509 lines
No EOL
22 KiB
JSON
509 lines
No EOL
22 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5c4cb9a7-0454-42eb-8f63-383368f8e8cf",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2021-05-24T09:53:15.000Z",
|
|
"modified": "2021-05-24T09:53:15.000Z",
|
|
"name": "VK-Intel",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5c4cb9a7-0454-42eb-8f63-383368f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2021-05-24T09:53:15.000Z",
|
|
"modified": "2021-05-24T09:53:15.000Z",
|
|
"name": "2019-01-25: Lazarus Pakistan Toolkits",
|
|
"published": "2021-05-26T09:09:05Z",
|
|
"object_refs": [
|
|
"indicator--5c4cb9a7-3684-4f00-bff9-383368f8e8cf",
|
|
"indicator--5c4cba32-e9e4-4bbf-8396-383068f8e8cf",
|
|
"indicator--5c4cba32-070c-42ba-a0e0-383068f8e8cf",
|
|
"indicator--5c4cba32-0238-4c6d-b8e2-383068f8e8cf",
|
|
"indicator--5c4cba84-aed4-452e-8eb2-4e2768f8e8cf",
|
|
"indicator--5c4cba84-c3c8-422c-a870-4e2768f8e8cf",
|
|
"indicator--5c4cbbd2-1258-453f-b07d-383068f8e8cf",
|
|
"observed-data--5c4d8bce-3e80-4dc4-9820-436102de0b81",
|
|
"url--5c4d8bce-3e80-4dc4-9820-436102de0b81",
|
|
"observed-data--5c4d8bf5-85c8-4424-a35f-4dd602de0b81",
|
|
"url--5c4d8bf5-85c8-4424-a35f-4dd602de0b81",
|
|
"indicator--49032699-f4cf-4808-a272-9ca316968a35",
|
|
"x-misp-object--c3f88cfe-b795-4813-aaf3-3e8dcc5aceb6",
|
|
"indicator--a45c3106-dec5-404d-acfc-8d00abde20c1",
|
|
"x-misp-object--f8013005-dcd4-4c9f-9277-143df2440b9b",
|
|
"indicator--88a6f7a4-9334-4ba6-af2d-93defaae48d4",
|
|
"x-misp-object--de16e29f-b02f-4768-a6a2-18ea57310af0",
|
|
"relationship--3b6839c4-68a2-4196-93aa-d1c819a522c5",
|
|
"relationship--4255b5d1-b4ff-4ea2-8b4f-246ca071bab0",
|
|
"relationship--ed6be6bb-a868-42fe-9a3e-574ee9960855"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"Actor: Lazarus",
|
|
"DPRK",
|
|
"Malware: PowerRatankba,b",
|
|
"PowerShell Installer",
|
|
"Keylogger",
|
|
"Country: Pakistan",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"misp-galaxy:threat-actor=\"Lazarus Group\"",
|
|
"misp-galaxy:malpedia=\"PowerRatankba\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group\"",
|
|
"misp-galaxy:malpedia=\"Lazarus\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"",
|
|
"misp-galaxy:mitre-intrusion-set=\"Lazarus Group\"",
|
|
"misp-galaxy:tool=\"PowerRatankba\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cb9a7-3684-4f00-bff9-383368f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:48:55.000Z",
|
|
"modified": "2019-01-26T19:48:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c9ed87e9f99c631cda368f6f329ee27e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cba32-e9e4-4bbf-8396-383068f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:51:14.000Z",
|
|
"modified": "2019-01-26T19:51:14.000Z",
|
|
"description": "Lazarus Tools",
|
|
"pattern": "[file:hashes.MD5 = 'c9ed87e9f99c631cda368f6f329ee27e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cba32-070c-42ba-a0e0-383068f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:51:14.000Z",
|
|
"modified": "2019-01-26T19:51:14.000Z",
|
|
"description": "Lazarus Tools",
|
|
"pattern": "[file:hashes.MD5 = '5cc28f3f32e7274f13378a724a5ec33a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cba32-0238-4c6d-b8e2-383068f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:51:14.000Z",
|
|
"modified": "2019-01-26T19:51:14.000Z",
|
|
"description": "Lazarus Tools",
|
|
"pattern": "[file:hashes.MD5 = '2025d91c1cdd33db576b2c90ef4067c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload installation"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload installation\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cba84-aed4-452e-8eb2-4e2768f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:52:36.000Z",
|
|
"modified": "2019-01-26T19:52:36.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'https://ecombox.store/tbl_add.php?action=cgetpsa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:52:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cba84-c3c8-422c-a870-4e2768f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-26T19:52:36.000Z",
|
|
"modified": "2019-01-26T19:52:36.000Z",
|
|
"description": "C2",
|
|
"pattern": "[url:value = 'https://ecombox.store/tbl_add.php?action=cgetrun']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-26T19:52:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c4cbbd2-1258-453f-b07d-383068f8e8cf",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:46:29.000Z",
|
|
"modified": "2019-01-27T10:46:29.000Z",
|
|
"description": "Yara for Keylogger",
|
|
"pattern": "[rule APT_Lazarus_Keylogger {\r\n meta:\r\n description = \"Detects possible Lazarus Keylogger\"\r\n author = \"@VK_Intel\"\r\n date = \"2019-01-25\"\r\n strings:\r\n\t$s0 = \"%s%s\" fullword ascii wide\r\n\t$s1 = \"[ENTER]\" fullword ascii wide \r\n\t$s2 = \"[EX]\" fullword ascii wide\r\n\t$s3 = \"%02d:%02d\" fullword ascii wide\r\n \r\n \r\n\t$dll0 = \"PSLogger.dll\" fullword ascii wide\r\n\t$dll1 = \"capture_x64.dll\" fullword ascii wide \r\n\t$exe = \"PSLogger.exe\" fullword ascii wide\r\n \r\n condition:\r\n\tuint16(0) == 0x5a4d and all of ($s*) and (1 of ($dll*) or $exe)\r\n }]",
|
|
"pattern_type": "yara",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-27T10:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c4d8bce-3e80-4dc4-9820-436102de0b81",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:50:55.000Z",
|
|
"modified": "2019-01-27T10:50:55.000Z",
|
|
"first_observed": "2019-01-27T10:50:55Z",
|
|
"last_observed": "2019-01-27T10:50:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5c4d8bce-3e80-4dc4-9820-436102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"75\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5c4d8bce-3e80-4dc4-9820-436102de0b81",
|
|
"value": "https://github.com/k-vitali/apt_lazarus_toolkits/blob/master/2019-01-26.lazarus_pakistan_misp_vk.json"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c4d8bf5-85c8-4424-a35f-4dd602de0b81",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:50:54.000Z",
|
|
"modified": "2019-01-27T10:50:54.000Z",
|
|
"first_observed": "2019-01-27T10:50:54Z",
|
|
"last_observed": "2019-01-27T10:50:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5c4d8bf5-85c8-4424-a35f-4dd602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"75\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5c4d8bf5-85c8-4424-a35f-4dd602de0b81",
|
|
"value": "https://www.vkremez.com/2019/01/lets-learn-dissecting-lazarus.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--49032699-f4cf-4808-a272-9ca316968a35",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:15.000Z",
|
|
"modified": "2019-01-27T10:47:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c9ed87e9f99c631cda368f6f329ee27e' AND file:hashes.SHA1 = '943feef623db1143f4b9c957fee4c94753cfb6a5' AND file:hashes.SHA256 = '802efe9c41909354921009bd54be7dcf1ee14fcfaf62dacbcdaafbe051a711e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-27T10:47:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c3f88cfe-b795-4813-aaf3-3e8dcc5aceb6",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:16.000Z",
|
|
"modified": "2019-01-27T10:47:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-26T18:54:38",
|
|
"category": "Other",
|
|
"uuid": "7b3cc6f2-b07f-457e-b07b-d540d8411068"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/802efe9c41909354921009bd54be7dcf1ee14fcfaf62dacbcdaafbe051a711e3/analysis/1548528878/",
|
|
"category": "External analysis",
|
|
"uuid": "a0ecf930-b40e-4994-a828-67700f5f7c7e"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "2/56",
|
|
"category": "Other",
|
|
"uuid": "44dca040-d0e5-4292-9239-670b5be27c9b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a45c3106-dec5-404d-acfc-8d00abde20c1",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:16.000Z",
|
|
"modified": "2019-01-27T10:47:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2025d91c1cdd33db576b2c90ef4067c7' AND file:hashes.SHA1 = 'ec80c302c91c6caf5343cfd3fabf43b0bbd067a5' AND file:hashes.SHA256 = 'bed916831e8c9babfb6d08644058a61e3547d621f847c081309f616aed06c2fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-27T10:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--f8013005-dcd4-4c9f-9277-143df2440b9b",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:16.000Z",
|
|
"modified": "2019-01-27T10:47:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-25T21:10:16",
|
|
"category": "Other",
|
|
"uuid": "44f0d1c6-d716-4e81-9349-5d1f1de27808"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/bed916831e8c9babfb6d08644058a61e3547d621f847c081309f616aed06c2fe/analysis/1548450616/",
|
|
"category": "External analysis",
|
|
"uuid": "2e44c2c4-bb77-4f87-a9d0-5162e7ce0712"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "3/68",
|
|
"category": "Other",
|
|
"uuid": "e80a9946-d609-4362-b9e4-ff861a117761"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--88a6f7a4-9334-4ba6-af2d-93defaae48d4",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:16.000Z",
|
|
"modified": "2019-01-27T10:47:16.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5cc28f3f32e7274f13378a724a5ec33a' AND file:hashes.SHA1 = '32292b4e125287a6567e3879d53d0d8d82bcdf01' AND file:hashes.SHA256 = '18f0ad8c58558d6eb8129f32cbc2905d0b63822185506b7c3bca49d423d837c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-01-27T10:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--de16e29f-b02f-4768-a6a2-18ea57310af0",
|
|
"created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf",
|
|
"created": "2019-01-27T10:47:16.000Z",
|
|
"modified": "2019-01-27T10:47:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-01-26T22:25:46",
|
|
"category": "Other",
|
|
"uuid": "e37a032b-0abd-4860-a6fd-5e6a98537472"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/18f0ad8c58558d6eb8129f32cbc2905d0b63822185506b7c3bca49d423d837c7/analysis/1548541546/",
|
|
"category": "External analysis",
|
|
"uuid": "4c46bec8-3b2d-4494-a2de-12288573a536"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "3/56",
|
|
"category": "Other",
|
|
"uuid": "ab18849e-cd56-4123-b59e-5086417c0d7f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3b6839c4-68a2-4196-93aa-d1c819a522c5",
|
|
"created": "2021-05-24T09:53:15.000Z",
|
|
"modified": "2021-05-24T09:53:15.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--49032699-f4cf-4808-a272-9ca316968a35",
|
|
"target_ref": "x-misp-object--c3f88cfe-b795-4813-aaf3-3e8dcc5aceb6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4255b5d1-b4ff-4ea2-8b4f-246ca071bab0",
|
|
"created": "2021-05-24T09:53:15.000Z",
|
|
"modified": "2021-05-24T09:53:15.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a45c3106-dec5-404d-acfc-8d00abde20c1",
|
|
"target_ref": "x-misp-object--f8013005-dcd4-4c9f-9277-143df2440b9b"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ed6be6bb-a868-42fe-9a3e-574ee9960855",
|
|
"created": "2021-05-24T09:53:15.000Z",
|
|
"modified": "2021-05-24T09:53:15.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--88a6f7a4-9334-4ba6-af2d-93defaae48d4",
|
|
"target_ref": "x-misp-object--de16e29f-b02f-4768-a6a2-18ea57310af0"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |