adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/83e15192-96d8-476c-aa39-0317de8dba80.json

631 lines
260 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--83e15192-96d8-476c-aa39-0317de8dba80",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T15:34:13.000Z",
"modified": "2022-10-17T15:34:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--83e15192-96d8-476c-aa39-0317de8dba80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T15:34:13.000Z",
"modified": "2022-10-17T15:34:13.000Z",
"name": "OSINT - Uber Breach & Attack Analysis",
"published": "2022-10-24T09:18:59Z",
"object_refs": [
"x-misp-object--232b4f89-e21f-4ba5-8687-925ebaec6e55",
"x-misp-object--a62672ed-3102-40e4-a4b0-cf19df8f9f31",
"x-misp-object--cadef9eb-7d4c-4a02-acde-c8b6d64650a9",
"x-misp-object--49d141f4-81bc-4ad9-ac04-56a2b9ceb87e",
"x-misp-object--1229857e-9b1a-4ea6-bcb3-ad1b9e001b06",
"x-misp-object--3c0befee-55b2-457f-925e-74d1052ea063",
"x-misp-object--22b4546b-2acd-4acc-973c-bca7108df7a7",
"x-misp-object--7e67259a-48ee-47b1-8b54-2807993972d7",
"x-misp-object--8e394054-7c6b-452a-9fc3-039220bae131",
"x-misp-object--75c311e2-6f7a-4812-a743-3feaa8b17864",
"x-misp-object--d5aa02f2-31c1-440a-bcd0-dca726039dee",
"relationship--550d1481-77ce-4777-9f5d-87d406adeb0f",
"relationship--ffaf6700-3ff7-465f-b8f5-4e66796d8941",
"relationship--0c884530-7f3b-4342-93b6-bc3cb51cfef1",
"relationship--d246ca58-8dd2-4335-905b-ee4d2ddb9b5b",
"relationship--0769bd77-3647-49b5-a24b-14ea4c0351af",
"relationship--a60101b2-fcc2-491e-9997-47e2bc5e508f",
"relationship--c41cd89e-4a76-4c9d-b245-e728063f4d48",
"relationship--18d39216-cf62-4cb5-8f01-3aa958f98f63",
"relationship--d04c474b-9f20-477a-a5a1-dbc1ac8131c7",
"relationship--b50f81e9-f2bf-4b2f-954b-6040813bf566",
"relationship--3aad2b48-414b-4bbd-adcf-9dfdce17a601"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials - T1589.001\"",
"misp-galaxy:mitre-attack-pattern=\"Multi-Factor Authentication Request Generation - T1621\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1566.003\"",
"misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"",
"misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"",
"misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"",
"misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"",
"misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"",
"misp-galaxy:mitre-attack-pattern=\"Domain Account - T1136.002\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"",
"circl:incident-classification=\"system-compromise\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--232b4f89-e21f-4ba5-8687-925ebaec6e55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:30:35.000Z",
"modified": "2022-09-28T13:30:35.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials - T1589.001\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "Acquisition of credentials, possibly in dark forums.",
"category": "Other",
"uuid": "3f9b14cb-dffd-4240-a793-78f03924d601"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "98131125-296f-4140-ac20-0e73e2ed537f"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "15a01732-765f-4273-b7da-f4fb24196a72"
}
],
"x_misp_comment": "Acquisition of credentials, possibly in dark forums.",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a62672ed-3102-40e4-a4b0-cf19df8f9f31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:40:59.000Z",
"modified": "2022-09-28T13:40:59.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Multi-Factor Authentication Request Generation - T1621\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1566.003\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "2FA/MFA Spamming",
"category": "Other",
"uuid": "5fa14e85-4323-44a3-a709-1da4071cc1ff"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "012442d3-ae33-4ca5-8d6f-36229a3d52a4"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "3cf255cf-e173-4b37-ac86-74e424012a86"
}
],
"x_misp_comment": "2FA/MFA Spamming",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cadef9eb-7d4c-4a02-acde-c8b6d64650a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:41:16.000Z",
"modified": "2022-09-28T13:41:16.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"",
"misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "VPN Access",
"category": "Other",
"uuid": "ee25fe1a-f768-4159-9929-77f6abd116f3"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "2768d169-eb78-4168-a4eb-fee043dd7729"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "00389dcd-cb29-4043-ad8e-7817029a69f4"
}
],
"x_misp_comment": "VPN Access",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--49d141f4-81bc-4ad9-ac04-56a2b9ceb87e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:22:28.000Z",
"modified": "2022-09-28T13:22:28.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "Adversary scans Uber infrastructure",
"category": "Other",
"uuid": "4b38bded-0f2f-4c9f-a9d8-f65f6fc7acaa"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "b0eb7844-4902-4081-adf6-c490bffa2544"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "d211a22e-acba-4917-8651-c01906b3d197"
}
],
"x_misp_comment": "Scanning Uber Infrastructure",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1229857e-9b1a-4ea6-bcb3-ad1b9e001b06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:41:30.000Z",
"modified": "2022-09-28T13:41:30.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "PowerShell scripts in Network share (credential leak)",
"category": "Other",
"uuid": "d86bb6c9-8f68-4c87-8834-9afb045911ae"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "15a25aba-d603-4599-9dfb-0796c95dcdf0"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "d450ae87-a711-42d5-b640-45af2680c42b"
}
],
"x_misp_comment": "PowerShell scripts in Network share (credential leak)",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3c0befee-55b2-457f-925e-74d1052ea063",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-17T15:34:13.000Z",
"modified": "2022-10-17T15:34:13.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://whimsical.com/uber-breach-and-attack-analysis-7JNtVoq4Tu73kBXzoisuiQ",
"category": "External analysis",
"uuid": "415a1219-4e22-4713-bcc8-3a83de329727"
},
{
"type": "link",
"object_relation": "link",
"value": "https://twitter.com/MichalKoczwara/status/1571432800787759104",
"category": "External analysis",
"comment": "Original source",
"uuid": "cb58bdfb-5582-4412-8183-77f7a7256cc4"
},
{
"type": "text",
"object_relation": "type",
"value": "tweet",
"category": "Other",
"uuid": "e427e70a-9b5c-416d-b4a7-97026de598aa"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "uber-breach.png",
"category": "External analysis",
"uuid": "dcac4fca-f0b9-46c6-b257-0756af43522c",
"data": "iVBORw0KGgoAAAANSUhEUgAAB38AAANKCAYAAACK2YQTAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7N11eNXl/8fx5znrDRgjN0ZtNIxukJIQUEZ3Ix3SgkhIS6eAhJSUpHRKCogoSJd0syDXO+f3x7bDDtvYQPz6E1+P69q187k/7zs+Mfxe3/e579tw94Gf2Wg0gsGAiIiIiIiIiIiIiIiIiIj8i5jNmEwmTGYTtkYbG4xGI4bo5K9BSWARERERERERERERERERkf/XzGbzy98GA0SCrdFotCR/lfgVEREREREREREREREREfl3MJvNliQwZjO2MUlfo9H4z45MRERERERERERERERERESSzGAwYDKZoib5GgzYxhTG/i0iIiIiIiIiIiIiIiIiIv+/mc1mqxyvpvuKiIiIiIiIiIiIiIiIiLwHjJrtKyIiIiIiIiIiIiIiIiLy7xWT89XMXxERERERERERERERERGR94CSvyIiIiIiIiIiIiIiIiIi7wElf0VERERERERERERERERE3gNK/oqIiIiIiIiIiIiIiIiIvAeU/BUREREREREREREREREReQ8o+SsiIiIiIiIiIiIiIiIi8h5Q8ldERERERERERERERERE5D2g5K+IiIiIiIiIiIiIiIiIyHvA9p8egMj/B2Wr1cFkMjHsiz5Ur1zR6tzUWfNZtW4jhQv6MGvSGE6ePkeX3gMxGAwc3L6eXgOHcvzEqQTb/vqrL3B1daVL74FW5SlSJCdf7px0ad+KHN5eAPToPzjBtqaNG06JooUT7Gf2giUsWbEGRwcHNv2wmGQuzpaxJiSHtxd9enRKNGbJ3GkAHDn2G7PmLebOvfvkzB5VN2c27zh1duzZz/I1G7h58zYuLi6UKVmUzp+2JFXKlMDL+/3NpNEUKZgfgDnfLWXx8tWkSJGcxXOm4Z4ujVWbC79fxdxFy8iUMQMrv5uF0fjyuyv+AQHUb9mR0NAwqzb/bt8uXMqiZaupVaMqg/r2+J/0KSIiIiIiIiIiIiIikhDN/BUBTCYTAKvWbrQqDwoKZvP23VExkZFWsWazOfrY/PrGzS/rANjZ2WFnZ8fTp884cuw3uvYZxCM/fwAio+OMRiP29nZWP0ajzWu72bn3AAAhoaEcPHIsqutY/cY7NLM5STEADx494ovhY7l55w6FCuTj1NkLDBw62nI+xsatO/lq7CQuXf6TkNBQ/AMC2LRtF517DSQkNBR4eT8iI6N+7zt4mMXLV2NrY8PYYQPjJH5j35tbt+9y9Nffrc79uGUnoaFhVm3+L7i6upIlc0bSpHL7n/UpIiIiIiIiIiIiIiKSEM38FYnlwqUrnDl/EZ88uYCoGawvgoJeW2fa+BGYohOOLTr04Nadu/Ts3I56vh8DYGdny4lTZy3xP23+AVsbGy79eZVufQbx/PkLtuz4iTbNG1piWjWtT6e2LZM87rMXLnL//kPL8d79h6hRpSKFC/qwf+taAHbvO8jI8VNJkSI5G1csxGAwYDAasLO1TTQG4NKVa4SGhlG2VHEmjhpC8/Y9uHr9BgGPH5PaLSr5GRlpYu7CZQBU+KA0vbp24MbNWwwa8TUhIaFcv3GL3DmzW439xs3bjJwQNbO4f88uSZq1u3rDZsqULGbp88ctO5J8r96lJvV8aVLP9x/pW0RERERERERERERE5FVK/oq8Yu2GLZbk77qNWxONt7WxAZuoWblGm6jJ9LZ2UbN142MgKpmaM5s3+fPl4cix37h99+5fGvPufYcAKFOiGIePHefo8RM8fxFEMhdnyzhifhsMBhwc7K3qJyUmRzZvjEYjv504xZzvlnL1+g08M7hbEr8A12/ewj8wEIBuHVrjni4N7unSsGDGJDw93bGztf4nJygoiIHDvyUoKJjG9X3xrVktSdd79NffuXX7LpkyZuDg4aM8jJ45HdtvJ0+x8PsfuHr9JsHBwaRPn5b6vjVpWOcT4OWSzWVLFScsLJzzFy+RM3s2urRvhU+eXISHh1OhZgPMZjNtmjdkx+59mExmPqzwAT06tcVgMMRZ9jnmuEzJYoSHR3D2wkUyZ/Tkiz7dyZk9anns3/84w7xF33Pl6nXy5cnFo0f+XL1xky/6dE/y9YuIiIiIiIiIiIiIiMRHyz6LxOLk6Mie/YcIePyYk6fPceXadZydHN9pHyZz1CzhcxcucerMeQDc06e1ilm0bDWlq/hafr5duDTB9sxmM3v3/wxA4/q1yOaVhfDwcA4dPfZOx+2eLg2N6/kSEhrK4uWrcXRwiLPPbUDgY8vn9GlfXlPWLBnjJH4Bps35jus3bgPgnSVzksbh5Bj1PNZGJ+Zjfr/6nB76BXD63Hk83NOROXNGbty8zeSZcy2zsGOWh/756K9cuHyF8IgIfv/jNENGTyAoKBiz+eWS14uWrSYsLIIHj/xYsWaDpc+YNiJfWcb68C/H8fcPwICBC5eu8NWYSQA8e/acoaMncvL0OUwmE3+cPsfVGzet6oqIiIiIiIiIiIiIiLwtJX9FYqlZ9UPCIyL4cctOy6zfGlUrv9M+ylevR+kqvnzavR8vgoJImyY1H39U1SrGxsaIs5Oj5cfWJv5ZxACnzl7gwSM/nJ2dKFzAh3JlSgBYEsLvSnBICJf/vGo5rlSuNEUK5ickNPRlEjR6X2R4OQv6de7df2D5vPD7lYSHhyda58MKZXFwsGfLjt1cuHSF4ydOkTNHNryyZLGKq165AptWLmLBzIksnj2F8mVLAXDp8hWruIyeHmxauYiVC+dgb2/H/fsP+ePMOauYQX26s3n1YupHL+W9fde+144xh7cXyxbMZPKYYQBcu3mLp0+f8dvJU/gHBODs5MjqpXNZ8/1cSzJbRERERERERERERETkr1LyVySWur41MBgMrFm/mX0HD+Phnp4yJYu+0z5cnF8uxZw8eTLmz5yAxyszf1s2qc+eTT9Yfj5t1STB9vbsOwhAqWJFsLOz44PSUcnfI7/+nuh+xW9i6qz5HD9xitIlipLazY1tu/exe99BPh8yms+HjiI8IgKbWAlfUxJmshoMBgb374mtjQ33H/qxcduuROu4pkhO1Urlef4iiIHDxgDQqM4nGAxmq7jrN28zZPREqtZuQukqvhz4+SgAYeERVnF5c+XAwcEe93RpyOSZAbCewQxQqIAPAMUK548+H/DaMebI7gVAdu+slrIXwcH4B0QtiZ05U0ZSpUxJajc3MmXyTPSaRUREREREREREREREkkLJX5FYPNzT80Gp4gQ8fkx4RAT1fWtiNL7bP5Pt65cxc8JoIGoZ4IcP/eLExOwLnBiTycRPBw4D8NOBnyldxZf23fsDRC39fOTXdzLmiMhIdu87SIoUyfn6q0EM/7IvRqORIaMm8OvvJ7G1tcXWxgY3t5SWOg8fvbyuW7fvEhFrVnCM5o3q8vFHlalR7UMAFi9fTWhoWKLjaVg7agbug0d+pEiRnCoVy8WJ+XL41xz77QSFC/jwWed2FPDJE29bZnN8ZeY3Oo7DYLD+bSmOepdiL/Fsioh7X0RERERERERERERERN6Gkr8ir2hQJyqx6OBgT63qVd55+wYM5M+Xm0L58wLw3fer4sSYSSS5GO3k6bP4BwRgMBhIlszF8hMzs/in/YfeyZgfP35CUFAwkRGRhIWHU8AnL3lzZQfAztaWgb26YjAY8MqcmVQpoxLAsxYswc8/gN9OnqJt1z40bNmBS5f/tGq3RNHCQNRMZ6PRyCM/f9Zv2Z7oeHLmyEb+fLkB8K1RFQcHe6vzz18Ece3mLQwGA18N6kfTBnVI6eoab1tnzl8kNDSMh35+3L57D4BUqVJaxfx28jQAv/9xJvp8qkTHGJ/06dIAcP3GTc5duMSZ8xe5fvPWW7UlIiIiIiIiIiIiIiLyKtt/egAi/98UL1KI7h3bkj5dGlKkSP639dO8UT1Onj7HkWO/ce7CJfLmzmk5t3TlWn5Yt8kqfvzIwRQtVMCqbHf0ks9lShZj4qghlvJfjp+g18BhHD
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--22b4546b-2acd-4acc-973c-bca7108df7a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:23:17.000Z",
"modified": "2022-09-28T13:23:17.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "PowerShell script contained creds in clear-text",
"category": "Other",
"uuid": "aea70086-8e6c-45d9-bd79-2fc2062c81cb"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "331207a9-34f0-429d-8128-53e6a7f8af49"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "e98fbf75-d2a7-4328-afac-2d7f9b44ea02"
}
],
"x_misp_comment": "PowerShell script contained creds in clear-text ",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7e67259a-48ee-47b1-8b54-2807993972d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:24:16.000Z",
"modified": "2022-09-28T13:24:16.000Z",
"labels": [
"misp:name=\"software\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": "Thycotic PAM",
"category": "Other",
"uuid": "94e4d469-a363-46c9-8e29-86eba6c9e2b6"
},
{
"type": "cpe",
"object_relation": "cpe",
"value": "cpe:2.3:a:thycotic:",
"category": "External analysis",
"uuid": "2f8c1065-6c03-4471-9a20-8e7318907b56"
},
{
"type": "text",
"object_relation": "vendor",
"value": "Thycotic",
"category": "Other",
"uuid": "93aa7bd3-64ec-4b58-be9e-63efe8bbda7f"
}
],
"x_misp_comment": "Software abused by finding admin credentials",
"x_misp_meta_category": "misc",
"x_misp_name": "software"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8e394054-7c6b-452a-9fc3-039220bae131",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:20:38.000Z",
"modified": "2022-09-28T13:20:38.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "Access to Thycotic PAM",
"category": "Other",
"uuid": "782af45c-030c-49b7-b37b-9f32417654f8"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "5853dc00-f10b-4a2f-aa5e-05235dc27bc0"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "84280ecd-97e9-47a9-9d2c-cc5833f8c2a9"
}
],
"x_misp_comment": "Access to Thycotic PAM",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--75c311e2-6f7a-4812-a743-3feaa8b17864",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:21:48.000Z",
"modified": "2022-09-28T13:21:48.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "Access to number of apps/infra",
"category": "Other",
"uuid": "b3ef913e-252d-4d50-a7ff-d8121e18956b"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "fc57c0ee-e5f9-4177-8ac2-7b26216e8fa6"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "38999c55-b852-450b-b24a-d4aecb47df7f"
}
],
"x_misp_comment": "Access to number of apps/infra",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d5aa02f2-31c1-440a-bcd0-dca726039dee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-28T13:24:38.000Z",
"modified": "2022-09-28T13:24:38.000Z",
"labels": [
"misp:name=\"attack-step\"",
"misp:meta-category=\"misc\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "description",
"value": "Data Exfiltration",
"category": "Other",
"uuid": "f508e853-4495-498a-b7ef-382e5ad42cb1"
},
{
"type": "boolean",
"object_relation": "key-step",
"value": "1",
"category": "Other",
"uuid": "09268db6-fe71-4202-ac2d-e56482b32976"
},
{
"type": "boolean",
"object_relation": "succesful",
"value": "1",
"category": "Other",
"uuid": "6835a600-c21a-4e82-b823-ad553d9d23ac"
}
],
"x_misp_comment": "Data Exfiltration",
"x_misp_meta_category": "misc",
"x_misp_name": "attack-step"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--550d1481-77ce-4777-9f5d-87d406adeb0f",
"created": "2022-09-28T12:41:41.000Z",
"modified": "2022-09-28T12:41:41.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--232b4f89-e21f-4ba5-8687-925ebaec6e55",
"target_ref": "x-misp-object--a62672ed-3102-40e4-a4b0-cf19df8f9f31"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ffaf6700-3ff7-465f-b8f5-4e66796d8941",
"created": "2022-09-28T12:34:08.000Z",
"modified": "2022-09-28T12:34:08.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--a62672ed-3102-40e4-a4b0-cf19df8f9f31",
"target_ref": "x-misp-object--cadef9eb-7d4c-4a02-acde-c8b6d64650a9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0c884530-7f3b-4342-93b6-bc3cb51cfef1",
"created": "2022-09-28T12:38:56.000Z",
"modified": "2022-09-28T12:38:56.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--cadef9eb-7d4c-4a02-acde-c8b6d64650a9",
"target_ref": "x-misp-object--49d141f4-81bc-4ad9-ac04-56a2b9ceb87e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d246ca58-8dd2-4335-905b-ee4d2ddb9b5b",
"created": "2022-09-28T12:40:34.000Z",
"modified": "2022-09-28T12:40:34.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--49d141f4-81bc-4ad9-ac04-56a2b9ceb87e",
"target_ref": "x-misp-object--1229857e-9b1a-4ea6-bcb3-ad1b9e001b06"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0769bd77-3647-49b5-a24b-14ea4c0351af",
"created": "2022-09-28T12:45:15.000Z",
"modified": "2022-09-28T12:45:15.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--1229857e-9b1a-4ea6-bcb3-ad1b9e001b06",
"target_ref": "x-misp-object--22b4546b-2acd-4acc-973c-bca7108df7a7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a60101b2-fcc2-491e-9997-47e2bc5e508f",
"created": "2022-10-17T15:34:13.000Z",
"modified": "2022-10-17T15:34:13.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--3c0befee-55b2-457f-925e-74d1052ea063",
"target_ref": "x-misp-object--7e67259a-48ee-47b1-8b54-2807993972d7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c41cd89e-4a76-4c9d-b245-e728063f4d48",
"created": "2022-09-28T12:50:13.000Z",
"modified": "2022-09-28T12:50:13.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--22b4546b-2acd-4acc-973c-bca7108df7a7",
"target_ref": "x-misp-object--7e67259a-48ee-47b1-8b54-2807993972d7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--18d39216-cf62-4cb5-8f01-3aa958f98f63",
"created": "2022-09-28T12:58:19.000Z",
"modified": "2022-09-28T12:58:19.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--22b4546b-2acd-4acc-973c-bca7108df7a7",
"target_ref": "x-misp-object--8e394054-7c6b-452a-9fc3-039220bae131"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d04c474b-9f20-477a-a5a1-dbc1ac8131c7",
"created": "2022-09-28T12:58:40.000Z",
"modified": "2022-09-28T12:58:40.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--8e394054-7c6b-452a-9fc3-039220bae131",
"target_ref": "x-misp-object--7e67259a-48ee-47b1-8b54-2807993972d7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b50f81e9-f2bf-4b2f-954b-6040813bf566",
"created": "2022-09-28T13:20:38.000Z",
"modified": "2022-09-28T13:20:38.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--8e394054-7c6b-452a-9fc3-039220bae131",
"target_ref": "x-misp-object--75c311e2-6f7a-4812-a743-3feaa8b17864"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3aad2b48-414b-4bbd-adcf-9dfdce17a601",
"created": "2022-09-28T13:21:48.000Z",
"modified": "2022-09-28T13:21:48.000Z",
"relationship_type": "followed-by",
"source_ref": "x-misp-object--75c311e2-6f7a-4812-a743-3feaa8b17864",
"target_ref": "x-misp-object--d5aa02f2-31c1-440a-bcd0-dca726039dee"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink