{ "type": "bundle", "id": "bundle--5ccaeddb-dc84-4cc2-9f73-4a70950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:21:30.000Z", "modified": "2019-05-02T13:21:30.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5ccaeddb-dc84-4cc2-9f73-4a70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:21:30.000Z", "modified": "2019-05-02T13:21:30.000Z", "name": "OSINT - Goblin Panda continues to target Vietnam", "published": "2019-05-02T13:25:38Z", "object_refs": [ "observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f", "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f", "x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f", "indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f", "indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f", "indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f", "indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f", "indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f", "indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f", "indicator--5ccaee32-0310-4075-8920-4337950d210f", "indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f", "indicator--5ccaee7b-9258-45b6-9420-4bba950d210f", "indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f", "indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f", "vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f", "indicator--6af30035-5440-401a-976b-bc64ed82ad01", "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493", "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f", "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e", "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f", "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e", "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61", "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723", "relationship--f1215b21-4e99-4cbb-8343-d8906caabda1", "relationship--d85cb4b2-f310-48bb-92e0-271dfadf99e8", "relationship--083458a8-b1b6-497e-bfe5-de1c76a90ff4", "relationship--e81d9e8e-3dc3-4e45-813f-21436823d665" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:threat-actor=\"Hellsing\"", "misp-galaxy:malpedia=\"NewCore RAT\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:17:36.000Z", "modified": "2019-05-02T13:17:36.000Z", "first_observed": "2019-05-02T13:17:36Z", "last_observed": "2019-05-02T13:17:36Z", "number_observed": 1, "object_refs": [ "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5ccaedf0-5fd0-4f8c-a5f5-49d4950d210f", "value": "https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5ccaee07-32d8-4255-9cb5-4686950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:17:59.000Z", "modified": "2019-05-02T13:17:59.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Chinese actors have changed the rtf exploit following my different articles and Anomali article https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain\r\n\r\nBut In march a researcher of Anomali @aRtAGGI made a link very interesting between Icefog and an article targeting Mongelian speaker https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-bb50-4bc4-bdb8-4817950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-5ce8-48fd-8fb0-4ff8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[file:name = 'Shortcuts\\\\QcLite.dll']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-b744-4e07-bd11-4f6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-4a50-4c78-8d6f-4a8c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[file:name = 'Shortcuts\\\\QcConsol.exe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-db04-4dc2-83d0-47ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-cb00-49b9-b3cc-47bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[domain-name:value = 'web.hcmuafgh.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-0310-4075-8920-4337950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.29.56.62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee32-1ad0-4b57-98b5-4f6c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:18:42.000Z", "modified": "2019-05-02T13:18:42.000Z", "pattern": "[url:value = 'http://web.hcmuafgh.com:4357/link?url=maOVmKGmMDU1&enpl=OXcoVQ==&encd=XARIZTE=']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:18:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee7b-9258-45b6-9420-4bba950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:55.000Z", "modified": "2019-05-02T13:19:55.000Z", "description": "The dll is a variant of the newcoreRAT with many similarities with", "pattern": "[file:hashes.SHA256 = '05d0ad2bcc1c6e2752a231bc36d07a841f075a0a32a3a62abaafddbdafd72f62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee7b-27b0-4803-a8e5-412e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:55.000Z", "modified": "2019-05-02T13:19:55.000Z", "description": "The dll is a variant of the newcoreRAT with many similarities with", "pattern": "[file:hashes.SHA256 = '5a592b92ffcbea75e458726cecc7f159b8f71c46b80de30bac2a48006ac1e1b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5ccaee7b-0eb8-4058-be18-47d6950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:55.000Z", "modified": "2019-05-02T13:19:55.000Z", "description": "The dll is a variant of the newcoreRAT with many similarities with", "pattern": "[file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--5ccaeeca-5668-4e48-9f70-496c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:21:14.000Z", "modified": "2019-05-02T13:21:14.000Z", "name": "CVE-2017\u00e2\u20ac\u201c11882", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017\u00e2\u20ac\u201c11882" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6af30035-5440-401a-976b-bc64ed82ad01", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "pattern": "[file:hashes.MD5 = '6d2e6a61eede06fa9d633ce151208831' AND file:hashes.SHA1 = 'f764163f3912376ebcabaf1cf3a60b6bc74561be' AND file:hashes.SHA256 = '207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-05-02T11:28:30", "category": "Other", "uuid": "8a8e9657-f185-4b4a-a864-9dfd038906ce" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/207e66a3b0f1abfd4721f1b3e9fed8ac89be51e1ec13dd407b4e08fad52113e3/analysis/1556796510/", "category": "Payload delivery", "uuid": "a0b8060b-4c47-4415-8ee8-481d250cdbaf" }, { "type": "text", "object_relation": "detection-ratio", "value": "15/69", "category": "Payload delivery", "uuid": "8d0ecb1f-84c3-4e39-85e6-5382f49cc22c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "pattern": "[file:hashes.MD5 = '109d51899c832287d7ce1f70b5bd885d' AND file:hashes.SHA1 = 'daa69d1b1abc00139b1d73d075921ab93137598d' AND file:hashes.SHA256 = '9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-29T23:04:06", "category": "Other", "uuid": "5e67a2b3-2334-4dd1-b4da-148e54772693" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9f3114e48dd0245467fd184bb9655a5208fa7d13e2fe06514d1f3d61ce8b8770/analysis/1556579046/", "category": "Payload delivery", "uuid": "2861f6a6-f61f-4226-8b1a-5552c3c1fa06" }, { "type": "text", "object_relation": "detection-ratio", "value": "0/70", "category": "Payload delivery", "uuid": "f186be1f-70d3-4b2d-8f82-32aa84b64c0b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "pattern": "[file:hashes.MD5 = '84fca27bc75f40194c95534b07838d6c' AND file:hashes.SHA1 = '9520a18e9f6d4f6f014aa576b8843cdff176f701' AND file:hashes.SHA256 = '81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:19:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-05-01T10:35:55", "category": "Other", "uuid": "e051a82c-c83e-4283-8de4-161be247465f" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/81f75839e6193212d71d771edea62430111482177cdc481f4688d82cd8a5fed6/analysis/1556706955/", "category": "Payload delivery", "uuid": "8a0a6690-a7e6-449b-9c8d-6afd65d8be44" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/58", "category": "Payload delivery", "uuid": "bab1b9f2-f67e-493b-912e-525dcaa79d9c" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:20:33.000Z", "modified": "2019-05-02T13:20:33.000Z", "pattern": "[file:hashes.MD5 = '1b19175c41b9a9881b23b4382cc5935f' AND file:hashes.SHA1 = '3752656c024284ea63421d70235ec48d76a95df3' AND file:hashes.SHA256 = '5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-02T13:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-05-02T13:20:34.000Z", "modified": "2019-05-02T13:20:34.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-04-29T23:04:01", "category": "Other", "comment": "The dll is a variant of the newcoreRAT with many similarities with", "uuid": "a6e30d35-1912-4743-86bb-917b906bfc44" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/5b652205b1c248e5d5fc0eb5f53c5754df829ed2479687d4f14c2e08fbf87e76/analysis/1556579041/", "category": "Payload delivery", "comment": "The dll is a variant of the newcoreRAT with many similarities with", "uuid": "f6aba0fc-493d-46cd-809d-fb34b7ade2cb" }, { "type": "text", "object_relation": "detection-ratio", "value": "46/70", "category": "Payload delivery", "comment": "The dll is a variant of the newcoreRAT with many similarities with", "uuid": "35ac479c-bae6-42e5-a362-b3477657ef04" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--f1215b21-4e99-4cbb-8343-d8906caabda1", "created": "2019-05-02T13:19:21.000Z", "modified": "2019-05-02T13:19:21.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--6af30035-5440-401a-976b-bc64ed82ad01", "target_ref": "x-misp-object--c6f4a078-7797-4e7f-a50a-f441a9441493" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d85cb4b2-f310-48bb-92e0-271dfadf99e8", "created": "2019-05-02T13:19:22.000Z", "modified": "2019-05-02T13:19:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--3ad479ea-41de-4e77-a2e2-e443cdc7e06f", "target_ref": "x-misp-object--61bf2686-6262-435a-9039-372f43219b6e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--083458a8-b1b6-497e-bfe5-de1c76a90ff4", "created": "2019-05-02T13:19:22.000Z", "modified": "2019-05-02T13:19:22.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f9c0db13-b132-48c2-bf17-631eff339a1f", "target_ref": "x-misp-object--065f0f1c-08b4-4411-9d4d-300f2e0ac82e" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e81d9e8e-3dc3-4e45-813f-21436823d665", "created": "2019-05-02T13:20:34.000Z", "modified": "2019-05-02T13:20:34.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--f2fb7d05-f968-4edc-8d24-24b91cf0df61", "target_ref": "x-misp-object--7077ee06-f4ff-4873-86f7-ba89aef8c723" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }