misp-circl-feed/feeds/circl/misp/2ebc21a4-5635-4a7d-9553-ec5f58be0ee6.json

1189 lines
No EOL
54 KiB
JSON

{
"type": "bundle",
"id": "bundle--2ebc21a4-5635-4a7d-9553-ec5f58be0ee6",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--2ebc21a4-5635-4a7d-9553-ec5f58be0ee6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"name": "OSINT - Kobalos \u2013 A complex Linux threat to high performance computing infrastructure",
"published": "2021-02-02T13:11:55Z",
"object_refs": [
"observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e",
"url--07103d07-aa9a-4694-a89c-5cd4fc94221e",
"observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"x-misp-object--f35188ee-2150-4d49-940a-16d588cf7562",
"x-misp-object--026c0bbe-8e18-47ff-9069-0ce387459a39",
"indicator--bbc90dca-7637-45a0-a897-e5832580635e",
"indicator--59711fce-1669-416e-a863-282972f05a30",
"indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92",
"x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136",
"indicator--143c7525-68f6-4367-97a8-4540bdffa019",
"indicator--422f962e-0a08-4bf4-9d95-406422b35bcb",
"indicator--56810ac9-e525-446d-b903-62fa770ae06a",
"indicator--394bf3c8-c3a2-412d-828c-d5e2b0c6811f",
"indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0",
"x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832",
"indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e",
"x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b",
"indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1",
"x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068",
"indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed",
"indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6",
"x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662",
"indicator--1e04dc6e-de14-441d-a7f6-09a5d54f0667",
"indicator--137efbb9-75cd-46e9-8dba-7d8e36a983b5",
"x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d",
"indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5",
"x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83",
"indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd",
"x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3",
"x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405",
"indicator--b4f748c5-41f0-4a59-bf7a-069086896c94",
"x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da",
"indicator--577cde70-7de9-4776-975b-9c0100ceae5e",
"x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703",
"indicator--9a711583-6ce7-4265-aba8-7350383961b6",
"x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7",
"relationship--2a115e0d-676d-49a3-a65b-e421f1057265",
"relationship--05a5b328-a872-437d-8e4a-08073dde4131",
"relationship--49e3b70d-1cf2-4d29-bf73-fc6761f826a4",
"relationship--0f87647e-4872-42a5-9950-1e73796bae81",
"relationship--1a5bfa1b-7c04-4a1f-af0d-3e03c2abf512",
"relationship--c5aafc58-8b9b-41fb-ade5-284e52fd7b5b",
"relationship--f4e963e6-5054-4155-8cb0-ff2d0895104a",
"relationship--49475942-086b-45df-aeb7-12dfaca58063",
"relationship--8023d8e7-52c3-48f9-bb0a-efbe7c6028d2",
"relationship--dee3bdce-bf67-4365-b102-0ad84e669820",
"relationship--86495d5b-2934-4ca2-b8d4-c5698d95f0c2",
"relationship--aa50bd71-55ac-477d-9433-b0127f593f47",
"relationship--c1c213ec-afb7-469e-9d7b-f622239d1ed2",
"relationship--88ec8905-db89-46b6-8003-17c7031e1c79",
"relationship--6c51787c-17ad-4927-a574-ce14e2992505"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"estimative-language:confidence-in-analytic-judgment=\"high\"",
"misp-galaxy:mitre-attack-pattern=\"Compromise Client Software Binary - T1554\"",
"misp-galaxy:mitre-attack-pattern=\"Traffic Signaling - T1205\"",
"misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1070.003\"",
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"",
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"",
"misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"",
"misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:02:20.000Z",
"modified": "2021-02-02T13:02:20.000Z",
"first_observed": "2021-02-02T13:02:20Z",
"last_observed": "2021-02-02T13:02:20Z",
"number_observed": 1,
"object_refs": [
"url--07103d07-aa9a-4694-a89c-5cd4fc94221e"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--07103d07-aa9a-4694-a89c-5cd4fc94221e",
"value": "https://github.com/eset/malware-ioc/blob/master/kobalos/README.adoc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:02:20.000Z",
"modified": "2021-02-02T13:02:20.000Z",
"first_observed": "2021-02-02T13:02:20Z",
"last_observed": "2021-02-02T13:02:20Z",
"number_observed": 1,
"object_refs": [
"url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--fd42b022-1d71-4dda-ab1f-3f9e4a49e663",
"value": "https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f35188ee-2150-4d49-940a-16d588cf7562",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:07:49.000Z",
"modified": "2021-02-02T11:07:49.000Z",
"labels": [
"misp:name=\"crypto-material\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "type",
"value": "RC4",
"category": "Other",
"uuid": "02240c3f-3379-48bc-ac66-849be8ab76ba"
},
{
"type": "text",
"object_relation": "generic-symmetric-key",
"value": "AE0E05090F3AC2B50B1BC6E91D2FE3CE",
"category": "Other",
"uuid": "809ba87e-5329-498a-86ae-66755abaf2e9"
}
],
"x_misp_comment": "Static RC4 key for strings",
"x_misp_meta_category": "misc",
"x_misp_name": "crypto-material"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--026c0bbe-8e18-47ff-9069-0ce387459a39",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:08:40.000Z",
"modified": "2021-02-02T11:08:40.000Z",
"labels": [
"misp:name=\"crypto-material\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "type",
"value": "RSA",
"category": "Other",
"uuid": "2b4462a4-6d51-4f69-8e02-6308c444d046"
},
{
"type": "text",
"object_relation": "public",
"value": "-----BEGIN PUBLIC KEY-----\r\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOUgD8sEF1kZ04QxCd60HrB+TxWnLQED\r\nwzb0sZ8vMMD6xnUAJspdYzSVDnRnKYjTOM43qtLNcJOwVj6cuC1uHHMCAwEAAQ==\r\n-----END PUBLIC KEY-----",
"category": "Other",
"uuid": "6030c4fb-79de-4652-9e2c-cda3a0dca7b4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "crypto-material"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bbc90dca-7637-45a0-a897-e5832580635e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:09:49.000Z",
"modified": "2021-02-02T11:09:49.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.57.191') AND network-traffic:dst_port = '7070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:09:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59711fce-1669-416e-a863-282972f05a30",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"description": "Stand-alone binary - (Debian OS) - Connects to 151.80.57.191:7070",
"pattern": "[file:hashes.SHA1 = '479f470e83f9a5b66363fba5547fdfcf727949da' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:12:06.000Z",
"modified": "2021-02-02T11:12:06.000Z",
"pattern": "[file:hashes.MD5 = '2c693d26ba9df26edf77557c1a709528' AND file:hashes.SHA1 = '479f470e83f9a5b66363fba5547fdfcf727949da' AND file:hashes.SHA256 = '73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:12:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:12:07.000Z",
"modified": "2021-02-02T11:12:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-01T18:56:46+00:00",
"category": "Other",
"uuid": "35baa849-71a0-4406-a3b8-7135a4442667"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806",
"category": "Payload delivery",
"uuid": "b451437f-a3ad-4026-a74f-ed19ae19bce1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "3/62",
"category": "Payload delivery",
"uuid": "1b93b043-b92b-489d-8372-2c0df9f680f2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--143c7525-68f6-4367-97a8-4540bdffa019",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:14:55.000Z",
"modified": "2021-02-02T11:14:55.000Z",
"description": "RHEL\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"pattern": "[file:hashes.SHA1 = 'fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--422f962e-0a08-4bf4-9d95-406422b35bcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:17:54.000Z",
"modified": "2021-02-02T11:17:54.000Z",
"description": "FreeBSD\r\n\t\r\n\r\nsshd Wait for connection from source port 55201",
"pattern": "[file:hashes.SHA1 = 'affa12cc94578d63a8b178ae19f6601d5c8bb224' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:17:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56810ac9-e525-446d-b903-62fa770ae06a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:18:39.000Z",
"modified": "2021-02-02T11:18:39.000Z",
"description": "Ubuntu\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"pattern": "[file:hashes.SHA1 = '325f24e8f5d56db43d6914d9234c08c888cdae50' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:18:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--394bf3c8-c3a2-412d-828c-d5e2b0c6811f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:19:54.000Z",
"modified": "2021-02-02T11:19:54.000Z",
"description": "Arch Linux\r\n\t\r\n\r\nsshd\r\n\t\r\n\r\nWait for connection from source port 55201",
"pattern": "[file:hashes.SHA1 = 'a4050a8171b0fa3ae9031e0f8b7272facf04a3aa' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T11:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:49:26.000Z",
"modified": "2021-02-02T12:49:26.000Z",
"description": "SSH credential stealer ",
"pattern": "[file:hashes.SHA1 = '6616de799b5105ee2eb83bbe25c7f4433420dff7' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T12:49:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T11:22:41.000Z",
"modified": "2021-02-02T11:22:41.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "fullpath",
"value": "/var/run/nscd/ns.pid",
"category": "Other",
"uuid": "ce3d187a-ca3b-4be6-9cc4-74a7169a1868"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:51:48.000Z",
"modified": "2021-02-02T12:51:48.000Z",
"description": "SSH credential stealer ",
"pattern": "[file:hashes.SHA1 = 'e094dd02cc954b6104791925e0d1880782b046cf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T12:51:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:51:24.000Z",
"modified": "2021-02-02T12:51:24.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "fullpath",
"value": "/var/run/udev/ud.pid",
"category": "Other",
"uuid": "bf6ee019-dcf4-465b-9897-6c9752b717d3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:56:24.000Z",
"modified": "2021-02-02T12:56:24.000Z",
"description": "SSH credential stealer FreeBSD",
"pattern": "[file:hashes.SHA1 = '1dd0edc5744d63a731db8c3b42efbd09d91fed78' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T12:56:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:55:48.000Z",
"modified": "2021-02-02T12:55:48.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "fullpath",
"value": "/var/run/udevd.pid",
"category": "Other",
"uuid": "364d8668-bf3b-4cf1-8841-e38c9a1c8b15"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:57:50.000Z",
"modified": "2021-02-02T12:57:50.000Z",
"description": "SSH credential stealer ",
"pattern": "[file:hashes.SHA1 = 'c1f530d3c189b9a74dbe02cfeb29f38be8ca41ba' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T12:57:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:59:16.000Z",
"modified": "2021-02-02T12:59:16.000Z",
"description": "SSH credential stealer ",
"pattern": "[file:hashes.SHA1 = '659cbdf9288137937bb71146b6f722ffcda1c5fe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T12:59:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T12:58:51.000Z",
"modified": "2021-02-02T12:58:51.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "fullpath",
"value": "/var/run/sshd/sshd.pid",
"category": "Other",
"uuid": "2940c1e1-451c-40a0-ab8b-bf02d05bec56"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1e04dc6e-de14-441d-a7f6-09a5d54f0667",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:00:20.000Z",
"modified": "2021-02-02T13:00:20.000Z",
"pattern": "rule kobalos\r\n{\r\n meta:\r\n description = \\\\\"Kobalos malware\\\\\"\r\n author = \\\\\"Marc-Etienne M.L\u00e9veill\u00e9\\\\\"\r\n date = \\\\\"2020-11-02\\\\\"\r\n reference = \\\\\"http://www.welivesecurity.com\\\\\"\r\n source = \\\\\"https://github.com/eset/malware-ioc/\\\\\"\r\n license = \\\\\"BSD 2-Clause\\\\\"\r\n version = \\\\\"1\\\\\"\r\n\r\n strings:\r\n $encrypted_strings_sizes = {\r\n 05 00 00 00 09 00 00 00 04 00 00 00 06 00 00 00\r\n 08 00 00 00 08 00 00 00 02 00 00 00 02 00 00 00\r\n 01 00 00 00 01 00 00 00 05 00 00 00 07 00 00 00\r\n 05 00 00 00 05 00 00 00 05 00 00 00 0A 00 00 00\r\n }\r\n $password_md5_digest = { 3ADD48192654BD558A4A4CED9C255C4C }\r\n $rsa_512_mod_header = { 10 11 02 00 09 02 00 }\r\n $strings_rc4_key = { AE0E05090F3AC2B50B1BC6E91D2FE3CE }\r\n\r\n condition:\r\n any of them\r\n}",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:00:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "all"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--137efbb9-75cd-46e9-8dba-7d8e36a983b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:00:55.000Z",
"modified": "2021-02-02T13:00:55.000Z",
"pattern": "rule kobalos_ssh_credential_stealer {\r\n meta:\r\n description = \\\\\"Kobalos SSH credential stealer seen in OpenSSH client\\\\\"\r\n author = \\\\\"Marc-Etienne M.L\u00e9veill\u00e9\\\\\"\r\n date = \\\\\"2020-11-02\\\\\"\r\n reference = \\\\\"http://www.welivesecurity.com\\\\\"\r\n source = \\\\\"https://github.com/eset/malware-ioc/\\\\\"\r\n license = \\\\\"BSD 2-Clause\\\\\"\r\n version = \\\\\"1\\\\\"\r\n\r\n strings:\r\n $ = \\\\\"user: \\\\%.128s host: \\\\%.128s port \\\\%05d user: \\\\%.128s password: \\\\%.128s\\\\\"\r\n\r\n condition:\r\n any of them\r\n}",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "all"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:03:24.000Z",
"modified": "2021-02-02T13:03:24.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "summary",
"value": "ESET researchers have analyzed malware that has been targeting high performance computing (HPC) clusters, among other high-profile targets. We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a Kobalos is a small, mischievous creature. Today we publish a paper titled \u201cA wild Kobalos appears: Tricksy Linux malware goes after HPCs\u201d describing the inner working of this threat.",
"category": "Other",
"uuid": "de941abb-8360-41fd-88b8-14ab18906b30"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"pattern": "[file:hashes.MD5 = '4e52980f06f211668df959175d6c3d58' AND file:hashes.SHA1 = 'e094dd02cc954b6104791925e0d1880782b046cf' AND file:hashes.SHA256 = '75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-03-04T18:41:56+00:00",
"category": "Other",
"uuid": "8135e42c-4a36-47da-b8ad-595dcda6a2e6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45/detection/f-75edf6662811d001da179b96bd06d675aa2439fd88a981cc84f24b4a5b4f8f45-1583347316",
"category": "Payload delivery",
"uuid": "e5a8ebcf-af6e-444f-adc6-f8465fae0676"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/61",
"category": "Payload delivery",
"uuid": "4ff0afc9-cac1-44be-b730-67fe00f15bef"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"pattern": "[file:hashes.MD5 = '87837cc81c346e2a38ab1fe5e4826af2' AND file:hashes.SHA1 = '6616de799b5105ee2eb83bbe25c7f4433420dff7' AND file:hashes.SHA256 = '6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-02T11:56:14+00:00",
"category": "Other",
"uuid": "a1c31bf0-5438-4d5b-b6df-f13319a1cc84"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a/detection/f-6c36e0341ea1529665de88b690a19a18ea02d2a2a5bae6d745e01efc194e486a-1612266974",
"category": "Payload delivery",
"uuid": "6299cd4c-b13d-42a4-94b3-6254cfd7fd59"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/62",
"category": "Payload delivery",
"uuid": "2eeeaca5-5c72-4ea2-8c76-591780ddab71"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-01T18:56:46+00:00",
"category": "Other",
"uuid": "40f30083-4b87-42ab-b515-9f8e07055145"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58/detection/f-73576d5a21ec2f164fe37bea86964e18dca1b800a8c7a104223cc35d74e7bd58-1612205806",
"category": "Payload delivery",
"uuid": "fc710595-3fb3-4fcf-87b0-daa1a5f69423"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "3/62",
"category": "Payload delivery",
"uuid": "bf6548e5-2428-455c-929d-3a342ec0f4bf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4f748c5-41f0-4a59-bf7a-069086896c94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"pattern": "[file:hashes.MD5 = '7538d0ec96869fd53d7c613a108846c0' AND file:hashes.SHA1 = 'fbf0a76ced2939d1f7ec5f9ea58c5a294207f7fe' AND file:hashes.SHA256 = 'd51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-02T08:05:42+00:00",
"category": "Other",
"uuid": "7f072142-4e7c-490a-9f1d-7c5c3f563499"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983/detection/f-d51cb52136931af5ebd8628b64d6cd1327a99196b102d246f52d878ffb581983-1612253142",
"category": "Payload delivery",
"uuid": "88f8d78d-9e9e-4931-a826-85529a90ccfa"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/62",
"category": "Payload delivery",
"uuid": "d11eb3b0-2889-45d8-8f90-f7021df6568c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--577cde70-7de9-4776-975b-9c0100ceae5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"pattern": "[file:hashes.MD5 = 'f54ba4ac2eeb5c12a513872acabecbc6' AND file:hashes.SHA1 = 'affa12cc94578d63a8b178ae19f6601d5c8bb224' AND file:hashes.SHA256 = '9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2021-02-01T18:58:25+00:00",
"category": "Other",
"uuid": "cae3f6bb-2b69-48eb-9099-658fc16919d7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74/detection/f-9ed33b43e679ad98615e1a4e8c46dbeb9b93271625e46f4b4d021099b4b6fb74-1612205905",
"category": "Payload delivery",
"uuid": "4bf2aad3-5dc1-4a81-8c15-4f74538f9c8e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/61",
"category": "Payload delivery",
"uuid": "66364ddf-d38e-4d5a-8082-ba0682f6eb3b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a711583-6ce7-4265-aba8-7350383961b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"pattern": "[file:hashes.MD5 = 'bc49dd3da0b2cb1425a466a3d2f0ed41' AND file:hashes.SHA1 = '1dd0edc5744d63a731db8c3b42efbd09d91fed78' AND file:hashes.SHA256 = '13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-02-02T13:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-02-02T13:09:20.000Z",
"modified": "2021-02-02T13:09:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-03-09T08:44:44+00:00",
"category": "Other",
"uuid": "2b6ecaa2-bbe1-4903-b28b-8672896fb4d5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a/detection/f-13cbde1b79ca195a06697df937580c82c0e1cd90cc91c18ddfe4a7802e8e923a-1583743484",
"category": "Payload delivery",
"uuid": "99713b59-7b94-4c9f-9223-84190b6f00d3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/59",
"category": "Payload delivery",
"uuid": "227fe71f-0426-4338-b83e-890fc2a5e5ef"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2a115e0d-676d-49a3-a65b-e421f1057265",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "connects-to",
"source_ref": "indicator--59711fce-1669-416e-a863-282972f05a30",
"target_ref": "indicator--bbc90dca-7637-45a0-a897-e5832580635e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--05a5b328-a872-437d-8e4a-08073dde4131",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--59711fce-1669-416e-a863-282972f05a30",
"target_ref": "x-misp-object--8dc33498-4ead-4457-a3eb-e85032df1405"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49e3b70d-1cf2-4d29-bf73-fc6761f826a4",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ce16efd3-b989-4fdb-9cad-3cb622be8c92",
"target_ref": "x-misp-object--96edf472-61bf-4f3c-81ce-932eb0329136"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0f87647e-4872-42a5-9950-1e73796bae81",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "writes",
"source_ref": "indicator--0fa4cd2e-4304-4657-99ad-962f7eb548f0",
"target_ref": "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1a5bfa1b-7c04-4a1f-af0d-3e03c2abf512",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "writes",
"source_ref": "indicator--683e6644-bb2e-4ae9-b1e4-139453b8402e",
"target_ref": "x-misp-object--f10e10ba-0d66-4505-a4d5-1689c9f5e25b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c5aafc58-8b9b-41fb-ade5-284e52fd7b5b",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "writes",
"source_ref": "indicator--84bd6b39-8189-4eee-8fef-6d9ee06306a1",
"target_ref": "x-misp-object--b2a8b157-a04f-484f-8d88-549ede5b0068"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f4e963e6-5054-4155-8cb0-ff2d0895104a",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "writes",
"source_ref": "indicator--68ac0130-82b6-4709-ae98-cee6fe7fb4ed",
"target_ref": "x-misp-object--5564a28d-f2a5-41da-9339-6b72f64c6832"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49475942-086b-45df-aeb7-12dfaca58063",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "writes",
"source_ref": "indicator--d4f9f303-b8b7-421a-b1bc-b2ad6f0396c6",
"target_ref": "x-misp-object--fe1474ac-d0a1-4792-8936-e25686ad6662"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8023d8e7-52c3-48f9-bb0a-efbe7c6028d2",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d",
"target_ref": "observed-data--07103d07-aa9a-4694-a89c-5cd4fc94221e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dee3bdce-bf67-4365-b102-0ad84e669820",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--6743c14d-5278-41a1-a8d2-678f94f59d6d",
"target_ref": "observed-data--fd42b022-1d71-4dda-ab1f-3f9e4a49e663"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--86495d5b-2934-4ca2-b8d4-c5698d95f0c2",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--cd4a56fb-10a5-46f9-868e-2d2d9cee93c5",
"target_ref": "x-misp-object--5d93ad07-c377-43cc-b9e4-1b0ab3d0da83"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa50bd71-55ac-477d-9433-b0127f593f47",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bb8fc68e-77a6-4115-abf5-3fc14c1039dd",
"target_ref": "x-misp-object--a9cacc5a-a03f-463a-95a1-854718064bb3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c1c213ec-afb7-469e-9d7b-f622239d1ed2",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b4f748c5-41f0-4a59-bf7a-069086896c94",
"target_ref": "x-misp-object--5b93ec98-7b27-4038-b9ca-6c8ae8ae44da"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--88ec8905-db89-46b6-8003-17c7031e1c79",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--577cde70-7de9-4776-975b-9c0100ceae5e",
"target_ref": "x-misp-object--977fbf1c-4163-45ce-a014-4f58536d3703"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c51787c-17ad-4927-a574-ce14e2992505",
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9a711583-6ce7-4265-aba8-7350383961b6",
"target_ref": "x-misp-object--3f558b7a-d342-4090-92a2-82e2210b68e7"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}