{ "type": "bundle", "id": "bundle--5a8ab58a-213c-409a-97af-4eb5950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:19:23.000Z", "modified": "2018-02-19T15:19:23.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5a8ab58a-213c-409a-97af-4eb5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:19:23.000Z", "modified": "2018-02-19T15:19:23.000Z", "name": "OSINT - Zeus Panda Banking Trojan Targets Online Holiday Shoppers", "published": "2018-02-19T15:19:35Z", "object_refs": [ "observed-data--5a8ab5a6-dd34-43fe-84a6-4233950d210f", "url--5a8ab5a6-dd34-43fe-84a6-4233950d210f", "x-misp-attribute--5a8ab678-cbc8-44d5-a0fd-41dc950d210f", "indicator--5a8ab749-7f88-4c4e-a793-468d950d210f", "indicator--5a8ab749-c348-4a01-b3a1-49a2950d210f", "indicator--5a8ab74a-24a0-4e16-9453-48d6950d210f", "indicator--5a8ab74a-d460-4557-853d-4dd6950d210f", "indicator--5a8ab74a-c27c-4d54-8ec7-4716950d210f", "indicator--5a8ab74b-6054-4c91-83fb-47de950d210f", "indicator--5a8abb27-77a0-4b68-9553-48b4950d210f", "indicator--5a8abb28-1f88-407e-bb4d-4ae1950d210f", "indicator--5a8abb28-90f8-4695-9b56-4c40950d210f", "indicator--5a8abb90-0c54-4cdd-8bd4-4f25950d210f", "indicator--5a8abcf9-ad74-4cf5-8f22-40bc950d210f", "indicator--50729b03-af98-461f-8150-6bdcb9f28863", "x-misp-object--72f529ad-3800-4a67-986c-5f156bacd531", "indicator--e07dadcb-0ee5-41c3-9b1f-d16add57de72", "x-misp-object--1887aa1b-d4c3-4054-8207-db4bbfae0f24", "indicator--72cca599-0709-4d9d-82fc-809cf184fc48", "x-misp-object--4135037a-5a4e-441d-86c3-76db0f601bfc", "indicator--c18bd498-66d8-455d-9739-5eaacc9775ac", "x-misp-object--acc53bbd-33bd-4719-a4a7-35c9937db841", "relationship--d07a4999-45a7-4e82-bfc4-18345cf58d83", "relationship--94e89b39-5e17-498f-9f4d-b1cb1560cfa2", "relationship--76fbb0e0-bcf0-485a-ac2b-e188dee0f87c", "relationship--966370f2-d7ed-4ddd-bfb1-c0d1fa3d0b0d" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:banker=\"Panda Banker\"", "osint:source-type=\"blog-post\"", "ms-caro-malware-full:malware-family=\"Banker\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a8ab5a6-dd34-43fe-84a6-4233950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:19:01.000Z", "modified": "2018-02-19T15:19:01.000Z", "first_observed": "2018-02-19T15:19:01Z", "last_observed": "2018-02-19T15:19:01Z", "number_observed": 1, "object_refs": [ "url--5a8ab5a6-dd34-43fe-84a6-4233950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "estimative-language:likelihood-probability=\"very-likely\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a8ab5a6-dd34-43fe-84a6-4233950d210f", "value": "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5a8ab678-cbc8-44d5-a0fd-41dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:19:20.000Z", "modified": "2018-02-19T15:19:20.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "estimative-language:likelihood-probability=\"very-likely\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites. Most often, the injects -- the code that actually performs the man-in-the-browser attacks -- are configured for region-specific banking sites. More recently, we have seen injects for online payment sites, casinos, retailers, and more appearing in banking Trojan campaigns.\r\n\r\nSince November -- a period of time that includes Thanksgiving, Black Friday, Cyber Monday and now leading up to Christmas -- we have observed Zeus Panda banking Trojan campaigns that have an increasing focus on non-banking targets with an extensive list of injects clearly designed to capitalize on holiday shopping and activities.\r\n\r\nMore specifically, these Zeus Panda (aka Panda Banker) campaigns expanded their injects to a variety of online shopping sites for brick and mortar retailers like Zara, specialty online retailers, travel sites, and video streaming sites, among others. The vast majority of these new targets will potentially see higher-than-normal numbers of credit card transactions for the holidays. While Zeus Panda can be configured to steal a variety of information, these injects collected the credit card number, address, phone number, DOB, SSN, and security question-related information such as mother\u00e2\u20ac\u2122s maiden name." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab749-7f88-4c4e-a793-468d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:55.000Z", "modified": "2018-02-19T15:15:55.000Z", "description": "December 11 campaign - Document payload", "pattern": "[url:value = 'http://80.82.67.217/moo.jpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab749-c348-4a01-b3a1-49a2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T11:38:49.000Z", "modified": "2018-02-19T11:38:49.000Z", "description": "December 11 campaign - Panda", "pattern": "[file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T11:38:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab74a-24a0-4e16-9453-48d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:55.000Z", "modified": "2018-02-19T15:15:55.000Z", "description": "December 11 campaign - Panda C&C", "pattern": "[domain-name:value = 'gromnes.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab74a-d460-4557-853d-4dd6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:56.000Z", "modified": "2018-02-19T15:15:56.000Z", "description": "December 11 campaign - Panda C&C", "pattern": "[domain-name:value = 'aklexim.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab74a-c27c-4d54-8ec7-4716950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:56.000Z", "modified": "2018-02-19T15:15:56.000Z", "description": "December 11 campaign - Panda C&C", "pattern": "[domain-name:value = 'kichamyn.top']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8ab74b-6054-4c91-83fb-47de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T11:38:51.000Z", "modified": "2018-02-19T11:38:51.000Z", "description": "December 11 campaign - Attachment", "pattern": "[file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T11:38:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8abb27-77a0-4b68-9553-48b4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:57.000Z", "modified": "2018-02-19T15:15:57.000Z", "description": "November 13 campaign - Malicious URL in email", "pattern": "[url:value = 'http://www.nfk-trading.com/analyticsmmrxbctq/redirect/0849e22e843170e1600c1910df8cf9da-id-qblozsmn-to-package-awaiting']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8abb28-1f88-407e-bb4d-4ae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:57.000Z", "modified": "2018-02-19T15:15:57.000Z", "description": "November 13 campaign - Landing page redirection", "pattern": "[url:value = 'https://canadapost-packagecenter.com/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8abb28-90f8-4695-9b56-4c40950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:57.000Z", "modified": "2018-02-19T15:15:57.000Z", "description": "November 13 campaign - \t Document payload", "pattern": "[url:value = 'http://89.248.169.136/bigmac.jpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:15:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8abb90-0c54-4cdd-8bd4-4f25950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T11:57:04.000Z", "modified": "2018-02-19T11:57:04.000Z", "description": "November 13 campaign", "pattern": "[file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b' AND file:name = 'receipt-package-5a0a062cae04a.doc' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T11:57:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a8abcf9-ad74-4cf5-8f22-40bc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T12:03:05.000Z", "modified": "2018-02-19T12:03:05.000Z", "description": "November 13 campaign - Panda executable", "pattern": "[file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d' AND file:name = 'Bigmac.jpg' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T12:03:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--50729b03-af98-461f-8150-6bdcb9f28863", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:01.000Z", "modified": "2018-02-19T15:16:01.000Z", "pattern": "[file:hashes.MD5 = 'a02d6ca05cbc89a317d82945bcb6b15b' AND file:hashes.SHA1 = '2cacb877c487b6dae47fb16fdd1dc7b05595125b' AND file:hashes.SHA256 = 'ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:16:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--72f529ad-3800-4a67-986c-5f156bacd531", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:15:59.000Z", "modified": "2018-02-19T15:15:59.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/ae92a4a5bc64db6af23219d7fa2d8bce98a5d7eb2eff7193e4f49698e3e5650d/analysis/1513357351/", "category": "External analysis", "uuid": "5a8aea2f-de34-4aea-90b8-429e02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "53/67", "category": "Other", "uuid": "5a8aea30-036c-4904-8e9e-44c902de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2017-12-15T17:02:31", "category": "Other", "uuid": "5a8aea30-23e0-4d58-a38c-49ac02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e07dadcb-0ee5-41c3-9b1f-d16add57de72", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:03.000Z", "modified": "2018-02-19T15:16:03.000Z", "pattern": "[file:hashes.MD5 = '52b053886cc0ca44df86cba91de968fa' AND file:hashes.SHA1 = 'ef22bcec61cb2aea85cd93cede6af5f4b27e011b' AND file:hashes.SHA256 = '5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:16:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1887aa1b-d4c3-4054-8207-db4bbfae0f24", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:02.000Z", "modified": "2018-02-19T15:16:02.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5f7a1b02d5b2904554e65bd01a12f1fa5ff2121eef53f3942c4e9e29c46bdce3/analysis/1517157632/", "category": "External analysis", "comment": "December 11 campaign - Panda", "uuid": "5a8aea32-5c18-4193-9110-42f402de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "44/66", "category": "Other", "comment": "December 11 campaign - Panda", "uuid": "5a8aea32-ff44-4c41-a670-454b02de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-28T16:40:32", "category": "Other", "comment": "December 11 campaign - Panda", "uuid": "5a8aea32-1c98-4f3a-ad90-48eb02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--72cca599-0709-4d9d-82fc-809cf184fc48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:06.000Z", "modified": "2018-02-19T15:16:06.000Z", "pattern": "[file:hashes.MD5 = 'b2a6ec17f49740ddc699640fb19f951d' AND file:hashes.SHA1 = '00d8ef79f6fe532815c0325fb6d7165cdae98548' AND file:hashes.SHA256 = 'e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:16:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--4135037a-5a4e-441d-86c3-76db0f601bfc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:04.000Z", "modified": "2018-02-19T15:16:04.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/e13594d83f2a573627e742baf33298b9eeec1ebb8c7955304b8c35559e5f23dc/analysis/1515020239/", "category": "External analysis", "comment": "December 11 campaign - Attachment", "uuid": "5a8aea34-d048-4db3-9e91-4a4502de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/60", "category": "Other", "comment": "December 11 campaign - Attachment", "uuid": "5a8aea35-304c-45fe-99a1-4c1102de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-03T22:57:19", "category": "Other", "comment": "December 11 campaign - Attachment", "uuid": "5a8aea35-5e88-49aa-942f-4d3602de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c18bd498-66d8-455d-9739-5eaacc9775ac", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:08.000Z", "modified": "2018-02-19T15:16:08.000Z", "pattern": "[file:hashes.MD5 = 'bcac60105cb24fdbcc03c1d52d09bfd1' AND file:hashes.SHA1 = '8eab9d3dfe6ac35a3624e916bb3cdc6d390a83d2' AND file:hashes.SHA256 = '2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-02-19T15:16:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--acc53bbd-33bd-4719-a4a7-35c9937db841", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-02-19T15:16:07.000Z", "modified": "2018-02-19T15:16:07.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2514dbf1549b517692e415af85baa6e5eca926cdedb526d2e255b5943501d98b/analysis/1515420786/", "category": "External analysis", "uuid": "5a8aea38-a39c-4ff5-8186-43ae02de0b81" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/60", "category": "Other", "uuid": "5a8aea38-7b60-4f34-9b25-4ea302de0b81" }, { "type": "datetime", "object_relation": "last-submission", "value": "2018-01-08T14:13:06", "category": "Other", "uuid": "5a8aea38-bf00-4f32-a34e-456a02de0b81" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d07a4999-45a7-4e82-bfc4-18345cf58d83", "created": "2018-02-19T15:16:09.000Z", "modified": "2018-02-19T15:16:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--50729b03-af98-461f-8150-6bdcb9f28863", "target_ref": "x-misp-object--72f529ad-3800-4a67-986c-5f156bacd531" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--94e89b39-5e17-498f-9f4d-b1cb1560cfa2", "created": "2018-02-19T15:16:09.000Z", "modified": "2018-02-19T15:16:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--e07dadcb-0ee5-41c3-9b1f-d16add57de72", "target_ref": "x-misp-object--1887aa1b-d4c3-4054-8207-db4bbfae0f24" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--76fbb0e0-bcf0-485a-ac2b-e188dee0f87c", "created": "2018-02-19T15:16:09.000Z", "modified": "2018-02-19T15:16:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--72cca599-0709-4d9d-82fc-809cf184fc48", "target_ref": "x-misp-object--4135037a-5a4e-441d-86c3-76db0f601bfc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--966370f2-d7ed-4ddd-bfb1-c0d1fa3d0b0d", "created": "2018-02-19T15:16:09.000Z", "modified": "2018-02-19T15:16:09.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--c18bd498-66d8-455d-9739-5eaacc9775ac", "target_ref": "x-misp-object--acc53bbd-33bd-4719-a4a7-35c9937db841" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }