misp-circl-feed/feeds/circl/stix-2.1/5c4458f2-6270-4c17-8fe2-992402de0b81.json

1281 lines
No EOL
56 KiB
JSON

{
"type": "bundle",
"id": "bundle--5c4458f2-6270-4c17-8fe2-992402de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-28T09:18:28.000Z",
"modified": "2019-02-28T09:18:28.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5c4458f2-6270-4c17-8fe2-992402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-28T09:18:28.000Z",
"modified": "2019-02-28T09:18:28.000Z",
"name": "OSINT - BitterRAT PATCHWORK",
"context": "suspicious-activity",
"object_refs": [
"indicator--5c4459da-6374-4f25-9bb6-a83202de0b81",
"indicator--5c4459db-214c-4cf3-8bfc-a83202de0b81",
"indicator--5c4459db-4f5c-4f63-8d30-a83202de0b81",
"observed-data--5c445ae0-8b4c-44cf-973f-98d302de0b81",
"url--5c445ae0-8b4c-44cf-973f-98d302de0b81",
"observed-data--5c445ae0-af98-460b-b37c-98d302de0b81",
"url--5c445ae0-af98-460b-b37c-98d302de0b81",
"observed-data--5c445ae0-86f0-40ca-a041-98d302de0b81",
"url--5c445ae0-86f0-40ca-a041-98d302de0b81",
"indicator--5c445b0a-f430-49fb-9097-468002de0b81",
"indicator--5c445b0a-ae24-4bed-8e2d-416e02de0b81",
"indicator--5c445b0b-8f78-4d23-8027-46ab02de0b81",
"indicator--5c445b0b-01d8-4b1d-81bb-472f02de0b81",
"indicator--5c445b2d-b2ec-4067-8891-98d302de0b81",
"indicator--5c445b2e-1280-4f6b-a51f-98d302de0b81",
"indicator--5c445b54-b390-4847-8585-4c9802de0b81",
"indicator--5c445b55-eff0-4fe7-aaff-427c02de0b81",
"observed-data--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"network-traffic--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"ipv4-addr--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"observed-data--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"network-traffic--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"ipv4-addr--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"indicator--5c76b08c-f724-4322-a531-418e02de0b81",
"indicator--5c77a701-6ed0-4e6b-a497-47cb02de0b81",
"indicator--5c77a724-a98c-43d6-9335-452402de0b81",
"x-misp-object--5c445998-17e4-4411-ac90-4c8902de0b81",
"indicator--8cb15f0f-006b-4400-8fd1-e4ac9586b92e",
"x-misp-object--b29e2cdc-6709-40b3-b08b-227aacd7503c",
"indicator--9a14aeab-1cc6-4fad-b1db-007f193da4aa",
"x-misp-object--baeb4e2d-2b52-4f76-a2d8-ffd3f8fbf96f",
"indicator--645535fc-0fe5-4f38-a8b0-a247d8f46d87",
"x-misp-object--7cf96e54-0bab-47c1-a06a-6c3ea9173676",
"indicator--5c445a91-96e4-4a76-81bf-4bb302de0b81",
"indicator--db8c563d-74f7-492a-ab64-12d646b305ef",
"x-misp-object--573e5323-af68-46ff-bf63-ab4367951a1a",
"indicator--b30ed68b-1525-4bc7-a433-4ead4df9845c",
"x-misp-object--d9e9def6-73c0-4b65-b2d3-1d382d809e1b",
"indicator--80cdfaf6-8bf3-4374-9f68-992799ed3b70",
"x-misp-object--6da3bd65-82d7-45c7-9a90-417575cca55d",
"indicator--e1137dbb-bedf-4093-8391-b598b22d0a87",
"x-misp-object--7df872cb-7f5d-4df9-b654-92c03908f4af",
"indicator--57bc77e0-6e6a-4ac3-a678-4d620ca79902",
"x-misp-object--be750522-8ad5-4911-8601-070557f5b9b2",
"indicator--5a403b39-3b33-41e6-852f-277fe242197e",
"x-misp-object--61c4a2cb-234e-4428-9dd5-e214916b1536",
"relationship--a344b290-4448-4a32-a58e-f5a3495844c0",
"relationship--5fe0f40b-e3f4-44c8-8fd2-00f208c77efa",
"relationship--aa084e8f-3353-48dc-95ec-bb9e8ea7a228",
"relationship--1d5f832a-5944-40bb-b14b-d0be722f780a",
"relationship--a22af68f-7959-43e4-b6a5-d9ed208516bc",
"relationship--cfcb0184-63fb-415d-a767-193f1e9f1460",
"relationship--e790b53e-2d9c-493f-a635-874966f5e5d4",
"relationship--383f843e-24d2-4cf6-a987-0874e7544ff1",
"relationship--d7542ed7-98d6-4a71-97f5-24faee3a3fdf"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:threat-actor=\"Dropping Elephant\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4459da-6374-4f25-9bb6-a83202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:02.000Z",
"modified": "2019-01-20T11:22:02.000Z",
"description": "While digging into a sample that @thor_scanner fired for #BitterRAT #PATCHWORK on @virustotal I confirmed that the following samples are from the same group.",
"pattern": "[file:hashes.MD5 = '7845d817e021db8cde06a8437693b3b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4459db-214c-4cf3-8bfc-a83202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:03.000Z",
"modified": "2019-01-20T11:22:03.000Z",
"description": "While digging into a sample that @thor_scanner fired for #BitterRAT #PATCHWORK on @virustotal I confirmed that the following samples are from the same group.",
"pattern": "[file:hashes.MD5 = 'd34fc3a5df544d90ed1933b79deb1868']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c4459db-4f5c-4f63-8d30-a83202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:03.000Z",
"modified": "2019-01-20T11:22:03.000Z",
"description": "While digging into a sample that @thor_scanner fired for #BitterRAT #PATCHWORK on @virustotal I confirmed that the following samples are from the same group.",
"pattern": "[file:hashes.MD5 = '59ca69647eeceab0193d88b8b72e3d60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c445ae0-8b4c-44cf-973f-98d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:26:24.000Z",
"modified": "2019-01-20T11:26:24.000Z",
"first_observed": "2019-01-20T11:26:24Z",
"last_observed": "2019-01-20T11:26:24Z",
"number_observed": 1,
"object_refs": [
"url--5c445ae0-8b4c-44cf-973f-98d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c445ae0-8b4c-44cf-973f-98d302de0b81",
"value": "https://analyze.intezer.com/#/analyses/314c7fb5-7d2e-4e3c-93d8-84c2064672d3"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c445ae0-af98-460b-b37c-98d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:26:24.000Z",
"modified": "2019-01-20T11:26:24.000Z",
"first_observed": "2019-01-20T11:26:24Z",
"last_observed": "2019-01-20T11:26:24Z",
"number_observed": 1,
"object_refs": [
"url--5c445ae0-af98-460b-b37c-98d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c445ae0-af98-460b-b37c-98d302de0b81",
"value": "https://analyze.intezer.com/#/analyses/5dcad879-8bf6-45ed-a10f-53313aaf32a0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c445ae0-86f0-40ca-a041-98d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:26:24.000Z",
"modified": "2019-01-20T11:26:24.000Z",
"first_observed": "2019-01-20T11:26:24Z",
"last_observed": "2019-01-20T11:26:24Z",
"number_observed": 1,
"object_refs": [
"url--5c445ae0-86f0-40ca-a041-98d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c445ae0-86f0-40ca-a041-98d302de0b81",
"value": "https://analyze.intezer.com/#/analyses/5dcad879-8bf6-45ed-a10f-53313aaf32a0"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b0a-f430-49fb-9097-468002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:06.000Z",
"modified": "2019-01-20T11:27:06.000Z",
"description": "RTF file",
"pattern": "[file:hashes.MD5 = 'e4abdd40f7d1adb3f139940438484695']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b0a-ae24-4bed-8e2d-416e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:06.000Z",
"modified": "2019-01-20T11:27:06.000Z",
"description": "Payload",
"pattern": "[file:hashes.MD5 = 'a098d91f04eb259bf27432e81a9c523b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b0b-8f78-4d23-8027-46ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:07.000Z",
"modified": "2019-01-20T11:27:07.000Z",
"description": "Payload",
"pattern": "[file:hashes.MD5 = '53d6ed9a3e56785ccbee9b73b14ec62c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b0b-01d8-4b1d-81bb-472f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:07.000Z",
"modified": "2019-01-20T11:27:07.000Z",
"description": "Payload",
"pattern": "[file:hashes.MD5 = '26d175ac27b4554885b5c3d2ec9c6769']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b2d-b2ec-4067-8891-98d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:41.000Z",
"modified": "2019-01-20T11:27:41.000Z",
"description": "Additional Payload can also be seen in the below screenshot. Looks like the threat actors have a pattern of sequentially naming folders.",
"pattern": "[file:hashes.MD5 = '3dcc9ac06cd5318f247be0d73c8c1d1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b2e-1280-4f6b-a51f-98d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:27:42.000Z",
"modified": "2019-01-20T11:27:42.000Z",
"description": "Additional Payload can also be seen in the below screenshot. Looks like the threat actors have a pattern of sequentially naming folders.",
"pattern": "[domain-name:value = 'wcnsservice.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:27:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b54-b390-4847-8585-4c9802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:20.000Z",
"modified": "2019-01-20T11:28:20.000Z",
"description": "Additional URL - Couldn't find it in any writeups:",
"pattern": "[url:value = 'rmmun.org.pk/svch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445b55-eff0-4fe7-aaff-427c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:21.000Z",
"modified": "2019-01-20T11:28:21.000Z",
"description": "Additional URL - Couldn't find it in any writeups:",
"pattern": "[file:hashes.MD5 = 'b694f3b1ef7ff302c339a51c3f0f50f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:29:07.000Z",
"modified": "2019-01-20T11:29:07.000Z",
"first_observed": "2019-01-20T11:29:07Z",
"last_observed": "2019-01-20T11:29:07Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"ipv4-addr--5c445b83-6b80-43b2-a950-44b0e387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"src_ref": "ipv4-addr--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5c445b83-6b80-43b2-a950-44b0e387cbd9",
"value": "185.45.193.10"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:29:08.000Z",
"modified": "2019-01-20T11:29:08.000Z",
"first_observed": "2019-01-20T11:29:08Z",
"last_observed": "2019-01-20T11:29:08Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"ipv4-addr--5c445b84-c18c-404c-8f53-4cf3e387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"src_ref": "ipv4-addr--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5c445b84-c18c-404c-8f53-4cf3e387cbd9",
"value": "185.121.139.53"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c76b08c-f724-4322-a531-418e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-27T15:45:16.000Z",
"modified": "2019-02-27T15:45:16.000Z",
"description": "rtf exploit",
"pattern": "[rule dropper_elephant {\r\n\tstrings:\r\n\t\t$head = \"{\\\\rt\"\r\n\t\t$water = { 33 35 33 32 33 34 36 36 36 31 33 36 33 33 36 31 33 35 33 30 30 30}\r\n\tcondition:\r\n\t\t$head at 0 and $water \r\n\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2019-02-27T15:45:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c77a701-6ed0-4e6b-a497-47cb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-28T09:16:49.000Z",
"modified": "2019-02-28T09:16:49.000Z",
"description": "rtf file",
"pattern": "[file:hashes.SHA256 = 'd3122d94a7fde33bc1f35ab49f56408a19a46847cce3686ff40c7a5f2ff71ca1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-28T09:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c77a724-a98c-43d6-9335-452402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-02-28T09:17:24.000Z",
"modified": "2019-02-28T09:17:24.000Z",
"description": "rtf file",
"pattern": "[file:hashes.SHA256 = '52c10f300f15e6b4f7e3e1989a35c7d2719217f4d3d64fe0afcf83bb922ec61f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-02-28T09:17:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c445998-17e4-4411-ac90-4c8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:20:56.000Z",
"modified": "2019-01-20T11:20:56.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\"",
"osint:certainty=\"93\"",
"osint:source-type=\"microblog-post\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "While digging into a sample that @thor_scanner fired for #BitterRAT #PATCHWORK on @virustotal I confirmed that the following samples are from the same group. Hashes: 7845d817e021db8cde06a8437693b3b2 d34fc3a5df544d90ed1933b79deb1868 59ca69647eeceab0193d88b8b72e3d60",
"category": "Other",
"uuid": "5c445998-bcb8-4f80-8d60-437002de0b81"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5c445998-e110-4f97-917a-4f0802de0b81"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/shotgunner101/status/1086792700114948096",
"category": "Network activity",
"to_ids": true,
"uuid": "5c445998-ea68-4dae-a03e-492f02de0b81"
},
{
"type": "text",
"object_relation": "username",
"value": "shotgunner101",
"category": "Other",
"uuid": "5c445999-3450-4150-8196-459102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8cb15f0f-006b-4400-8fd1-e4ac9586b92e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:32.000Z",
"modified": "2019-01-20T11:22:32.000Z",
"pattern": "[file:hashes.MD5 = 'd34fc3a5df544d90ed1933b79deb1868' AND file:hashes.SHA1 = '6c5d2012f58ee390500c515506f67e43e491818f' AND file:hashes.SHA256 = '386350a786e325844875dfffa5286f904a3ecce22845f3d3685e2abf68d79b55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b29e2cdc-6709-40b3-b08b-227aacd7503c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:34.000Z",
"modified": "2019-01-20T11:22:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-17 11:42:39",
"category": "Other",
"uuid": "cd5abe05-07bc-49f1-834b-984f412fd69b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/386350a786e325844875dfffa5286f904a3ecce22845f3d3685e2abf68d79b55/analysis/1545046959/",
"category": "External analysis",
"uuid": "b46db101-5b99-4641-bacc-c1488b6b1c13"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/70",
"category": "Other",
"uuid": "7e191cc5-c4b9-41b7-9370-30af876f9087"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a14aeab-1cc6-4fad-b1db-007f193da4aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:35.000Z",
"modified": "2019-01-20T11:22:35.000Z",
"pattern": "[file:hashes.MD5 = '59ca69647eeceab0193d88b8b72e3d60' AND file:hashes.SHA1 = '4d441ba024b5fba0c2d02a30c00cd1ba63aaa1f0' AND file:hashes.SHA256 = '80cc095d582ee7e7a370b1967c4ad0b336622a2f4f4a04c515b014bc3be78377']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--baeb4e2d-2b52-4f76-a2d8-ffd3f8fbf96f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:37.000Z",
"modified": "2019-01-20T11:22:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-20 05:28:41",
"category": "Other",
"uuid": "b6767065-40ce-4769-b41d-d80c76e36f6b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/80cc095d582ee7e7a370b1967c4ad0b336622a2f4f4a04c515b014bc3be78377/analysis/1547962121/",
"category": "External analysis",
"uuid": "dd19c19d-8f28-4860-9592-8899a91a9f44"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/67",
"category": "Other",
"uuid": "a5e53653-a585-48dc-a595-12b67dae1846"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--645535fc-0fe5-4f38-a8b0-a247d8f46d87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:38.000Z",
"modified": "2019-01-20T11:22:38.000Z",
"pattern": "[file:hashes.MD5 = '7845d817e021db8cde06a8437693b3b2' AND file:hashes.SHA1 = 'bdb21b57c572744b58f8dc4f4020e32e1787f46d' AND file:hashes.SHA256 = '57fb48d43f5363798aee52635e0bbc393141940e60dbc0fda298898984556a8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:22:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7cf96e54-0bab-47c1-a06a-6c3ea9173676",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:22:40.000Z",
"modified": "2019-01-20T11:22:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-20 05:31:17",
"category": "Other",
"uuid": "263b4bfc-fee6-4604-8ad6-3e718c0bbd60"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/57fb48d43f5363798aee52635e0bbc393141940e60dbc0fda298898984556a8e/analysis/1547962277/",
"category": "External analysis",
"uuid": "2a347a59-cf7a-4973-bd1c-5fb4c1b1488d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/70",
"category": "Other",
"uuid": "6fb014a0-3fbe-4f2a-9ab4-e54bf354e276"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c445a91-96e4-4a76-81bf-4bb302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:25:05.000Z",
"modified": "2019-01-20T11:25:05.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.45.193.10') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'netwareservice.ddns.net') AND network-traffic:x_misp_text = 'There is also another domain and IP Address that I couldn\\'t find linked with any PATCHWORK/Bitter RAT reports.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--db8c563d-74f7-492a-ab64-12d646b305ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:30.000Z",
"modified": "2019-01-20T11:28:30.000Z",
"pattern": "[file:hashes.MD5 = 'a098d91f04eb259bf27432e81a9c523b' AND file:hashes.SHA1 = 'a359d15c1055fe8574eb0a68f429c6ee4f0894ff' AND file:hashes.SHA256 = 'b0d974b590a67ff642a60033b1acdbec37f9dc13b3bf49aead70bd3ef96a0d42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--573e5323-af68-46ff-bf63-ab4367951a1a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:32.000Z",
"modified": "2019-01-20T11:28:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-10 01:04:42",
"category": "Other",
"uuid": "a044a306-15d0-435d-aeec-dd77d24f9e2e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b0d974b590a67ff642a60033b1acdbec37f9dc13b3bf49aead70bd3ef96a0d42/analysis/1547082282/",
"category": "External analysis",
"uuid": "50958fd2-c56f-44ea-999e-03c8428dc48b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/70",
"category": "Other",
"uuid": "cc0dce63-893d-4ba6-ba93-d620445ebc17"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b30ed68b-1525-4bc7-a433-4ead4df9845c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:33.000Z",
"modified": "2019-01-20T11:28:33.000Z",
"pattern": "[file:hashes.MD5 = '26d175ac27b4554885b5c3d2ec9c6769' AND file:hashes.SHA1 = '205e77e7f708b5c2f3f6370547255ae4c6b61b5b' AND file:hashes.SHA256 = '4d5290e7e30ef25b7cb265784b1507f756b938af3a4d915225b708e5e44a5ed4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d9e9def6-73c0-4b65-b2d3-1d382d809e1b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:34.000Z",
"modified": "2019-01-20T11:28:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-26 06:32:20",
"category": "Other",
"uuid": "13e649fd-ebb4-4f6e-a7e5-4cd02ab8e4df"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4d5290e7e30ef25b7cb265784b1507f756b938af3a4d915225b708e5e44a5ed4/analysis/1545805940/",
"category": "External analysis",
"uuid": "ab8369e4-bd22-4d44-9904-59d1520d6b88"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/69",
"category": "Other",
"uuid": "4aaec601-7d0d-45f8-9c5f-6018bb4cf450"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--80cdfaf6-8bf3-4374-9f68-992799ed3b70",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:37.000Z",
"modified": "2019-01-20T11:28:37.000Z",
"pattern": "[file:hashes.MD5 = 'b694f3b1ef7ff302c339a51c3f0f50f3' AND file:hashes.SHA1 = '02a5aaa1956b437f1066a4793cc079201c02603b' AND file:hashes.SHA256 = '523a17f6892c2558ac4765959df4af938e56a94fa6ed39636b8b7315def3a1b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6da3bd65-82d7-45c7-9a90-417575cca55d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:38.000Z",
"modified": "2019-01-20T11:28:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-20 20:38:41",
"category": "Other",
"uuid": "bd626c6a-66b1-41d4-9803-d7be0957d811"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/523a17f6892c2558ac4765959df4af938e56a94fa6ed39636b8b7315def3a1b4/analysis/1545338321/",
"category": "External analysis",
"uuid": "542b3ccc-7a07-4b00-9213-a1287036339e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/70",
"category": "Other",
"uuid": "f69ec892-9c22-4f81-9fba-9c59c550efab"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1137dbb-bedf-4093-8391-b598b22d0a87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:39.000Z",
"modified": "2019-01-20T11:28:39.000Z",
"pattern": "[file:hashes.MD5 = 'e4abdd40f7d1adb3f139940438484695' AND file:hashes.SHA1 = 'fddfb467c6d04f7333206591a2105881be985d5c' AND file:hashes.SHA256 = 'e835280daa9d93f38ef7707a2672912515669f971c8e994754486d40524371db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7df872cb-7f5d-4df9-b654-92c03908f4af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:41.000Z",
"modified": "2019-01-20T11:28:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-17 11:33:07",
"category": "Other",
"uuid": "4800929b-92d6-42d9-a7e0-a3390c4f821e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e835280daa9d93f38ef7707a2672912515669f971c8e994754486d40524371db/analysis/1547724787/",
"category": "External analysis",
"uuid": "294505dc-8126-4e47-9eef-3721f0086fbf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/57",
"category": "Other",
"uuid": "e83fe184-6c74-4558-97de-f741bc1b94ba"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57bc77e0-6e6a-4ac3-a678-4d620ca79902",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:42.000Z",
"modified": "2019-01-20T11:28:42.000Z",
"pattern": "[file:hashes.MD5 = '53d6ed9a3e56785ccbee9b73b14ec62c' AND file:hashes.SHA1 = '2075cddc453492a349de81e4aae309a376c1147a' AND file:hashes.SHA256 = 'aa0e4216867d68fca3e6b0bafcabd871657abda9820aaee0c72d89f365163d75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--be750522-8ad5-4911-8601-070557f5b9b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:43.000Z",
"modified": "2019-01-20T11:28:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-20 05:27:08",
"category": "Other",
"uuid": "ce177d9a-fdaf-447f-9628-969f55f142eb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aa0e4216867d68fca3e6b0bafcabd871657abda9820aaee0c72d89f365163d75/analysis/1547962028/",
"category": "External analysis",
"uuid": "41820a0e-61aa-4b65-8672-b2985cdf6a1a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"uuid": "88ad0b3d-a8ab-45f8-b782-228493b9ad39"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a403b39-3b33-41e6-852f-277fe242197e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:45.000Z",
"modified": "2019-01-20T11:28:45.000Z",
"pattern": "[file:hashes.MD5 = '3dcc9ac06cd5318f247be0d73c8c1d1d' AND file:hashes.SHA1 = '969fc7f9b770215ce2ad3fe38451d286fda4e7cb' AND file:hashes.SHA256 = '5ea68ecd5e68a83b3c1a1249f8ca895ad107a4c780d9d3c3430fcc4d3007a299']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-20T11:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--61c4a2cb-234e-4428-9dd5-e214916b1536",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-20T11:28:47.000Z",
"modified": "2019-01-20T11:28:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-18 18:25:53",
"category": "Other",
"uuid": "896b9522-f5fa-4ffd-8ef2-76826c41225b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5ea68ecd5e68a83b3c1a1249f8ca895ad107a4c780d9d3c3430fcc4d3007a299/analysis/1547835953/",
"category": "External analysis",
"uuid": "cfa6606b-9b09-4da3-8675-1f1e9b067030"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "16/70",
"category": "Other",
"uuid": "6269f302-e585-4ca1-8cab-bed4ad17f06b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a344b290-4448-4a32-a58e-f5a3495844c0",
"created": "2019-01-20T11:22:41.000Z",
"modified": "2019-01-20T11:22:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8cb15f0f-006b-4400-8fd1-e4ac9586b92e",
"target_ref": "x-misp-object--b29e2cdc-6709-40b3-b08b-227aacd7503c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5fe0f40b-e3f4-44c8-8fd2-00f208c77efa",
"created": "2019-01-20T11:22:41.000Z",
"modified": "2019-01-20T11:22:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9a14aeab-1cc6-4fad-b1db-007f193da4aa",
"target_ref": "x-misp-object--baeb4e2d-2b52-4f76-a2d8-ffd3f8fbf96f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa084e8f-3353-48dc-95ec-bb9e8ea7a228",
"created": "2019-01-20T11:22:41.000Z",
"modified": "2019-01-20T11:22:41.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--645535fc-0fe5-4f38-a8b0-a247d8f46d87",
"target_ref": "x-misp-object--7cf96e54-0bab-47c1-a06a-6c3ea9173676"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d5f832a-5944-40bb-b14b-d0be722f780a",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--db8c563d-74f7-492a-ab64-12d646b305ef",
"target_ref": "x-misp-object--573e5323-af68-46ff-bf63-ab4367951a1a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a22af68f-7959-43e4-b6a5-d9ed208516bc",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b30ed68b-1525-4bc7-a433-4ead4df9845c",
"target_ref": "x-misp-object--d9e9def6-73c0-4b65-b2d3-1d382d809e1b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cfcb0184-63fb-415d-a767-193f1e9f1460",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--80cdfaf6-8bf3-4374-9f68-992799ed3b70",
"target_ref": "x-misp-object--6da3bd65-82d7-45c7-9a90-417575cca55d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e790b53e-2d9c-493f-a635-874966f5e5d4",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e1137dbb-bedf-4093-8391-b598b22d0a87",
"target_ref": "x-misp-object--7df872cb-7f5d-4df9-b654-92c03908f4af"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--383f843e-24d2-4cf6-a987-0874e7544ff1",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--57bc77e0-6e6a-4ac3-a678-4d620ca79902",
"target_ref": "x-misp-object--be750522-8ad5-4911-8601-070557f5b9b2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d7542ed7-98d6-4a71-97f5-24faee3a3fdf",
"created": "2019-01-20T11:28:48.000Z",
"modified": "2019-01-20T11:28:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5a403b39-3b33-41e6-852f-277fe242197e",
"target_ref": "x-misp-object--61c4a2cb-234e-4428-9dd5-e214916b1536"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}