adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b597959-6310-43e8-80b2-4d30950d210f.json

1228 lines
No EOL
53 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5b597959-6310-43e8-80b2-4d30950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:44.000Z",
"modified": "2018-07-26T13:13:44.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b597959-6310-43e8-80b2-4d30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:44.000Z",
"modified": "2018-07-26T13:13:44.000Z",
"name": "OSINT - Kronos Reborn",
"published": "2018-07-26T13:14:29Z",
"object_refs": [
"x-misp-attribute--5b597e9e-b88c-4bc1-8f11-af6a950d210f",
"observed-data--5b597ee4-7370-4258-88b5-b098950d210f",
"url--5b597ee4-7370-4258-88b5-b098950d210f",
"indicator--5b59c078-03e4-4a71-a48f-4503950d210f",
"indicator--5b59c078-3b9c-4f25-9aeb-4691950d210f",
"indicator--5b59c079-0180-477e-b041-457e950d210f",
"indicator--5b59c079-cd18-4e05-a267-451f950d210f",
"indicator--5b59c07a-1d28-454c-94ba-4f0f950d210f",
"indicator--5b59c07a-8cd8-4b86-ad8e-4635950d210f",
"indicator--5b59c07b-bb84-4c15-baa0-4135950d210f",
"indicator--5b59c07b-09f8-4fdd-b9f2-41f3950d210f",
"indicator--5b59c07c-c7fc-4ea5-9afe-4bd6950d210f",
"indicator--5b59c07c-1cc4-453a-8c26-495a950d210f",
"indicator--5b59c07d-f114-401d-af89-4f4e950d210f",
"indicator--5b59c07d-22e0-48c4-8b04-4ec0950d210f",
"indicator--5b59c07e-f9f4-4770-b1cc-428e950d210f",
"indicator--5b59c07e-d050-4843-9c9a-4cba950d210f",
"indicator--5b59c07f-d42c-469e-846a-4fa3950d210f",
"indicator--5b59c07f-732c-4cb6-adb4-4d48950d210f",
"indicator--5b59bea3-9a30-4e9f-b748-4239950d210f",
"indicator--5b59beb5-0e9c-4f68-85f4-4a77950d210f",
"indicator--5b59bef2-cdf8-40b2-8000-4298950d210f",
"indicator--5b59bf0c-5950-4f90-9596-43da950d210f",
"indicator--5b59bf19-3770-40b1-aa0e-4824950d210f",
"indicator--5b59bf31-2514-482c-9f84-4a20950d210f",
"indicator--5b59bf47-4fc4-44cc-b7bc-4967950d210f",
"indicator--5b59c3d7-c760-41e4-9afd-40b7950d210f",
"indicator--5b59c3e9-d500-4e86-9f7f-45f3950d210f",
"indicator--716245aa-e298-4be6-a638-f2073e0af588",
"x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890",
"indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
"x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8",
"indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
"x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549",
"indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
"x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a",
"indicator--2238785f-23bd-467b-b588-484fba9e78f9",
"x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5",
"indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
"x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30",
"indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
"x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19",
"relationship--24911f77-4eab-430b-b675-998701ba5acf",
"relationship--120e8958-420b-4ba7-8d3d-36678afe58e4",
"relationship--00c9f649-1bba-45e8-a393-75d269a7b0d2",
"relationship--8d09022e-7165-4274-8e6c-4c8f92a5bf6c",
"relationship--bbb1df96-f036-4c0a-84bc-dfe45d06531f",
"relationship--42df4884-397b-4d4f-a60b-8b500768ce80",
"relationship--cc0e1076-4f0e-4d6b-a1ce-4710c3237934"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Smoke Loader\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"",
"misp-galaxy:banker=\"Kronos\"",
"ms-caro-malware-full:malware-family=\"Banker\"",
"malware_classification:malware-category=\"Trojan\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b597e9e-b88c-4bc1-8f11-af6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:20:53.000Z",
"modified": "2018-07-26T12:20:53.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The Kronos banking Trojan was first discovered in 2014 and was a steady fixture in the threat landscape for a few years before largely disappearing. Now a new variant has appeared, with at least three distinct campaigns targeting Germany, Japan, and Poland respectively, to date.\r\n\r\nIn April 2018, the first samples of a new variant of the banking Trojan appeared in the wild. The most notable new feature is that the command and control (C&C) mechanism has been refactored to use the Tor anonymizing network. There is some speculation and circumstantial evidence suggesting that this new version of Kronos has been rebranded \u00e2\u20ac\u0153Osiris\u00e2\u20ac\u009d and is being sold on underground markets. In this blog, we present information on the German, Japanese, and Polish campaigns as well as a fourth campaign that looks to be a work in progress and still being tested."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b597ee4-7370-4258-88b5-b098950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:20:46.000Z",
"modified": "2018-07-26T12:20:46.000Z",
"first_observed": "2018-07-26T12:20:46Z",
"last_observed": "2018-07-26T12:20:46Z",
"number_observed": 1,
"object_refs": [
"url--5b597ee4-7370-4258-88b5-b098950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b597ee4-7370-4258-88b5-b098950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/kronos-reborn"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c078-03e4-4a71-a48f-4503950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:12.000Z",
"modified": "2018-07-26T12:37:12.000Z",
"description": "Mahnung_9415171.doc payload used in German campaign",
"pattern": "[url:value = 'https://dkb-agbs.com/25062018.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c078-3b9c-4f25-9aeb-4691950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:12.000Z",
"modified": "2018-07-26T12:37:12.000Z",
"pattern": "[file:name = 'Mahnung_9415171.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c079-0180-477e-b041-457e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:13.000Z",
"modified": "2018-07-26T12:37:13.000Z",
"description": "Kronos C&C used in German campaign",
"pattern": "[url:value = 'http://jhrppbnh4d674kzh.onion/kpanel/connect.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c079-cd18-4e05-a267-451f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:13.000Z",
"modified": "2018-07-26T12:37:13.000Z",
"description": "Webinject C&C used in the German campaign",
"pattern": "[url:value = 'https://startupbulawayo.website/d03ohi2e3232/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07a-1d28-454c-94ba-4f0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:14.000Z",
"modified": "2018-07-26T12:37:14.000Z",
"description": "Contains malicious redirect to RIG EK used in the Japan campaign",
"pattern": "[url:value = 'http://envirodry.ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07a-8cd8-4b86-ad8e-4635950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:14.000Z",
"modified": "2018-07-26T12:37:14.000Z",
"description": "RIG EK used in the Japan campaign",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.23.54.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07b-bb84-4c15-baa0-4135950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:15.000Z",
"modified": "2018-07-26T12:37:15.000Z",
"description": "SmokeLoader C&C used in the Japan campaign",
"pattern": "[url:value = 'http://lionoi.adygeya.su']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07b-09f8-4fdd-b9f2-41f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:15.000Z",
"modified": "2018-07-26T12:37:15.000Z",
"description": "SmokeLoader C&C used in the Japan campaign",
"pattern": "[url:value = 'http://milliaoin.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07c-c7fc-4ea5-9afe-4bd6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:16.000Z",
"modified": "2018-07-26T12:37:16.000Z",
"description": "New version of Kronos download link used in the Japan campaign",
"pattern": "[url:value = 'http://fritsy83.website/Osiris.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07c-1cc4-453a-8c26-495a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:16.000Z",
"modified": "2018-07-26T12:37:16.000Z",
"description": "New version of Kronos download link used in the Japan campaign",
"pattern": "[url:value = 'http://oo00mika84.website/Osiris_jmjp_auto2_noinj.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07d-f114-401d-af89-4f4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:17.000Z",
"modified": "2018-07-26T12:37:17.000Z",
"description": "Kronos C&C used in the Japan campaign",
"pattern": "[url:value = 'http://jmjp2l7yqgaj5xvv.onion/kpanel/connect.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07d-22e0-48c4-8b04-4ec0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:17.000Z",
"modified": "2018-07-26T12:37:17.000Z",
"description": "Webinject C&C used in the Japan campaign",
"pattern": "[url:value = 'https://kioxixu.abkhazia.su/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07e-f9f4-4770-b1cc-428e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:18.000Z",
"modified": "2018-07-26T12:37:18.000Z",
"description": "New version of Kronos download link used in the Poland campaign",
"pattern": "[url:value = 'http://mysit.space/123//v/0jLHzUW']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07e-d050-4843-9c9a-4cba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:18.000Z",
"modified": "2018-07-26T12:37:18.000Z",
"description": "Kronos C&C used in the Poland campaign",
"pattern": "[url:value = 'http://suzfjfguuis326qw.onion/kpanel/connect.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07f-d42c-469e-846a-4fa3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:19.000Z",
"modified": "2018-07-26T12:37:19.000Z",
"description": "New version of Kronos download link used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
"pattern": "[url:value = 'http://gameboosts.net/app/Player_v1.02.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c07f-732c-4cb6-adb4-4d48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:37:19.000Z",
"modified": "2018-07-26T12:37:19.000Z",
"description": "Kronos C&C used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
"pattern": "[url:value = 'http://mysmo35wlwhrkeez.onion/kpanel/connect.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:37:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bea3-9a30-4e9f-b748-4239950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:29:23.000Z",
"modified": "2018-07-26T12:29:23.000Z",
"description": "used in German campaign",
"pattern": "[file:hashes.SHA256 = 'bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d' AND file:name = 'Mahnung_9415171.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:29:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59beb5-0e9c-4f68-85f4-4a77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:29:41.000Z",
"modified": "2018-07-26T12:29:41.000Z",
"description": "New version of Kronos used in German campaign",
"pattern": "[file:hashes.SHA256 = '4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:29:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bef2-cdf8-40b2-8000-4298950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:30:42.000Z",
"modified": "2018-07-26T12:30:42.000Z",
"description": "SmokeLoader used in the Japan campaign",
"pattern": "[file:hashes.SHA256 = '3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:30:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bf0c-5950-4f90-9596-43da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:31:08.000Z",
"modified": "2018-07-26T12:31:08.000Z",
"description": "\u00e2\u20ac\u0153Faktura 2018.07.16.doc\u00e2\u20ac\u009d used in the Poland campaign",
"pattern": "[file:hashes.SHA256 = '045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108' AND file:name = 'Faktura 2018.07.16.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:31:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bf19-3770-40b1-aa0e-4824950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:31:21.000Z",
"modified": "2018-07-26T12:31:21.000Z",
"description": "New version of Kronos used in the Japan campaign",
"pattern": "[file:hashes.SHA256 = '3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:31:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bf31-2514-482c-9f84-4a20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:31:45.000Z",
"modified": "2018-07-26T12:31:45.000Z",
"description": "New version of Kronos used in the Poland campaign",
"pattern": "[file:hashes.SHA256 = 'e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59bf47-4fc4-44cc-b7bc-4967950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:32:07.000Z",
"modified": "2018-07-26T12:32:07.000Z",
"description": "New version of Kronos used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
"pattern": "[file:hashes.SHA256 = '93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:32:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c3d7-c760-41e4-9afd-40b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:51:35.000Z",
"modified": "2018-07-26T12:51:35.000Z",
"pattern": "[file:name = 'agb_9415166.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:51:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b59c3e9-d500-4e86-9f7f-45f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T12:51:53.000Z",
"modified": "2018-07-26T12:51:53.000Z",
"pattern": "[file:name = 'Mahnung_9415167.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T12:51:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--716245aa-e298-4be6-a638-f2073e0af588",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:19.000Z",
"modified": "2018-07-26T13:13:19.000Z",
"pattern": "[file:hashes.MD5 = '0248465d9edd866d7d8929af1f9685b4' AND file:hashes.SHA1 = '00135cbca3057dced3f9b6305a5645b92ba4cc0f' AND file:hashes.SHA256 = '3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:18.000Z",
"modified": "2018-07-26T13:13:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T00:33:17",
"category": "Other",
"uuid": "51255631-b21f-4261-ada2-7ca685b3ed85"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40/analysis/1532565197/",
"category": "External analysis",
"uuid": "680b979e-19fc-4a05-b706-c9031fc50a65"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "ade9ad59-02f1-438b-87c2-7d19be304bb6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:22.000Z",
"modified": "2018-07-26T13:13:22.000Z",
"pattern": "[file:hashes.MD5 = 'a301ee7f1cdb9b1f71deda6c29bb0a32' AND file:hashes.SHA1 = '8d6bc587e3abfcfd6b4a771c85a8af90f528d2c7' AND file:hashes.SHA256 = '3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:20.000Z",
"modified": "2018-07-26T13:13:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T00:37:33",
"category": "Other",
"uuid": "f224913c-b4e7-49e3-9834-f4faac6a3c75"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741/analysis/1532565453/",
"category": "External analysis",
"uuid": "4fa5dab3-b72e-4426-bea1-fb759d9aa71f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/67",
"category": "Other",
"uuid": "b5e75892-ebc1-4a65-aa68-601fc9df3dcc"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:24.000Z",
"modified": "2018-07-26T13:13:24.000Z",
"pattern": "[file:hashes.MD5 = 'b2ddd1a228db47234dad1fb164573d82' AND file:hashes.SHA1 = '7fd8631ab719eca44457630014674a95bc431b91' AND file:hashes.SHA256 = 'bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:22.000Z",
"modified": "2018-07-26T13:13:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T01:29:15",
"category": "Other",
"uuid": "dff34f97-1b1d-491b-865e-64884359e723"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d/analysis/1532568555/",
"category": "External analysis",
"uuid": "3d44fe98-1dac-4ea3-b4d9-cd70307f0786"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/60",
"category": "Other",
"uuid": "202c5da7-96a7-42b0-a002-f403095b9dcb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:26.000Z",
"modified": "2018-07-26T13:13:26.000Z",
"pattern": "[file:hashes.MD5 = 'd475c84d99c2bf461c294d75769b7707' AND file:hashes.SHA1 = 'aecaf84953641d835e7c754f559fc555169d8aec' AND file:hashes.SHA256 = '045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:25.000Z",
"modified": "2018-07-26T13:13:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T00:38:31",
"category": "Other",
"uuid": "5678e189-dcf2-4434-8f88-9313120fd768"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108/analysis/1532565511/",
"category": "External analysis",
"uuid": "b3f70f28-c3cd-41ef-88f6-36ce3cebe80c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/60",
"category": "Other",
"uuid": "77caf24b-6b28-4ed6-8d35-e773b7793f1d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2238785f-23bd-467b-b588-484fba9e78f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:29.000Z",
"modified": "2018-07-26T13:13:29.000Z",
"pattern": "[file:hashes.MD5 = '5e6764534b3a1e4d3abacc4810b6985d' AND file:hashes.SHA1 = 'f10ad287f126f577f197070453812a7e88c2cc52' AND file:hashes.SHA256 = 'e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:27.000Z",
"modified": "2018-07-26T13:13:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T09:13:49",
"category": "Other",
"uuid": "b1d7c0e1-f10b-43cb-ace4-1ce0276e6da5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0/analysis/1532596429/",
"category": "External analysis",
"uuid": "63646768-523d-40d4-8ce0-4c25dd4bd7b6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/66",
"category": "Other",
"uuid": "69d98df9-22d5-4184-bec4-65ab26cb4def"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:31.000Z",
"modified": "2018-07-26T13:13:31.000Z",
"pattern": "[file:hashes.MD5 = '820d3fb49af10fa714c4bdd5745d865b' AND file:hashes.SHA1 = '49b42b7ed9c3db0b1a4d45e37e4a6bc2b8079ff6' AND file:hashes.SHA256 = '93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:30.000Z",
"modified": "2018-07-26T13:13:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T10:11:06",
"category": "Other",
"uuid": "5fa195bf-7dd4-44d9-afe7-37503dd49378"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218/analysis/1532599866/",
"category": "External analysis",
"uuid": "2f69c414-6dbe-4eed-90b1-2737b06676eb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/67",
"category": "Other",
"uuid": "702d3ac7-5146-4cc5-a11a-a4341696d973"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:34.000Z",
"modified": "2018-07-26T13:13:34.000Z",
"pattern": "[file:hashes.MD5 = '17903c3d83125a5fc3e3f77d8a775bfe' AND file:hashes.SHA1 = '91da487143d931e00e935245e698ea2a582871e4' AND file:hashes.SHA256 = '4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-26T13:13:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-26T13:13:32.000Z",
"modified": "2018-07-26T13:13:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-07-26T07:37:11",
"category": "Other",
"uuid": "34bd7968-4830-4d15-8875-ddd51c4c740f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177/analysis/1532590631/",
"category": "External analysis",
"uuid": "fcaa4c90-8b64-40b0-89ec-57b498f2aa8b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/66",
"category": "Other",
"uuid": "f3ebb8a4-7d00-49ad-ae82-0d93cb2fd3e9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--24911f77-4eab-430b-b675-998701ba5acf",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--716245aa-e298-4be6-a638-f2073e0af588",
"target_ref": "x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--120e8958-420b-4ba7-8d3d-36678afe58e4",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
"target_ref": "x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--00c9f649-1bba-45e8-a393-75d269a7b0d2",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
"target_ref": "x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8d09022e-7165-4274-8e6c-4c8f92a5bf6c",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
"target_ref": "x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bbb1df96-f036-4c0a-84bc-dfe45d06531f",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2238785f-23bd-467b-b588-484fba9e78f9",
"target_ref": "x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--42df4884-397b-4d4f-a60b-8b500768ce80",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
"target_ref": "x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cc0e1076-4f0e-4d6b-a1ce-4710c3237934",
"created": "2018-07-26T13:13:33.000Z",
"modified": "2018-07-26T13:13:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
"target_ref": "x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink