1",
|
||
|
|
"relationship--aa1a83d5-6bc7-41e9-9ada-ad4301390579",
|
||
|
|
"relationship--0c2458fb-9494-4a70-b46c-1437120fca1b",
|
||
|
|
"relationship--971938f6-b99c-40aa-8b75-282e7f24fa20",
|
||
|
|
"relationship--3e90d646-2038-4300-8fcb-f2d81df5369b",
|
||
|
|
"relationship--14590a2d-d260-4a04-aebe-e630670161db",
|
||
|
|
"relationship--48b14437-597e-4cc6-8e5b-aa348fb82bec",
|
||
|
|
"relationship--96b4f5a7-3210-453f-8ccb-6fa211ae442d",
|
||
|
|
"relationship--15cc27c9-6ec9-47a4-ba8e-cc8f56345490",
|
||
|
|
"relationship--b712592f-dedf-4ca8-872e-c4f3dbf4be0b",
|
||
|
|
"relationship--f5bf83d2-cbfb-483c-b9bb-96b7e2f6d455",
|
||
|
|
"relationship--21ac1b67-5e94-406d-a197-2c47d8a7edaa",
|
||
|
|
"relationship--fcde2e10-80e6-46fb-b66a-95def6bf2f8b",
|
||
|
|
"relationship--583d7c46-789f-43e3-8842-e7fcc1765d5e",
|
||
|
|
"relationship--168f3368-d33d-4495-94ef-04f4bb0ce093",
|
||
|
|
"relationship--d829bf09-be70-4de6-bbbb-28a25aa2f242",
|
||
|
|
"relationship--b5788859-246a-470e-b53d-8b311f176713",
|
||
|
|
"relationship--0663c11b-74c6-491b-a979-6e76c77c356f",
|
||
|
|
"relationship--a7616455-c5e0-476a-9950-bc440537bd3e",
|
||
|
|
"relationship--ae1d558b-f7a3-48e2-a415-42054a740942",
|
||
|
|
"relationship--0f5103aa-f024-4339-8cc9-d911d8237620",
|
||
|
|
"relationship--411228e6-d02c-42f9-ab1b-768d3448c518",
|
||
|
|
"relationship--ee18dd5e-44e1-43e8-b593-524cc918bb8a",
|
||
|
|
"relationship--5c3fdb55-66f7-4f3b-bfc1-4f726593af35",
|
||
|
|
"relationship--85dd2c56-ba44-478b-a9d0-77dcbf0d9dcf",
|
||
|
|
"relationship--cb624c50-5b6d-40ec-9c7c-971cc53fdf93",
|
||
|
|
"relationship--14f27f10-3542-4e85-bf04-88436b0a6ab8",
|
||
|
|
"relationship--239ace47-1c10-45b8-ab0b-227f05b97a8b",
|
||
|
|
"relationship--a95a55a9-0c58-42a7-888e-ee3d9d087b02",
|
||
|
|
"relationship--13fa15f9-fd02-4cd7-ab9e-f9b520b2e859",
|
||
|
|
"relationship--09175ca8-9938-4635-aa28-352bab732bcf",
|
||
|
|
"relationship--6000435b-ec1c-4e16-99f5-cd87b6f9b6a2",
|
||
|
|
"relationship--ccdf8a07-efe9-4fd2-afca-6811ad7da409",
|
||
|
|
"relationship--9ddddbda-0ad0-4be9-a9d5-291f44061ef0",
|
||
|
|
"relationship--865425b4-103f-4137-b489-396562c50fe1",
|
||
|
|
"relationship--2ef0a975-0e04-4c37-baf4-da767edc9d68",
|
||
|
|
"relationship--ae6682bc-8f31-4886-9975-a8b713a406c9",
|
||
|
|
"relationship--ecd6bf68-fb89-4dba-bad5-41ade81e6eb4",
|
||
|
|
"relationship--fdf2a307-6686-4421-83ed-5f1fe6e73798",
|
||
|
|
"relationship--a91edb52-9136-406c-acc7-d14d2e4cdbb9",
|
||
|
|
"relationship--25a5e2b3-f5eb-4078-ac0a-f5b50141a3ec",
|
||
|
|
"relationship--994d8310-c70b-45c5-82de-292459eea0d4",
|
||
|
|
"relationship--530cca80-cd5a-4bfd-a39c-0a8a71eccac3",
|
||
|
|
"relationship--5e746ebe-8c3d-4c07-866f-fe0aed5c8c1b",
|
||
|
|
"relationship--d295dffd-27b7-4d93-826c-2f65439d3491",
|
||
|
|
"relationship--df612eac-54e6-43c9-be74-2976479e04e8",
|
||
|
|
"relationship--77fec2ad-b668-4249-aa28-8b33c1fe8ded",
|
||
|
|
"relationship--13cd6817-eab7-4f16-b14c-7613a8115705",
|
||
|
|
"relationship--97e6157c-5551-42c2-be4a-84f0bae907b7",
|
||
|
|
"relationship--f61e318c-0227-484b-8c1a-2b84bd65325b",
|
||
|
|
"relationship--1e851927-e866-440b-8aeb-cec3c1cb3a4a",
|
||
|
|
"relationship--519dfec9-e830-4879-85d5-a22d289ceb4b",
|
||
|
|
"relationship--eff5f807-66ab-48d5-8dd2-6c55ecd97835",
|
||
|
|
"relationship--eba33572-ff77-4bd1-b6d5-26c97f0cc095",
|
||
|
|
"relationship--64b7d4ab-ce91-452c-bd8d-c4b2120adb17",
|
||
|
|
"relationship--a9056b68-d54a-4558-a3fb-5d6f719f44e0",
|
||
|
|
"relationship--bc11553a-5c1b-46cb-8f4d-2a8a863941a4",
|
||
|
|
"relationship--f3c05aa4-fa73-4bec-aa3b-8fbaed5a5ca9",
|
||
|
|
"relationship--aa49f781-c75a-46fe-bac7-18e5bbc182ad",
|
||
|
|
"relationship--6d0006a2-1ce9-438e-b908-75baf43c1bb7",
|
||
|
|
"relationship--f37db6ca-3a3d-4696-ac6f-f72d53ba8a8c",
|
||
|
|
"relationship--489c2859-2a1a-4ec9-a242-f99cf77386b9",
|
||
|
|
"relationship--cdeb1118-2fea-47db-b8be-e818a29a301d",
|
||
|
|
"relationship--bc248ddc-5cd5-4073-aa6a-b910b0e8b404",
|
||
|
|
"relationship--8db797bf-68d9-432d-911a-2727d2b922ad",
|
||
|
|
"relationship--ec26bc49-b0a3-459a-b9aa-cd48a02daf83",
|
||
|
|
"relationship--71b8611c-4765-4b39-9308-0600b58cbb91",
|
||
|
|
"relationship--8c814b7f-45bd-48c5-b3b9-de0d0d8fdb14",
|
||
|
|
"relationship--f2dddc49-06a9-44c1-baf2-eb55174127bb",
|
||
|
|
"relationship--de22266b-08da-4b67-93ec-6233cfce07fd",
|
||
|
|
"relationship--d664fc4c-7e0a-4e92-afb0-675a0fa3851d",
|
||
|
|
"relationship--54b3df3d-0896-46a6-adf5-7a2155addf41",
|
||
|
|
"relationship--32a07e85-e0ab-4e76-b716-a7c9db1764f7",
|
||
|
|
"relationship--5dd0961e-1491-4708-8cdc-95e6f67c1cba",
|
||
|
|
"relationship--697b44d2-a772-438e-965d-dba8847bf0e9",
|
||
|
|
"relationship--449ee13f-d620-4e59-a14b-332080324956",
|
||
|
|
"relationship--fb0f6cee-e408-49ef-b3bc-fbef93d8c31e",
|
||
|
|
"relationship--330d92b2-ed0d-4755-9010-17e23485ced4",
|
||
|
|
"relationship--2d5c938c-cf58-4546-a901-16be252d4542",
|
||
|
|
"relationship--260bf290-79af-42be-a92a-31bcb35832b9",
|
||
|
|
"relationship--ec34e296-c113-426a-bd25-64df5fdc95a2",
|
||
|
|
"relationship--7ee1af63-2336-415d-ba51-2064e9c496b6",
|
||
|
|
"relationship--93d06bcf-84e3-4462-9648-032aa9d8a51f",
|
||
|
|
"relationship--ef84bc91-ce88-4ad0-b116-d884aa5439da",
|
||
|
|
"relationship--9d60aea0-d625-4b1d-95d4-bddaa8f2653e",
|
||
|
|
"relationship--6fc4b137-940f-47f5-b3e7-3251dde778c4",
|
||
|
|
"relationship--7c780b13-bea1-4cc5-8f4a-03ab77594bf6",
|
||
|
|
"relationship--c15ada28-f243-49a9-b5c9-b90b49a3d924",
|
||
|
|
"relationship--fa88b822-d693-4cc4-a49f-ebe3b3e9683d",
|
||
|
|
"relationship--6dafe1af-39cd-4caf-ad37-a8f5c450dd2b",
|
||
|
|
"relationship--337543a8-aba3-4b06-8a0b-1948e78eeb01",
|
||
|
|
"relationship--212a4ed5-d241-45ed-a619-22466c845a3e",
|
||
|
|
"relationship--51c9a992-f3e6-4a37-9e6f-d9b56a23f934",
|
||
|
|
"relationship--87d0bcf0-acf1-419a-a8c3-3ce404833ad5",
|
||
|
|
"relationship--f36fa257-203a-43c9-8a15-33f191f855b3",
|
||
|
|
"relationship--3c23579d-a160-4451-b833-f8dc9ba8e766",
|
||
|
|
"relationship--b7101d46-a561-43e3-8f57-2a06c1b2c9da",
|
||
|
|
"relationship--9b984f33-b009-4928-8e69-3c39bca8f813",
|
||
|
|
"relationship--71fa47f4-2523-4b66-97e9-077a9dda4ae5",
|
||
|
|
"relationship--1e18da52-1542-402d-9b76-0c52c8a2e6ac",
|
||
|
|
"relationship--cc3de217-a7f5-4341-8239-456d7ecb8569",
|
||
|
|
"relationship--78be5738-7cfe-46b1-a393-789529fe3662",
|
||
|
|
"relationship--feeed723-0e0d-4065-991f-b39bca2a955d",
|
||
|
|
"relationship--da462e66-6402-414d-adba-f9d82884c4cf",
|
||
|
|
"relationship--6464f3ef-a220-47a0-bf60-517f4861e36a",
|
||
|
|
"relationship--fa5d58f4-83d3-4b1d-a01f-4adcfe5b972d",
|
||
|
|
"relationship--a4a1714f-459c-41cf-93a0-1b74470a8f35",
|
||
|
|
"relationship--4c380baa-5672-43ec-8e10-b5f711d10e27"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"type:OSINT",
|
||
|
|
"osint:lifetime=\"perpetual\"",
|
||
|
|
"osint:certainty=\"50\""
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--980017ac-8689-4856-8609-a7e93799f9a1",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "Termination Reason",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "Timeout"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--7835ddd1-3eca-42d1-adbe-867661488e64",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM User Domain",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "YKYD69Q"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--e3a7649e-190f-4bfa-8b1a-b316f0b85a63",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM Name",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "win7_64_sp1-mso2016"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--5b3ba8d7-70c0-4252-823c-c67d07279b44",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "Cybox Truncated",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "False"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--15272f14-eff1-4d57-9bfe-eb50c88dddd3",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM Architecture",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "x86 64-bit"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--3c2bc824-66a1-47d9-a5da-cc6bf00f3487",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "Execution Successful",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "True"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--98278a38-fc12-4326-9dbf-cd4fefd3bab8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM OS",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "Windows 7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--fda97354-4f7b-4ee0-9231-35f0b1a95e45",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM Kernel Version",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--aa5c6047-8e3e-4b93-9030-50c3b0f76a89",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM Analysis Duration Time",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "245.909"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--d5eb49cb-82cf-425a-aaa5-867e334de8bd",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"Other\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "Other",
|
||
|
|
"x_misp_comment": "VM Username",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "aETAdzjz"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--c9a7758d-0ac7-42cc-a6c2-40791fe6899d"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--c9a7758d-0ac7-42cc-a6c2-40791fe6899d",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\Licenses"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--fb07c709-9a1f-4e37-b483-75407bbb9230",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--fb07c709-9a1f-4e37-b483-75407bbb9230"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--fb07c709-9a1f-4e37-b483-75407bbb9230",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--2968c724-74e2-4077-ad10-ed897489aadf",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--2968c724-74e2-4077-ad10-ed897489aadf"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--2968c724-74e2-4077-ad10-ed897489aadf",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--12dea9cb-410b-4691-8b7b-083f9d47c75a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--12dea9cb-410b-4691-8b7b-083f9d47c75a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--12dea9cb-410b-4691-8b7b-083f9d47c75a",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--07e706e6-0d49-4662-8b1b-5599df36dbaf",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--07e706e6-0d49-4662-8b1b-5599df36dbaf"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--07e706e6-0d49-4662-8b1b-5599df36dbaf",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\409"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9fcf4e94-d16b-4540-b69e-75fe834c4a88",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--9fcf4e94-d16b-4540-b69e-75fe834c4a88"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--9fcf4e94-d16b-4540-b69e-75fe834c4a88",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5d7889d3-396b-4ab6-a221-dee0d544bc1c",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--5d7889d3-396b-4ab6-a221-dee0d544bc1c"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--5d7889d3-396b-4ab6-a221-dee0d544bc1c",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--88b4dff4-51b1-425d-a897-55fabb69f64b",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--88b4dff4-51b1-425d-a897-55fabb69f64b"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--88b4dff4-51b1-425d-a897-55fabb69f64b",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0\\win64"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--47554dfd-1690-4f7d-944d-fa95e510cfbc",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--47554dfd-1690-4f7d-944d-fa95e510cfbc"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--47554dfd-1690-4f7d-944d-fa95e510cfbc",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--8839c1e5-c3ae-4361-9d77-36ef93dee014",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--8839c1e5-c3ae-4361-9d77-36ef93dee014"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--8839c1e5-c3ae-4361-9d77-36ef93dee014",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--dfc2f46a-8042-49c8-8960-58f12dd86c0b",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--dfc2f46a-8042-49c8-8960-58f12dd86c0b"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--dfc2f46a-8042-49c8-8960-58f12dd86c0b",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ae28d749-b2ed-4147-91b3-78e2b65d02d8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--ae28d749-b2ed-4147-91b3-78e2b65d02d8"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--ae28d749-b2ed-4147-91b3-78e2b65d02d8",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9\\win64"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--795c1bae-831b-4b11-b279-32138c042af0",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--795c1bae-831b-4b11-b279-32138c042af0"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--795c1bae-831b-4b11-b279-32138c042af0",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--42636628-4a98-4515-84c4-efb048624d16",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--42636628-4a98-4515-84c4-efb048624d16"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--42636628-4a98-4515-84c4-efb048624d16",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--e325f097-a49e-4bd4-8362-4281735c0279",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:10.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:10.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:10Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--e325f097-a49e-4bd4-8362-4281735c0279"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--e325f097-a49e-4bd4-8362-4281735c0279",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--e2e3f385-135e-4d43-a9b0-2c3f543b77ed"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--e2e3f385-135e-4d43-a9b0-2c3f543b77ed",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--443e35c7-bed9-4736-acb7-8e27ca55d0d7",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--443e35c7-bed9-4736-acb7-8e27ca55d0d7"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--443e35c7-bed9-4736-acb7-8e27ca55d0d7",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--855e5151-6ffb-47c0-8324-e69fe2310bf1",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--855e5151-6ffb-47c0-8324-e69fe2310bf1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--855e5151-6ffb-47c0-8324-e69fe2310bf1",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--08ca55d9-a2dd-4360-b903-07e9d30e3f8a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--08ca55d9-a2dd-4360-b903-07e9d30e3f8a",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--97f32545-5fb2-430b-b895-83b91b1a3b42",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--97f32545-5fb2-430b-b895-83b91b1a3b42"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--97f32545-5fb2-430b-b895-83b91b1a3b42",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--6f7de6d0-a260-4ba5-b58b-58c3679b32ea"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--6f7de6d0-a260-4ba5-b58b-58c3679b32ea",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--ab0bc302-d9cf-49b7-a5d0-c794c3f25362"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename\"",
|
||
|
|
"misp:category=\"Payload delivery\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--ab0bc302-d9cf-49b7-a5d0-c794c3f25362",
|
||
|
|
"name": "\\device\\null"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ff164482-8a8c-4cc0-82a5-52aeb66539dc",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--ff164482-8a8c-4cc0-82a5-52aeb66539dc"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename\"",
|
||
|
|
"misp:category=\"Payload delivery\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--ff164482-8a8c-4cc0-82a5-52aeb66539dc",
|
||
|
|
"name": "STD_OUTPUT_HANDLE"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--693e271b-3966-4fb8-9787-de555149c589",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--693e271b-3966-4fb8-9787-de555149c589"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename\"",
|
||
|
|
"misp:category=\"Payload delivery\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--693e271b-3966-4fb8-9787-de555149c589",
|
||
|
|
"name": "STD_INPUT_HANDLE"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--311d4452-d95d-4391-a29f-ebf1287efd4c",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--311d4452-d95d-4391-a29f-ebf1287efd4c"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename\"",
|
||
|
|
"misp:category=\"Payload delivery\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--311d4452-d95d-4391-a29f-ebf1287efd4c",
|
||
|
|
"name": "STD_ERROR_HANDLE"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f5229ae9-caf0-4157-abf7-21c5e6c642b9",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--d93d30ca-8cd9-4258-9355-7c77e0de39af",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--ce3191d5-eecd-421e-9ac0-2a2f8c16a723",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--e1adf2b0-0fe3-4d55-810d-d22a5856138e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--e1adf2b0-0fe3-4d55-810d-d22a5856138e"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename\"",
|
||
|
|
"misp:category=\"Payload delivery\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--e1adf2b0-0fe3-4d55-810d-d22a5856138e",
|
||
|
|
"name": "conout$"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"mutex--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"mutex\"",
|
||
|
|
"misp:category=\"Artifacts dropped\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "mutex",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "mutex--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4",
|
||
|
|
"name": "Global\\.net clr networking"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f33b60a8-86aa-4318-a304-95c782b1939c",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f33b60a8-86aa-4318-a304-95c782b1939c"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f33b60a8-86aa-4318-a304-95c782b1939c",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--cb9ad57a-983c-43eb-910b-1dc22121c017",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--cb9ad57a-983c-43eb-910b-1dc22121c017"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--cb9ad57a-983c-43eb-910b-1dc22121c017",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a22f23cb-3d81-4686-8581-9414b0aba1e1",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--a22f23cb-3d81-4686-8581-9414b0aba1e1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--a22f23cb-3d81-4686-8581-9414b0aba1e1",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--6fdfde85-4599-44ab-aafc-956860f6e6c4",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--6fdfde85-4599-44ab-aafc-956860f6e6c4"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--6fdfde85-4599-44ab-aafc-956860f6e6c4",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--7dc2a39a-4944-49c1-891d-03c4a89752d2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--7dc2a39a-4944-49c1-891d-03c4a89752d2"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--7dc2a39a-4944-49c1-891d-03c4a89752d2",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f8c2aa57-b94e-42de-aeec-0ac698fd0abe"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f8c2aa57-b94e-42de-aeec-0ac698fd0abe",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Environment"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--5c607639-ce58-4a7d-a96a-b31d0c1de7fa"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--5c607639-ce58-4a7d-a96a-b31d0c1de7fa",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--73dd16a6-8e9b-4889-839e-2f6718a50041",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--73dd16a6-8e9b-4889-839e-2f6718a50041"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--73dd16a6-8e9b-4889-839e-2f6718a50041",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--61af2af0-272f-413d-b70a-07611f8539c3",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--61af2af0-272f-413d-b70a-07611f8539c3"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--61af2af0-272f-413d-b70a-07611f8539c3",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--0f3708a6-7579-426a-9cbb-cff51cdbd0d7"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--0f3708a6-7579-426a-9cbb-cff51cdbd0d7",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word\\Resiliency"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--26d235e0-d8d7-4256-b82f-f9b190519b6d",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--26d235e0-d8d7-4256-b82f-f9b190519b6d"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--26d235e0-d8d7-4256-b82f-f9b190519b6d",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f10d6026-37f9-4894-8eb3-153f270ee3db",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f10d6026-37f9-4894-8eb3-153f270ee3db"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f10d6026-37f9-4894-8eb3-153f270ee3db",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--c0437d42-5bc3-4938-a16d-90a243afd4d3",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--c0437d42-5bc3-4938-a16d-90a243afd4d3"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--c0437d42-5bc3-4938-a16d-90a243afd4d3",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ee561233-deaa-4a0f-8583-83ed4fc026f1",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--ee561233-deaa-4a0f-8583-83ed4fc026f1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--ee561233-deaa-4a0f-8583-83ed4fc026f1",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--3c9637f6-32d8-45a7-b671-4eff38c122e7",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--3c9637f6-32d8-45a7-b671-4eff38c122e7"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--3c9637f6-32d8-45a7-b671-4eff38c122e7",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f32b6230-41b9-4926-8e41-f651f5611b32",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f32b6230-41b9-4926-8e41-f651f5611b32"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f32b6230-41b9-4926-8e41-f651f5611b32",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ff576e31-f7fd-4c36-9424-0b47e46cffaa",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--ff576e31-f7fd-4c36-9424-0b47e46cffaa"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--ff576e31-f7fd-4c36-9424-0b47e46cffaa",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--d0ebef78-8280-4ae0-bc5c-26b59d85615e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--d0ebef78-8280-4ae0-bc5c-26b59d85615e"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--d0ebef78-8280-4ae0-bc5c-26b59d85615e",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office\\11.0\\Word\\File MRU"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"domain-name--8f016b30-31ec-49e4-ad5a-4d0ce5c37109"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"domain\"",
|
||
|
|
"misp:category=\"Network activity\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "domain-name",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "domain-name--8f016b30-31ec-49e4-ad5a-4d0ce5c37109",
|
||
|
|
"value": "amf-fr.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"network-traffic--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"ipv4-addr--5f8ceee8-e144-42b8-bac5-35d7719be983"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst|port\"",
|
||
|
|
"misp:category=\"Network activity\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "network-traffic",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "network-traffic--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"dst_ref": "ipv4-addr--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"dst_port": 443,
|
||
|
|
"protocols": [
|
||
|
|
"tcp"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ipv4-addr",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "ipv4-addr--5f8ceee8-e144-42b8-bac5-35d7719be983",
|
||
|
|
"value": "51.38.150.171"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--259b1821-d418-4510-aa04-b59e92dd3820",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--259b1821-d418-4510-aa04-b59e92dd3820"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--259b1821-d418-4510-aa04-b59e92dd3820",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--87f3ae04-29bd-479b-ba51-96c97f705aab",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--87f3ae04-29bd-479b-ba51-96c97f705aab"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--87f3ae04-29bd-479b-ba51-96c97f705aab",
|
||
|
|
"key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--23e7606b-8811-45df-b726-dabedcfcdd32",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--23e7606b-8811-45df-b726-dabedcfcdd32"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--23e7606b-8811-45df-b726-dabedcfcdd32",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\.dll"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--1f697f8c-84b1-4339-9906-1142cf955bef",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--1f697f8c-84b1-4339-9906-1142cf955bef"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--1f697f8c-84b1-4339-9906-1142cf955bef",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\dllfile"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5",
|
||
|
|
"key": "HKEY_CLASSES_ROOT\\dllfile\\AutoRegister"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--97492285-8474-4867-ae94-ec61a5fee43d",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--97492285-8474-4867-ae94-ec61a5fee43d"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--97492285-8474-4867-ae94-ec61a5fee43d",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--90ec3953-0b63-4d04-9648-a9caa664dfbd",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--90ec3953-0b63-4d04-9648-a9caa664dfbd"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--90ec3953-0b63-4d04-9648-a9caa664dfbd",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--13463837-8319-4893-96d4-d32a4bf2c6fa",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--13463837-8319-4893-96d4-d32a4bf2c6fa"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--13463837-8319-4893-96d4-d32a4bf2c6fa",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a333fb2c-9866-4a78-9e52-b97ab50ec549",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--a333fb2c-9866-4a78-9e52-b97ab50ec549"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--a333fb2c-9866-4a78-9e52-b97ab50ec549",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--4cf5eb52-9c30-4637-ac1f-9d66855e7edc"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--4cf5eb52-9c30-4637-ac1f-9d66855e7edc",
|
||
|
|
"key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--03ef6074-aaea-4605-a47c-44402d680d6e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--03ef6074-aaea-4605-a47c-44402d680d6e"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--03ef6074-aaea-4605-a47c-44402d680d6e",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--02a75dd8-d84e-4901-9b20-df78e6681dba",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--02a75dd8-d84e-4901-9b20-df78e6681dba"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"regkey\"",
|
||
|
|
"misp:category=\"Persistence mechanism\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--02a75dd8-d84e-4901-9b20-df78e6681dba",
|
||
|
|
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:11.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:11.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:11Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"network-traffic--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"ipv4-addr--09d3b623-b0fd-4d24-82d3-54f083bb737a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"ip-dst|port\"",
|
||
|
|
"misp:category=\"Network activity\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "network-traffic",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "network-traffic--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"dst_ref": "ipv4-addr--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"dst_port": 443,
|
||
|
|
"protocols": [
|
||
|
|
"tcp"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ipv4-addr",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "ipv4-addr--09d3b623-b0fd-4d24-82d3-54f083bb737a",
|
||
|
|
"value": "185.10.68.189"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--72915d1f-518f-4c2e-a438-8c736e648eae",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:21:59.000Z",
|
||
|
|
"modified": "2019-02-16T21:21:59.000Z",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'efbcffc10763a287bdedfb6e892ae20c' AND file:hashes.SHA1 = '0dfe75a01e525bc599dff0c17204129b7ac3a437' AND file:hashes.SHA256 = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b' AND file:name = '728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b.doc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-02-16T21:21:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:12.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:12.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"process--35ba0997-d509-4f32-9b8b-e26af9b9efbc"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"pid": 2264,
|
||
|
|
"parent_ref": "process--35ba0997-d509-4f32-9b8b-e26af9b9efbc",
|
||
|
|
"x_misp_name": "winword.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--35ba0997-d509-4f32-9b8b-e26af9b9efbc",
|
||
|
|
"pid": 924
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:12.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:12.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"process--e5ca629c-eb2e-4666-ba6a-1d06d033f257"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"pid": 2496,
|
||
|
|
"parent_ref": "process--e5ca629c-eb2e-4666-ba6a-1d06d033f257",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--e5ca629c-eb2e-4666-ba6a-1d06d033f257",
|
||
|
|
"pid": 2264
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:12.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:12.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:12Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"process--f3c12178-5032-4529-b970-b8bd2290b550"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"pid": 2520,
|
||
|
|
"parent_ref": "process--f3c12178-5032-4529-b970-b8bd2290b550",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--f3c12178-5032-4529-b970-b8bd2290b550",
|
||
|
|
"pid": 2496
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:13.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:13.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:13Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:13Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"process--12b2460b-30e3-4741-8a91-b6cba2b2b0d1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"pid": 2776,
|
||
|
|
"parent_ref": "process--12b2460b-30e3-4741-8a91-b6cba2b2b0d1",
|
||
|
|
"x_misp_name": "winword.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--12b2460b-30e3-4741-8a91-b6cba2b2b0d1",
|
||
|
|
"pid": 2520
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:13.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:13.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:13Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:13Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"process--bce67245-fb5d-49a8-9f94-d57a683b6523"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"pid": 2792,
|
||
|
|
"parent_ref": "process--bce67245-fb5d-49a8-9f94-d57a683b6523",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--bce67245-fb5d-49a8-9f94-d57a683b6523",
|
||
|
|
"pid": 2496
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"process--088f1799-557c-46ea-b729-5b45dba25897"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"pid": 2800,
|
||
|
|
"parent_ref": "process--088f1799-557c-46ea-b729-5b45dba25897",
|
||
|
|
"x_misp_name": "reg.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--088f1799-557c-46ea-b729-5b45dba25897",
|
||
|
|
"pid": 2792
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--d9dfafca-d8bb-4c84-adce-89beb1814b15",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--d9dfafca-d8bb-4c84-adce-89beb1814b15",
|
||
|
|
"process--63808d45-2ef1-4073-8c92-b64a72630901"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--d9dfafca-d8bb-4c84-adce-89beb1814b15",
|
||
|
|
"pid": 2808,
|
||
|
|
"parent_ref": "process--63808d45-2ef1-4073-8c92-b64a72630901",
|
||
|
|
"x_misp_name": "certutil.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--63808d45-2ef1-4073-8c92-b64a72630901",
|
||
|
|
"pid": 2496
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"process--d6b05a77-7647-4707-ab8f-09595e5c01a8"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"pid": 2816,
|
||
|
|
"parent_ref": "process--d6b05a77-7647-4707-ab8f-09595e5c01a8",
|
||
|
|
"x_misp_name": "regsvr32.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--d6b05a77-7647-4707-ab8f-09595e5c01a8",
|
||
|
|
"pid": 2496
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"process--a945fdf1-aa04-401e-bf8e-0c8dbe915e26"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"pid": 2920,
|
||
|
|
"parent_ref": "process--a945fdf1-aa04-401e-bf8e-0c8dbe915e26",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--a945fdf1-aa04-401e-bf8e-0c8dbe915e26",
|
||
|
|
"pid": 2816
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"process--9a3db6fc-d402-411a-8c03-293adbf890db"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"pid": 2992,
|
||
|
|
"parent_ref": "process--9a3db6fc-d402-411a-8c03-293adbf890db",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--9a3db6fc-d402-411a-8c03-293adbf890db",
|
||
|
|
"pid": 2776
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"process--3dde9650-9c02-4776-b668-857f2e5f6994"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"pid": 3048,
|
||
|
|
"parent_ref": "process--3dde9650-9c02-4776-b668-857f2e5f6994",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--3dde9650-9c02-4776-b668-857f2e5f6994",
|
||
|
|
"pid": 2992
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"process--5fa8229a-e960-4cc8-9cdf-d16a6d5c0e9b"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"pid": 2064,
|
||
|
|
"parent_ref": "process--5fa8229a-e960-4cc8-9cdf-d16a6d5c0e9b",
|
||
|
|
"x_misp_name": "winword.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--5fa8229a-e960-4cc8-9cdf-d16a6d5c0e9b",
|
||
|
|
"pid": 3048
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"process--28220896-936f-4bf9-809f-9481312103af"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"pid": 1400,
|
||
|
|
"parent_ref": "process--28220896-936f-4bf9-809f-9481312103af",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--28220896-936f-4bf9-809f-9481312103af",
|
||
|
|
"pid": 2992
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"process--e52795d0-d993-4608-b353-bb8c5e013aef"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"pid": 1652,
|
||
|
|
"parent_ref": "process--e52795d0-d993-4608-b353-bb8c5e013aef",
|
||
|
|
"x_misp_name": "reg.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--e52795d0-d993-4608-b353-bb8c5e013aef",
|
||
|
|
"pid": 1400
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--7130a770-0975-49c8-86ff-a9a719a229cf",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:14.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:14.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:14Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--7130a770-0975-49c8-86ff-a9a719a229cf",
|
||
|
|
"process--690575e6-11f0-420b-b0dc-6338dcb12cc9"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--7130a770-0975-49c8-86ff-a9a719a229cf",
|
||
|
|
"pid": 872,
|
||
|
|
"parent_ref": "process--690575e6-11f0-420b-b0dc-6338dcb12cc9",
|
||
|
|
"x_misp_name": "certutil.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--690575e6-11f0-420b-b0dc-6338dcb12cc9",
|
||
|
|
"pid": 2992
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:15.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:15.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:15Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:15Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"process--148177b0-6c6e-454b-bf64-719db4ef657e"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"pid": 528,
|
||
|
|
"parent_ref": "process--148177b0-6c6e-454b-bf64-719db4ef657e",
|
||
|
|
"x_misp_name": "regsvr32.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--148177b0-6c6e-454b-bf64-719db4ef657e",
|
||
|
|
"pid": 2992
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:15.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:15.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:15Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:15Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"process--71b7c29b-fd39-41ce-857c-eb07b612e0c6"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"pid": 1888,
|
||
|
|
"parent_ref": "process--71b7c29b-fd39-41ce-857c-eb07b612e0c6",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--71b7c29b-fd39-41ce-857c-eb07b612e0c6",
|
||
|
|
"pid": 528
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"process--cf003b7c-2185-4d05-85d0-af3f1168ae0a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"pid": 2336,
|
||
|
|
"parent_ref": "process--cf003b7c-2185-4d05-85d0-af3f1168ae0a",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--cf003b7c-2185-4d05-85d0-af3f1168ae0a",
|
||
|
|
"pid": 2064
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"process--c1d0b21c-30b9-49f2-b772-b0c68df78108"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"pid": 2356,
|
||
|
|
"parent_ref": "process--c1d0b21c-30b9-49f2-b772-b0c68df78108",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--c1d0b21c-30b9-49f2-b772-b0c68df78108",
|
||
|
|
"pid": 2336
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f49ae108-cec3-468c-9515-e52be2f2fb4f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--f49ae108-cec3-468c-9515-e52be2f2fb4f",
|
||
|
|
"process--c8faa126-3558-4a2a-bf51-1d664fb2318f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--f49ae108-cec3-468c-9515-e52be2f2fb4f",
|
||
|
|
"pid": 2504,
|
||
|
|
"parent_ref": "process--c8faa126-3558-4a2a-bf51-1d664fb2318f",
|
||
|
|
"x_misp_name": "winword.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--c8faa126-3558-4a2a-bf51-1d664fb2318f",
|
||
|
|
"pid": 2356
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"process--775972eb-d8fa-4cdd-8897-02cf028de937"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"pid": 2724,
|
||
|
|
"parent_ref": "process--775972eb-d8fa-4cdd-8897-02cf028de937",
|
||
|
|
"x_misp_name": "cmd.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--775972eb-d8fa-4cdd-8897-02cf028de937",
|
||
|
|
"pid": 2336
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"process--fe28b1c2-8207-4769-9afa-dca8428aaac1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"pid": 2744,
|
||
|
|
"parent_ref": "process--fe28b1c2-8207-4769-9afa-dca8428aaac1",
|
||
|
|
"x_misp_name": "reg.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--fe28b1c2-8207-4769-9afa-dca8428aaac1",
|
||
|
|
"pid": 2724
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9f1ca1ce-1035-482d-b529-a8bf66044797",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:16.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:16.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:16Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--9f1ca1ce-1035-482d-b529-a8bf66044797",
|
||
|
|
"process--0cc543b8-3fcb-4584-a0bf-68fbf6cb4018"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--9f1ca1ce-1035-482d-b529-a8bf66044797",
|
||
|
|
"pid": 3008,
|
||
|
|
"parent_ref": "process--0cc543b8-3fcb-4584-a0bf-68fbf6cb4018",
|
||
|
|
"x_misp_name": "certutil.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--0cc543b8-3fcb-4584-a0bf-68fbf6cb4018",
|
||
|
|
"pid": 2336
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"process--db9955be-40b0-47b0-9e49-6345daed7651"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"pid": 3040,
|
||
|
|
"parent_ref": "process--db9955be-40b0-47b0-9e49-6345daed7651",
|
||
|
|
"x_misp_name": "regsvr32.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--db9955be-40b0-47b0-9e49-6345daed7651",
|
||
|
|
"pid": 2336
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"process--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"process--c49ca006-65cd-4790-b102-f08ed67bb796"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"process\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"pid": 1484,
|
||
|
|
"parent_ref": "process--c49ca006-65cd-4790-b102-f08ed67bb796",
|
||
|
|
"x_misp_name": "powershell.exe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "process",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "process--c49ca006-65cd-4790-b102-f08ed67bb796",
|
||
|
|
"pid": 3040
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--248da2ce-03f8-47fb-b4a0-07321377590f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--248da2ce-03f8-47fb-b4a0-07321377590f",
|
||
|
|
"directory--eba94abd-7ec1-4328-8d19-5bb5aca72c11"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--248da2ce-03f8-47fb-b4a0-07321377590f",
|
||
|
|
"name": "Users\\aETAdzjz\\AppData\\Roaming\\N9OO5pxpBYkU.bat",
|
||
|
|
"parent_directory_ref": "directory--eba94abd-7ec1-4328-8d19-5bb5aca72c11",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\N9OO5pxpBYkU.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--eba94abd-7ec1-4328-8d19-5bb5aca72c11",
|
||
|
|
"path": "Users\\aETAdzjz\\AppData\\Roaming\\N9OO5pxpBYkU.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--a2907899-5858-4892-a2a3-3018be097ef4",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--a2907899-5858-4892-a2a3-3018be097ef4"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--a2907899-5858-4892-a2a3-3018be097ef4",
|
||
|
|
"key": "HKCU\\Software\\Microsoft\\Notepad",
|
||
|
|
"values": [
|
||
|
|
{
|
||
|
|
"name": "aETAdzjz",
|
||
|
|
"data": "qE8zByJzpkyD",
|
||
|
|
"data_type": "REG_SZ"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_hive": "INVALID"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
|
||
|
|
"directory--0185ab35-c474-45a8-b8f5-5e8f2dc22504"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\roaming\\n9oo5pxpbyku.bat",
|
||
|
|
"parent_directory_ref": "directory--0185ab35-c474-45a8-b8f5-5e8f2dc22504",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\n9oo5pxpbyku.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--0185ab35-c474-45a8-b8f5-5e8f2dc22504",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\roaming\\n9oo5pxpbyku.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--54a84dcf-3588-458f-a3d9-5ce8629e89e2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--54a84dcf-3588-458f-a3d9-5ce8629e89e2",
|
||
|
|
"directory--6e7f414a-4f32-4de9-b1c6-41b1c14a3aa1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--54a84dcf-3588-458f-a3d9-5ce8629e89e2",
|
||
|
|
"name": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml",
|
||
|
|
"parent_directory_ref": "directory--6e7f414a-4f32-4de9-b1c6-41b1c14a3aa1",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--6e7f414a-4f32-4de9-b1c6-41b1c14a3aa1",
|
||
|
|
"path": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--15e00eb8-9c77-47af-b71e-b15c945791fe",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--15e00eb8-9c77-47af-b71e-b15c945791fe",
|
||
|
|
"directory--aca6749e-5eb0-441e-9d54-9aca74306faf"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--15e00eb8-9c77-47af-b71e-b15c945791fe",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--aca6749e-5eb0-441e-9d54-9aca74306faf",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--aca6749e-5eb0-441e-9d54-9aca74306faf",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5776026d-9220-4878-ae0d-3afdf6bd6194",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:17.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:17.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:17Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--5776026d-9220-4878-ae0d-3afdf6bd6194"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--5776026d-9220-4878-ae0d-3afdf6bd6194",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"network-traffic--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"ipv4-addr--e70d7790-643a-414f-bd05-fb52dadea184"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"network-socket\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "network-traffic",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "network-traffic--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"dst_ref": "ipv4-addr--e70d7790-643a-414f-bd05-fb52dadea184",
|
||
|
|
"dst_port": 443,
|
||
|
|
"protocols": [
|
||
|
|
"tcp"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ipv4-addr",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "ipv4-addr--e70d7790-643a-414f-bd05-fb52dadea184",
|
||
|
|
"value": "51.38.150.171"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--1a2c35db-7775-41b8-88cc-e83025d0125c",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--1a2c35db-7775-41b8-88cc-e83025d0125c",
|
||
|
|
"directory--a547f901-da10-4320-95af-721573374741"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--1a2c35db-7775-41b8-88cc-e83025d0125c",
|
||
|
|
"name": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml",
|
||
|
|
"parent_directory_ref": "directory--a547f901-da10-4320-95af-721573374741",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--a547f901-da10-4320-95af-721573374741",
|
||
|
|
"path": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--3d1557ba-a402-4dbb-b600-c029a70d2f86",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--3d1557ba-a402-4dbb-b600-c029a70d2f86",
|
||
|
|
"directory--af05c737-cd65-4160-8063-2fc38fbceabf"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--3d1557ba-a402-4dbb-b600-c029a70d2f86",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--af05c737-cd65-4160-8063-2fc38fbceabf",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--af05c737-cd65-4160-8063-2fc38fbceabf",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--b90ef13c-4165-4108-adc3-53234995361a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--b90ef13c-4165-4108-adc3-53234995361a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--b90ef13c-4165-4108-adc3-53234995361a",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"network-traffic--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"ipv4-addr--234fab5a-83d2-4cbe-bd6f-548baf670191"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"network-socket\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "network-traffic",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "network-traffic--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"dst_ref": "ipv4-addr--234fab5a-83d2-4cbe-bd6f-548baf670191",
|
||
|
|
"dst_port": 443,
|
||
|
|
"protocols": [
|
||
|
|
"tcp"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ipv4-addr",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "ipv4-addr--234fab5a-83d2-4cbe-bd6f-548baf670191",
|
||
|
|
"value": "185.10.68.189"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--c506a7b6-efe2-4710-969f-5f5b055eaa1a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--c506a7b6-efe2-4710-969f-5f5b055eaa1a",
|
||
|
|
"directory--b63e2178-6d20-4316-afdb-6a18c0bab7de"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--c506a7b6-efe2-4710-969f-5f5b055eaa1a",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\roaming\\temp.txt",
|
||
|
|
"parent_directory_ref": "directory--b63e2178-6d20-4316-afdb-6a18c0bab7de",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\temp.txt"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--b63e2178-6d20-4316-afdb-6a18c0bab7de",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--ed5b3977-3470-446e-a6f0-af41b68e5353",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--ed5b3977-3470-446e-a6f0-af41b68e5353",
|
||
|
|
"directory--16bc776f-0c26-4112-a0e9-7492e9724007"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--ed5b3977-3470-446e-a6f0-af41b68e5353",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\roaming\\7cixmlowr4y2f.bat",
|
||
|
|
"parent_directory_ref": "directory--16bc776f-0c26-4112-a0e9-7492e9724007",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\7cixmlowr4y2f.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--16bc776f-0c26-4112-a0e9-7492e9724007",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\roaming\\7cixmlowr4y2f.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--8db13a1c-440f-41aa-92a6-41dc534e4efd",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:18.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:18.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:18Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--8db13a1c-440f-41aa-92a6-41dc534e4efd",
|
||
|
|
"directory--57f9a523-db11-4180-b26a-bd45307f0e97"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--8db13a1c-440f-41aa-92a6-41dc534e4efd",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--57f9a523-db11-4180-b26a-bd45307f0e97",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--57f9a523-db11-4180-b26a-bd45307f0e97",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9521bc93-04e4-4844-9666-a0659854c7d7",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--9521bc93-04e4-4844-9666-a0659854c7d7",
|
||
|
|
"directory--92fffe01-16b0-45bf-969f-bb9169198d40"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--9521bc93-04e4-4844-9666-a0659854c7d7",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc",
|
||
|
|
"parent_directory_ref": "directory--92fffe01-16b0-45bf-969f-bb9169198d40",
|
||
|
|
"x_misp_fullpath": "%TEMP%\\d1.doc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--92fffe01-16b0-45bf-969f-bb9169198d40",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--81e50c7c-f333-4e67-aedf-775eec9a4fe1",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--81e50c7c-f333-4e67-aedf-775eec9a4fe1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--81e50c7c-f333-4e67-aedf-775eec9a4fe1",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--26856757-3649-4363-b5a9-68030b721470",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--26856757-3649-4363-b5a9-68030b721470",
|
||
|
|
"directory--556e5880-58e5-40cf-95a3-04a38f6d7716"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--26856757-3649-4363-b5a9-68030b721470",
|
||
|
|
"name": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml",
|
||
|
|
"parent_directory_ref": "directory--556e5880-58e5-40cf-95a3-04a38f6d7716",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--556e5880-58e5-40cf-95a3-04a38f6d7716",
|
||
|
|
"path": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--b6f3370e-44ff-4d65-887c-3ade077174a8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--b6f3370e-44ff-4d65-887c-3ade077174a8",
|
||
|
|
"directory--4dfd289f-edd3-448c-ba77-da4d5c93f028"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--b6f3370e-44ff-4d65-887c-3ade077174a8",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--4dfd289f-edd3-448c-ba77-da4d5c93f028",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--4dfd289f-edd3-448c-ba77-da4d5c93f028",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--45dac7ec-362e-49e2-a6ab-8d55e4d08276",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--45dac7ec-362e-49e2-a6ab-8d55e4d08276"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--45dac7ec-362e-49e2-a6ab-8d55e4d08276",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--19c24c8e-9e77-470f-9f9f-a835a3631685",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--19c24c8e-9e77-470f-9f9f-a835a3631685",
|
||
|
|
"directory--928c938a-131a-4010-9af1-5befa7621de1"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--19c24c8e-9e77-470f-9f9f-a835a3631685",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\roaming\\temp.txt",
|
||
|
|
"parent_directory_ref": "directory--928c938a-131a-4010-9af1-5befa7621de1",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\temp.txt"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--928c938a-131a-4010-9af1-5befa7621de1",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\roaming\\temp.txt"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--9135f0d8-5dd2-4677-afc4-51f1488e9517",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--9135f0d8-5dd2-4677-afc4-51f1488e9517",
|
||
|
|
"directory--57b5066f-c692-4e46-a35b-b1f50c4a9f27"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--9135f0d8-5dd2-4677-afc4-51f1488e9517",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\roaming\\zxtlzequ7lyb.bat",
|
||
|
|
"parent_directory_ref": "directory--57b5066f-c692-4e46-a35b-b1f50c4a9f27",
|
||
|
|
"x_misp_fullpath": "%APPDATA%\\zxtlzequ7lyb.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--57b5066f-c692-4e46-a35b-b1f50c4a9f27",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\roaming\\zxtlzequ7lyb.bat"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
|
||
|
|
"directory--760db7a8-5589-44f4-998a-ffe84ee18857"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--e0ccc2c6-f993-477f-8c05-29bc1ae627c6",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--760db7a8-5589-44f4-998a-ffe84ee18857",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--760db7a8-5589-44f4-998a-ffe84ee18857",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--986b61a3-779e-49e4-94d0-f04e5546c9a8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--986b61a3-779e-49e4-94d0-f04e5546c9a8",
|
||
|
|
"directory--ed8523b6-8355-4c5b-9ab4-e02c9685776a"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--986b61a3-779e-49e4-94d0-f04e5546c9a8",
|
||
|
|
"name": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc",
|
||
|
|
"parent_directory_ref": "directory--ed8523b6-8355-4c5b-9ab4-e02c9685776a",
|
||
|
|
"x_misp_fullpath": "%TEMP%\\d1.doc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--ed8523b6-8355-4c5b-9ab4-e02c9685776a",
|
||
|
|
"path": "users\\aetadzjz\\appdata\\local\\temp\\d1.doc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--4d0ffbfc-0be3-4499-a722-4b64db129025",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:19.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:19.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:19Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--4d0ffbfc-0be3-4499-a722-4b64db129025"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--4d0ffbfc-0be3-4499-a722-4b64db129025",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--d9b95f52-efdd-4083-abaa-20bf42be135a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--d9b95f52-efdd-4083-abaa-20bf42be135a",
|
||
|
|
"directory--4faf9bac-d493-44e6-ab93-d8214b23f26f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--d9b95f52-efdd-4083-abaa-20bf42be135a",
|
||
|
|
"name": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml",
|
||
|
|
"parent_directory_ref": "directory--4faf9bac-d493-44e6-ab93-d8214b23f26f",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--4faf9bac-d493-44e6-ab93-d8214b23f26f",
|
||
|
|
"path": "windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--3e0e85ee-ceb1-442e-a652-351e691cfc60",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--3e0e85ee-ceb1-442e-a652-351e691cfc60",
|
||
|
|
"directory--8587bf98-0811-4078-8e1d-1c633b088f05"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--3e0e85ee-ceb1-442e-a652-351e691cfc60",
|
||
|
|
"name": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config",
|
||
|
|
"parent_directory_ref": "directory--8587bf98-0811-4078-8e1d-1c633b088f05",
|
||
|
|
"x_misp_fullpath": "%WINDIR%\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "directory",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "directory--8587bf98-0811-4078-8e1d-1c633b088f05",
|
||
|
|
"path": "windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--2c56936f-2ddc-4102-ba4a-153ec9a0dad2"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--2c56936f-2ddc-4102-ba4a-153ec9a0dad2",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--8e656cc6-482e-4952-869a-6cba4d726f83",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"first_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"last_observed": "2019-02-16T21:18:20Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"windows-registry-key--8e656cc6-482e-4952-869a-6cba4d726f83"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"registry-key\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "windows-registry-key",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "windows-registry-key--8e656cc6-482e-4952-869a-6cba4d726f83",
|
||
|
|
"x_misp_hive": "HKEY_CURRENT_USER"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--6f35cd0b-d6ac-44f0-919b-80a383c946ef",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"passive-dns\"",
|
||
|
|
"misp:meta-category=\"network\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "rrname",
|
||
|
|
"value": "amf-fr.org",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "2d024c94-8f4a-47fe-94fb-fb4431bb1389"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "rdata",
|
||
|
|
"value": "51.38.150.171",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "3237e515-6140-472e-8a40-93f356d7b187"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "rrtype",
|
||
|
|
"value": "A",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "480b18ce-e416-4a1d-8af4-01acd3667f93"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "network",
|
||
|
|
"x_misp_name": "passive-dns"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--5c687e2a-e898-40f8-b69b-4bb402de0b81",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"original-imported-file\"",
|
||
|
|
"misp:meta-category=\"file\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "attachment",
|
||
|
|
"object_relation": "imported-sample",
|
||
|
|
"value": "stix-report.xml",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "5c687e2a-45e8-4d61-9912-425602de0b81",
|
||
|
|
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOkFkZHJlc3NPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIiIHhtbG5zOkN1c3RvbU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0N1c3RvbU9iamVjdC0xIiB4bWxuczpETlNSZWNvcmRPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNETlNSZWNvcmRPYmplY3QtMiIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6TXV0ZXhPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNNdXRleE9iamVjdC0yIiB4bWxuczpOZXR3b3JrU29ja2V0T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjTmV0d29ya1NvY2tldE9iamVjdC0yIiB4bWxuczpQb3J0T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIiB4bWxuczpQcm9jZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUHJvY2Vzc09iamVjdC0yIiB4bWxuczpTb2NrZXRBZGRyZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjU29ja2V0QWRkcmVzc09iamVjdC0xIiB4bWxuczpVUklPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiIgeG1sbnM6Vk1SYXlBbmFseXplcj0iaHR0cDovL3ZtcmF5LmNvbS9hbmFseXplciIgeG1sbnM6V2luUmVnaXN0cnlLZXlPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5SZWdpc3RyeUtleU9iamVjdC0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveENvbW1vbj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnN0aXg9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEiIHhtbG5zOnN0aXhDb21tb249Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9jb21tb24tMSIgeG1sbnM6c3RpeFZvY2Ficz0iaHR0cDovL3N0aXgubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6c2NoZW1hTG9jYXRpb249IiAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMi4xL2N5Ym94X2NvbW1vbi54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb3JlLzIuMS9jeWJveF9jb3JlLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzIuMS9jeWJveF9kZWZhdWx0X3ZvY2FidWxhcmllcy54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9BZGRyZXNzLzIuMS9BZGRyZXNzX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNDdXN0b21PYmplY3QtMSBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0N1c3RvbS8xLjEvQ3VzdG9tX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNETlNSZWNvcmRPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ROU19SZWNvcmQvMi4xL0ROU19SZWNvcmRfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI05ldHdvcmtTb2NrZXRPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL05ldHdvcmtfU29ja2V0LzIuMS9OZXR3b3JrX1NvY2tldF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvUG9ydC8yLjEvUG9ydF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUHJvY2Vzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvUHJvY2Vzcy8yLjEvUHJvY2Vzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjU29ja2V0QWRkcmVzc09iamVjdC0xIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvU29ja2V0X0FkZHJlc3MvMS4xL1NvY2tldF9BZGRyZXNzX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNVUklPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1VSSS8yLjEvVVJJX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5SZWdpc3RyeUtleU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvV2luX1JlZ2lzdHJ5X0tleS8yLjEvV2luX1JlZ2lzdHJ5X0tleV9PYmplY3QueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9pbmRpY2F0b3IvMi4yL2
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "format",
|
||
|
|
"value": "STIX 1.1",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "5c687e2a-1d24-4cb3-b539-4a1402de0b81"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "file",
|
||
|
|
"x_misp_name": "original-imported-file"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--3ab643d5-68d0-4408-a644-cdd4da7df4ee",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-02-16T21:21:59.000Z",
|
||
|
|
"modified": "2019-02-16T21:21:59.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"virustotal-report\"",
|
||
|
|
"misp:meta-category=\"misc\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "datetime",
|
||
|
|
"object_relation": "last-submission",
|
||
|
|
"value": "2019-02-15T11:14:58",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "eb90d5c1-8be2-4876-8aaf-d90365018ed2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "link",
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"value": "https://www.virustotal.com/file/728bbbea8797c5e00a8737ebf6bebfffb3d84f9c86f144963a2940025329c28b/analysis/1550229298/",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "900a1158-f094-4221-b1a3-b8b07240c9f6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"value": "33/59",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "965ad42b-6e53-44b7-82ed-b3642c077ea9"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "misc",
|
||
|
|
"x_misp_name": "virustotal-report"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4f2bd7e0-c39d-4ff6-9730-d71c5da204e3",
|
||
|
|
"created": "2019-02-16T21:21:59.000Z",
|
||
|
|
"modified": "2019-02-16T21:21:59.000Z",
|
||
|
|
"relationship_type": "analysed-with",
|
||
|
|
"source_ref": "indicator--72915d1f-518f-4c2e-a438-8c736e648eae",
|
||
|
|
"target_ref": "x-misp-object--3ab643d5-68d0-4408-a644-cdd4da7df4ee"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--61857b0a-f610-4ec8-baff-6a12d77c0444",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--53816083-e0c1-4259-ae81-2b98a1b8f9d5",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b47f70b1-d75e-4e16-90c3-5e3c6db114d7",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--248da2ce-03f8-47fb-b4a0-07321377590f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d33be0aa-b273-44cd-9692-0155e2f333ad",
|
||
|
|
"created": "2019-02-16T21:18:20.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:20.000Z",
|
||
|
|
"relationship_type": "modified-properties-of",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--a2907899-5858-4892-a2a3-3018be097ef4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b6f7d89c-d08c-40eb-87cb-2abce218e438",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--c9a7758d-0ac7-42cc-a6c2-40791fe6899d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--8c128c96-b9ea-4af4-b9c6-8004e338cbbe",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--fb07c709-9a1f-4e37-b483-75407bbb9230"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--faa0cd3f-4d65-4679-9204-f24c4670ec28",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--2968c724-74e2-4077-ad10-ed897489aadf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--627cc1a6-533a-440e-aee4-a2f19f19f257",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--12dea9cb-410b-4691-8b7b-083f9d47c75a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--7cb69da8-565b-4bb8-8479-d467e0ef4966",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--07e706e6-0d49-4662-8b1b-5599df36dbaf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4d8c0ed0-2162-4c5d-98a5-b851078dc874",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--9fcf4e94-d16b-4540-b69e-75fe834c4a88"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--812f5dd3-4bf7-4252-8203-d17b983e0018",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--5d7889d3-396b-4ab6-a221-dee0d544bc1c"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2332be77-6964-4a76-ab43-e3bfc83e7cdb",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--88b4dff4-51b1-425d-a897-55fabb69f64b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--c8ddb4b4-5e3f-434f-ac80-764790e80cd0",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--47554dfd-1690-4f7d-944d-fa95e510cfbc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--7ec86e9c-c7b0-4ead-b479-9a0e85934576",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--8839c1e5-c3ae-4361-9d77-36ef93dee014"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--e8b39707-6817-43b4-976c-b05cbf615f7a",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--dfc2f46a-8042-49c8-8960-58f12dd86c0b"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4a8dec6b-c2a8-44e6-83a9-b8110c0ce5d8",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--ae28d749-b2ed-4147-91b3-78e2b65d02d8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--58a11719-5878-487e-9d5a-152fe795c008",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--fce43d53-c05e-4dfc-bfcd-e9bfc5b75b09"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d9a3ed70-7d3a-44a7-aefb-bdb923d8f91d",
|
||
|
|
"created": "2019-02-16T21:18:21.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:21.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--795c1bae-831b-4b11-b279-32138c042af0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--8340bf7c-80e5-47ce-92f0-1276c7cbe93b",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--42636628-4a98-4515-84c4-efb048624d16"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--30c22db9-dc24-41f1-bb0e-25b8ce068002",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--e325f097-a49e-4bd4-8362-4281735c0279"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d23e684a-1f2b-489d-aaba-eb460d3efbcf",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--e2e3f385-135e-4d43-a9b0-2c3f543b77ed"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--78cd9e14-15df-483b-aed8-fccae3c7dd63",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--443e35c7-bed9-4736-acb7-8e27ca55d0d7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5c8f09f6-6701-4f50-b327-43d2358b6d2b",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--855e5151-6ffb-47c0-8324-e69fe2310bf1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--012a041c-75f7-4b51-9d8b-f60c36cb63d8",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--08ca55d9-a2dd-4360-b903-07e9d30e3f8a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--35612096-20cf-4b3d-98de-2b2d71ee0052",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--97f32545-5fb2-430b-b895-83b91b1a3b42"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--c1712a81-a6bf-4420-ad18-cbe8949c1bc6",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--4713618f-9e55-4689-b548-3ee03de3f18e",
|
||
|
|
"target_ref": "observed-data--6f7de6d0-a260-4ba5-b58b-58c3679b32ea"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--20151309-1bf0-4c8d-bcbe-d8a8e4c3bcb0",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--1b5250d6-3377-4d0f-b362-281f2ee4c9d5",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b363cd6c-9f60-46c1-9f1c-f402cbd56f2d",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--d9dfafca-d8bb-4c84-adce-89beb1814b15"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2500b8ba-a93d-46a6-b2ee-213bf14cf931",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--7ddf7778-9ad8-4081-829b-3e05570314a9",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--e6ab9877-3b82-45d9-80c2-47a5e2e9a9a3",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "deleted",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--d53a6a39-a6fa-49ae-bb8a-bbdf64e79988"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--bafbf020-6965-4938-87ff-4782c9f578ea",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--ab0bc302-d9cf-49b7-a5d0-c794c3f25362"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--0ad64c9a-6430-4e8a-a696-b663ba4d5c92",
|
||
|
|
"created": "2019-02-16T21:18:22.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:22.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--ff164482-8a8c-4cc0-82a5-52aeb66539dc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4ba463e6-c4c2-4619-ba3d-0f4bdb78c877",
|
||
|
|
"created": "2019-02-16T21:18:23.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:23.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--693e271b-3966-4fb8-9787-de555149c589"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2a9ec09e-2151-428f-be98-adcc5f17a424",
|
||
|
|
"created": "2019-02-16T21:18:23.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:23.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--311d4452-d95d-4391-a29f-ebf1287efd4c"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--35167c97-fb1d-4da1-bd6d-97cb2c313e46",
|
||
|
|
"created": "2019-02-16T21:18:23.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:23.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--9eda88b4-f0c1-4b3d-b88a-1497dbeb3136",
|
||
|
|
"created": "2019-02-16T21:18:23.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:23.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2aff34af-c0f0-4e1d-a42b-e49eaea06c29",
|
||
|
|
"created": "2019-02-16T21:18:23.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:23.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--969624d6-088e-41cb-be2a-f8066de84bb9",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2b4a4a0e-c4f9-45f7-9c83-1e535c74fdd9",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5f235789-1b29-48df-a397-5c1080e78aa7",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--e1adf2b0-0fe3-4d55-810d-d22a5856138e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b5bd559f-d9b7-4584-9dcc-6500a448bbf2",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--54a84dcf-3588-458f-a3d9-5ce8629e89e2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--1de80b1e-94e2-4b47-96df-3499c4d73527",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--15e00eb8-9c77-47af-b71e-b15c945791fe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--cff8115e-dae1-453e-b4cf-319aa7b55acc",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--f5ecdbfc-9c95-48d2-b9e7-c5dff3c080b4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--674cccb1-9262-4b8c-9d35-31363dff4019",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--a22f23cb-3d81-4686-8581-9414b0aba1e1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--e0719810-6ab8-466f-8736-5e11580236ad",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--6fdfde85-4599-44ab-aafc-956860f6e6c4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--876770d2-09c1-4653-8807-27966ca79ca4",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--7dc2a39a-4944-49c1-891d-03c4a89752d2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ecba2215-b02c-4475-89fb-bca8e9d208df",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--f8c2aa57-b94e-42de-aeec-0ac698fd0abe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ef23d865-fccc-4be8-a600-a9a425751b0e",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--5c607639-ce58-4a7d-a96a-b31d0c1de7fa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--61aef0d9-6d8f-4a99-a822-9e93a1d4da1f",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--f33b60a8-86aa-4318-a304-95c782b1939c"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5bafe638-20ee-4f25-b6a1-59a1f558b571",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--cb9ad57a-983c-43eb-910b-1dc22121c017"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b5055614-3531-4716-9f2d-4f718b87055e",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--73dd16a6-8e9b-4889-839e-2f6718a50041"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--1db037a4-f190-412d-a038-bbc7e5731732",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--61af2af0-272f-413d-b70a-07611f8539c3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5913c9f3-6501-427a-addf-cab97ed76adb",
|
||
|
|
"created": "2019-02-16T21:18:24.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:24.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--5776026d-9220-4878-ae0d-3afdf6bd6194"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4d0e6978-67f0-43d3-9f63-ae1c939dcfcd",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--0f3708a6-7579-426a-9cbb-cff51cdbd0d7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--e530cce1-9781-4f6a-918e-54f7d15eaa13",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--26d235e0-d8d7-4256-b82f-f9b190519b6d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6b92f350-a66d-4208-80c7-20601c6fe085",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b26efdf8-7438-4d82-a8e0-74184339b310",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--f10d6026-37f9-4894-8eb3-153f270ee3db"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4128169c-d8bd-4a3a-a684-45d1461424fc",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--c0437d42-5bc3-4938-a16d-90a243afd4d3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--19f6bdff-c5d1-43c0-846d-1105d4d1f5f0",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--ee561233-deaa-4a0f-8583-83ed4fc026f1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f0c179de-f64b-4044-aa41-db861c26fe6c",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--025dc9c2-2e5a-44ce-a136-c9c75a4d1a87"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f4c0f689-cdd0-4d31-a158-569bd9f37ff3",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--3c9637f6-32d8-45a7-b671-4eff38c122e7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--db82b1b5-a5ab-41db-a099-6d7026c2648f",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--f32b6230-41b9-4926-8e41-f651f5611b32"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a208a328-4f10-4532-bd99-c0790fd3c8b9",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--ff576e31-f7fd-4c36-9424-0b47e46cffaa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--eca153b3-4fc4-4f36-b507-a4e0da7bc193",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--d0ebef78-8280-4ae0-bc5c-26b59d85615e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d0f31577-ab35-4ff3-9a71-15e01e045759",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "read-from",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--8f016b30-31ec-49e4-ad5a-4d0ce5c37109"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ffb92d1b-5ac7-4baf-a727-3dfb98c3ffda",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "connected-to",
|
||
|
|
"source_ref": "observed-data--c9b962ff-144f-4eff-8505-627768660ed0",
|
||
|
|
"target_ref": "observed-data--eb012044-6124-4b96-8c56-690824570580"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--08bbb985-22fa-4da3-8440-5748f0344f15",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"target_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2edf10fd-0727-49b1-aff4-d7053af3b2e1",
|
||
|
|
"created": "2019-02-16T21:18:25.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:25.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"target_ref": "observed-data--07e706e6-0d49-4662-8b1b-5599df36dbaf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--aa1a83d5-6bc7-41e9-9ada-ad4301390579",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"target_ref": "observed-data--9fcf4e94-d16b-4540-b69e-75fe834c4a88"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--0c2458fb-9494-4a70-b46c-1437120fca1b",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--34614f0f-6f30-45fd-b710-ed9547534527",
|
||
|
|
"target_ref": "observed-data--6f7de6d0-a260-4ba5-b58b-58c3679b32ea"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--971938f6-b99c-40aa-8b75-282e7f24fa20",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"target_ref": "observed-data--9f59c034-f16b-4f0b-a1d7-89b547c92195"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--3e90d646-2038-4300-8fcb-f2d81df5369b",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"target_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--14590a2d-d260-4a04-aebe-e630670161db",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--48b14437-597e-4cc6-8e5b-aa348fb82bec",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--96b4f5a7-3210-453f-8ccb-6fa211ae442d",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--1a13e7cd-acca-4ed9-b641-b545c715af60",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--15cc27c9-6ec9-47a4-ba8e-cc8f56345490",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"target_ref": "observed-data--259b1821-d418-4510-aa04-b59e92dd3820"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b712592f-dedf-4ca8-872e-c4f3dbf4be0b",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--9f59c034-f16b-4f0b-a1d7-89b547c92195",
|
||
|
|
"target_ref": "observed-data--87f3ae04-29bd-479b-ba51-96c97f705aab"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f5bf83d2-cbfb-483c-b9bb-96b7e2f6d455",
|
||
|
|
"created": "2019-02-16T21:18:26.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:26.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--21ac1b67-5e94-406d-a197-2c47d8a7edaa",
|
||
|
|
"created": "2019-02-16T21:18:27.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:27.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--23e7606b-8811-45df-b726-dabedcfcdd32"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--fcde2e10-80e6-46fb-b66a-95def6bf2f8b",
|
||
|
|
"created": "2019-02-16T21:18:27.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:27.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--1f697f8c-84b1-4339-9906-1142cf955bef"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--583d7c46-789f-43e3-8842-e7fcc1765d5e",
|
||
|
|
"created": "2019-02-16T21:18:27.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:27.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--168f3368-d33d-4495-94ef-04f4bb0ce093",
|
||
|
|
"created": "2019-02-16T21:18:27.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:27.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--97492285-8474-4867-ae94-ec61a5fee43d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d829bf09-be70-4de6-bbbb-28a25aa2f242",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--7d0bf6db-603d-4e65-ab6c-5bb5011d4c0e",
|
||
|
|
"target_ref": "observed-data--90ec3953-0b63-4d04-9648-a9caa664dfbd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b5788859-246a-470e-b53d-8b311f176713",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--1a2c35db-7775-41b8-88cc-e83025d0125c"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--0663c11b-74c6-491b-a979-6e76c77c356f",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--3d1557ba-a402-4dbb-b600-c029a70d2f86"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a7616455-c5e0-476a-9950-bc440537bd3e",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--f67a93e6-2d47-4b5c-b9b0-a3c4c0d28952"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ae1d558b-f7a3-48e2-a415-42054a740942",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--13463837-8319-4893-96d4-d32a4bf2c6fa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--0f5103aa-f024-4339-8cc9-d911d8237620",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--a333fb2c-9866-4a78-9e52-b97ab50ec549"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--411228e6-d02c-42f9-ab1b-768d3448c518",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--df73e3cc-c5a4-4e81-9222-80f55e6cd9e3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ee18dd5e-44e1-43e8-b593-524cc918bb8a",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--4cf5eb52-9c30-4637-ac1f-9d66855e7edc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5c3fdb55-66f7-4f3b-bfc1-4f726593af35",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--03ef6074-aaea-4605-a47c-44402d680d6e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--85dd2c56-ba44-478b-a9d0-77dcbf0d9dcf",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--02a75dd8-d84e-4901-9b20-df78e6681dba"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--cb624c50-5b6d-40ec-9c7c-971cc53fdf93",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--b90ef13c-4165-4108-adc3-53234995361a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--14f27f10-3542-4e85-bf04-88436b0a6ab8",
|
||
|
|
"created": "2019-02-16T21:18:28.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:28.000Z",
|
||
|
|
"relationship_type": "connected-to",
|
||
|
|
"source_ref": "observed-data--2d414b6f-8d6b-41be-b6fa-012a859aacc8",
|
||
|
|
"target_ref": "observed-data--6237df85-dc61-44f2-8119-fb59591a9b22"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--239ace47-1c10-45b8-ab0b-227f05b97a8b",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a95a55a9-0c58-42a7-888e-ee3d9d087b02",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--13fa15f9-fd02-4cd7-ab9e-f9b520b2e859",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--7130a770-0975-49c8-86ff-a9a719a229cf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--09175ca8-9938-4635-aa28-352bab732bcf",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6000435b-ec1c-4e16-99f5-cd87b6f9b6a2",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ccdf8a07-efe9-4fd2-afca-6811ad7da409",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--9ddddbda-0ad0-4be9-a9d5-291f44061ef0",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "deleted",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--c506a7b6-efe2-4710-969f-5f5b055eaa1a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--865425b4-103f-4137-b489-396562c50fe1",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "deleted",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--ed5b3977-3470-446e-a6f0-af41b68e5353"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2ef0a975-0e04-4c37-baf4-da767edc9d68",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ae6682bc-8f31-4886-9975-a8b713a406c9",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ecd6bf68-fb89-4dba-bad5-41ade81e6eb4",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--880c63dd-1a2e-4fcc-9ad1-526e4aaeb635",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--fdf2a307-6686-4421-83ed-5f1fe6e73798",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a91edb52-9136-406c-acc7-d14d2e4cdbb9",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--25a5e2b3-f5eb-4078-ac0a-f5b50141a3ec",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--8db13a1c-440f-41aa-92a6-41dc534e4efd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--994d8310-c70b-45c5-82de-292459eea0d4",
|
||
|
|
"created": "2019-02-16T21:18:29.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:29.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--9521bc93-04e4-4844-9666-a0659854c7d7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--530cca80-cd5a-4bfd-a39c-0a8a71eccac3",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--81e50c7c-f333-4e67-aedf-775eec9a4fe1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5e746ebe-8c3d-4c07-866f-fe0aed5c8c1b",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--0f3708a6-7579-426a-9cbb-cff51cdbd0d7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d295dffd-27b7-4d93-826c-2f65439d3491",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83",
|
||
|
|
"target_ref": "observed-data--bcb91a4b-aa4c-40ac-aff6-5b32acd085b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--df612eac-54e6-43c9-be74-2976479e04e8",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"target_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--77fec2ad-b668-4249-aa28-8b33c1fe8ded",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"target_ref": "observed-data--07e706e6-0d49-4662-8b1b-5599df36dbaf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--13cd6817-eab7-4f16-b14c-7613a8115705",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"target_ref": "observed-data--9fcf4e94-d16b-4540-b69e-75fe834c4a88"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--97e6157c-5551-42c2-be4a-84f0bae907b7",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--fa72dedc-50fd-4bf9-94c1-73b7d256b231",
|
||
|
|
"target_ref": "observed-data--6f7de6d0-a260-4ba5-b58b-58c3679b32ea"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f61e318c-0227-484b-8c1a-2b84bd65325b",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"target_ref": "observed-data--c6289ecd-0fc8-4a2f-ae06-e4929e597e04"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--1e851927-e866-440b-8aeb-cec3c1cb3a4a",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--519dfec9-e830-4879-85d5-a22d289ceb4b",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--eff5f807-66ab-48d5-8dd2-6c55ecd97835",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--b6e96fa4-11c7-4d21-9f4d-3322335c6f38",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--eba33572-ff77-4bd1-b6d5-26c97f0cc095",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"target_ref": "observed-data--259b1821-d418-4510-aa04-b59e92dd3820"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--64b7d4ab-ce91-452c-bd8d-c4b2120adb17",
|
||
|
|
"created": "2019-02-16T21:18:30.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:30.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--c6289ecd-0fc8-4a2f-ae06-e4929e597e04",
|
||
|
|
"target_ref": "observed-data--87f3ae04-29bd-479b-ba51-96c97f705aab"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a9056b68-d54a-4558-a3fb-5d6f719f44e0",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--bc11553a-5c1b-46cb-8f4d-2a8a863941a4",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--23e7606b-8811-45df-b726-dabedcfcdd32"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f3c05aa4-fa73-4bec-aa3b-8fbaed5a5ca9",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--1f697f8c-84b1-4339-9906-1142cf955bef"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--aa49f781-c75a-46fe-bac7-18e5bbc182ad",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6d0006a2-1ce9-438e-b908-75baf43c1bb7",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--97492285-8474-4867-ae94-ec61a5fee43d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f37db6ca-3a3d-4696-ac6f-f72d53ba8a8c",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--19cb0bdf-b056-4504-9bf5-0a59272da052",
|
||
|
|
"target_ref": "observed-data--90ec3953-0b63-4d04-9648-a9caa664dfbd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--489c2859-2a1a-4ec9-a242-f99cf77386b9",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"target_ref": "observed-data--26856757-3649-4363-b5a9-68030b721470"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--cdeb1118-2fea-47db-b8be-e818a29a301d",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"target_ref": "observed-data--b6f3370e-44ff-4d65-887c-3ade077174a8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--bc248ddc-5cd5-4073-aa6a-b910b0e8b404",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"target_ref": "observed-data--5776026d-9220-4878-ae0d-3afdf6bd6194"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--8db797bf-68d9-432d-911a-2727d2b922ad",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"target_ref": "observed-data--45dac7ec-362e-49e2-a6ab-8d55e4d08276"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ec26bc49-b0a3-459a-b9aa-cd48a02daf83",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "connected-to",
|
||
|
|
"source_ref": "observed-data--a003da6d-9fc0-4d1e-9278-e71e45b000a0",
|
||
|
|
"target_ref": "observed-data--6237df85-dc61-44f2-8119-fb59591a9b22"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--71b8611c-4765-4b39-9308-0600b58cbb91",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--8c814b7f-45bd-48c5-b3b9-de0d0d8fdb14",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f2dddc49-06a9-44c1-baf2-eb55174127bb",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--9f1ca1ce-1035-482d-b529-a8bf66044797"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--de22266b-08da-4b67-93ec-6233cfce07fd",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--d664fc4c-7e0a-4e92-afb0-675a0fa3851d",
|
||
|
|
"created": "2019-02-16T21:18:31.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:31.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--a7157e4e-92f0-46f4-9527-0740de387c48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--54b3df3d-0896-46a6-adf5-7a2155addf41",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--32a07e85-e0ab-4e76-b716-a7c9db1764f7",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "deleted",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--19c24c8e-9e77-470f-9f9f-a835a3631685"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--5dd0961e-1491-4708-8cdc-95e6f67c1cba",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "deleted",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--9135f0d8-5dd2-4677-afc4-51f1488e9517"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--697b44d2-a772-438e-965d-dba8847bf0e9",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--449ee13f-d620-4e59-a14b-332080324956",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--fb0f6cee-e408-49ef-b3bc-fbef93d8c31e",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--52974b70-ac9e-403f-acf4-7241c91dc77a",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--330d92b2-ed0d-4755-9010-17e23485ced4",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--f49ae108-cec3-468c-9515-e52be2f2fb4f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--2d5c938c-cf58-4546-a901-16be252d4542",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--a843f0a9-0bdc-45e9-9026-552fc2a6db83"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--260bf290-79af-42be-a92a-31bcb35832b9",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--e0ccc2c6-f993-477f-8c05-29bc1ae627c6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ec34e296-c113-426a-bd25-64df5fdc95a2",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--986b61a3-779e-49e4-94d0-f04e5546c9a8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--7ee1af63-2336-415d-ba51-2064e9c496b6",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--a22f23cb-3d81-4686-8581-9414b0aba1e1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--93d06bcf-84e3-4462-9648-032aa9d8a51f",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--6fdfde85-4599-44ab-aafc-956860f6e6c4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--ef84bc91-ce88-4ad0-b116-d884aa5439da",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--cb25832a-5c41-4d71-b9e1-3ab4dc65b0e0",
|
||
|
|
"target_ref": "observed-data--4d0ffbfc-0be3-4499-a722-4b64db129025"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--9d60aea0-d625-4b1d-95d4-bddaa8f2653e",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"target_ref": "observed-data--dab2040d-cfe8-4757-a6e9-dcca4230b6c2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6fc4b137-940f-47f5-b3e7-3251dde778c4",
|
||
|
|
"created": "2019-02-16T21:18:32.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:32.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"target_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--7c780b13-bea1-4cc5-8f4a-03ab77594bf6",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"target_ref": "observed-data--f5229ae9-caf0-4157-abf7-21c5e6c642b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--c15ada28-f243-49a9-b5c9-b90b49a3d924",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"target_ref": "observed-data--d93d30ca-8cd9-4258-9355-7c77e0de39af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--fa88b822-d693-4cc4-a49f-ebe3b3e9683d",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--9b6515dd-130e-4c99-97ac-b252ba8321fa",
|
||
|
|
"target_ref": "observed-data--ce3191d5-eecd-421e-9ac0-2a2f8c16a723"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6dafe1af-39cd-4caf-ad37-a8f5c450dd2b",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"target_ref": "observed-data--259b1821-d418-4510-aa04-b59e92dd3820"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--337543a8-aba3-4b06-8a0b-1948e78eeb01",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--dab2040d-cfe8-4757-a6e9-dcca4230b6c2",
|
||
|
|
"target_ref": "observed-data--87f3ae04-29bd-479b-ba51-96c97f705aab"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--212a4ed5-d241-45ed-a619-22466c845a3e",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "child-of",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--51c9a992-f3e6-4a37-9e6f-d9b56a23f934",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--23e7606b-8811-45df-b726-dabedcfcdd32"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--87d0bcf0-acf1-419a-a8c3-3ce404833ad5",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--1f697f8c-84b1-4339-9906-1142cf955bef"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f36fa257-203a-43c9-8a15-33f191f855b3",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--b8d47eff-96ba-436c-aa6b-bbd5ffb71ba5"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--3c23579d-a160-4451-b833-f8dc9ba8e766",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--97492285-8474-4867-ae94-ec61a5fee43d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--b7101d46-a561-43e3-8f57-2a06c1b2c9da",
|
||
|
|
"created": "2019-02-16T21:18:33.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:33.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--bb2b8e79-ecb6-4b02-9bde-ada74269494f",
|
||
|
|
"target_ref": "observed-data--90ec3953-0b63-4d04-9648-a9caa664dfbd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--9b984f33-b009-4928-8e69-3c39bca8f813",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--d9b95f52-efdd-4083-abaa-20bf42be135a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--71fa47f4-2523-4b66-97e9-077a9dda4ae5",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "created",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--3e0e85ee-ceb1-442e-a652-351e691cfc60"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--1e18da52-1542-402d-9b76-0c52c8a2e6ac",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--a22f23cb-3d81-4686-8581-9414b0aba1e1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--cc3de217-a7f5-4341-8239-456d7ecb8569",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--6fdfde85-4599-44ab-aafc-956860f6e6c4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--78be5738-7cfe-46b1-a393-789529fe3662",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--7dc2a39a-4944-49c1-891d-03c4a89752d2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--feeed723-0e0d-4065-991f-b39bca2a955d",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--f8c2aa57-b94e-42de-aeec-0ac698fd0abe"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--da462e66-6402-414d-adba-f9d82884c4cf",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--2c56936f-2ddc-4102-ba4a-153ec9a0dad2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--6464f3ef-a220-47a0-bf60-517f4861e36a",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "opened",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--8e656cc6-482e-4952-869a-6cba4d726f83"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--fa5d58f4-83d3-4b1d-a01f-4adcfe5b972d",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "connected-to",
|
||
|
|
"source_ref": "observed-data--e670465d-b55a-4ef3-8c43-a7d6a8f6f511",
|
||
|
|
"target_ref": "observed-data--6237df85-dc61-44f2-8119-fb59591a9b22"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a4a1714f-459c-41cf-93a0-1b74470a8f35",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "contains",
|
||
|
|
"source_ref": "observed-data--eb012044-6124-4b96-8c56-690824570580",
|
||
|
|
"target_ref": "observed-data--5f8ceee8-e144-42b8-bac5-35d7719be983"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4c380baa-5672-43ec-8e10-b5f711d10e27",
|
||
|
|
"created": "2019-02-16T21:18:34.000Z",
|
||
|
|
"modified": "2019-02-16T21:18:34.000Z",
|
||
|
|
"relationship_type": "contains",
|
||
|
|
"source_ref": "observed-data--6237df85-dc61-44f2-8119-fb59591a9b22",
|
||
|
|
"target_ref": "observed-data--09d3b623-b0fd-4d24-82d3-54f083bb737a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:WHITE",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "white"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|