1064 lines
No EOL
46 KiB
JSON
1064 lines
No EOL
46 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5d95e39a-712c-41b6-b17b-459d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-10T05:55:44.000Z",
|
|
"modified": "2019-10-10T05:55:44.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5d95e39a-712c-41b6-b17b-459d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-10T05:55:44.000Z",
|
|
"modified": "2019-10-10T05:55:44.000Z",
|
|
"name": "COMpfun successor Reductor: compromise TLS traffic",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--5d95e3c6-2aa4-45e6-b0ca-46a5950d210f",
|
|
"url--5d95e3c6-2aa4-45e6-b0ca-46a5950d210f",
|
|
"indicator--5d95e44b-9428-43f9-8caf-4e2c950d210f",
|
|
"indicator--5d95e44b-4d9c-46e9-958e-42e9950d210f",
|
|
"indicator--5d95e44c-1f40-4f7a-842f-4834950d210f",
|
|
"indicator--5d95e44c-d36c-480d-b175-4bc9950d210f",
|
|
"indicator--5d95e44c-39dc-46a5-9820-47c8950d210f",
|
|
"indicator--5d95e44c-d07c-4b64-922d-472b950d210f",
|
|
"indicator--5d95e44c-f164-4110-854d-43d9950d210f",
|
|
"indicator--5d95e498-07f0-44dc-a11c-4453950d210f",
|
|
"indicator--5d95e498-174c-408d-ac07-4aac950d210f",
|
|
"observed-data--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"network-traffic--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"ipv4-addr--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"x-misp-attribute--5d95e72f-d3c4-42e0-8040-4fe9950d210f",
|
|
"indicator--5d9ec7e0-48e0-4106-ac7e-43e2950d210f",
|
|
"indicator--5d9ec7e0-a730-412b-a02e-4ba1950d210f",
|
|
"indicator--9499eb17-e165-4ddd-96ff-6a04056a5197",
|
|
"x-misp-object--2c492ff9-0eaf-47ec-882b-28395b2447c9",
|
|
"indicator--5d95e5cb-de84-4411-9e52-4c52950d210f",
|
|
"indicator--5d95e621-1790-4a3f-8d53-4a22950d210f",
|
|
"indicator--5d95e659-fdbc-41db-8e88-4990950d210f",
|
|
"indicator--5d95e68b-16c0-47d1-bd8a-4269950d210f",
|
|
"x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"x-misp-object--5d95eeae-1724-4536-b98c-49b2950d210f",
|
|
"x-misp-object--5d95eec7-48f8-4b2a-9558-46c5950d210f",
|
|
"x-misp-object--5d95eeee-23fc-4693-becb-4b7b950d210f",
|
|
"x-misp-object--5d95ef16-1204-47ba-8bc9-41dd950d210f",
|
|
"x-misp-object--5d95ef38-f244-4c43-a544-41c5950d210f",
|
|
"x-misp-object--5d95ef5c-eb2c-48f9-a95f-42ea950d210f",
|
|
"x-misp-object--5d95ef87-54fc-49aa-a417-4740950d210f",
|
|
"x-misp-object--5d95ef9f-972c-4b95-b577-41ef950d210f",
|
|
"x-misp-object--5d95efbc-3038-48e6-b25c-48a8950d210f",
|
|
"x-misp-object--5d95efd6-61e4-458e-8445-42c4950d210f",
|
|
"x-misp-object--5d95effb-e4a0-41af-b5a8-48b4950d210f",
|
|
"relationship--276459dd-60f4-44f4-a23d-a1458d299aca",
|
|
"relationship--85a620e2-6883-420c-82d3-c27b6aea3cbe",
|
|
"relationship--1f20116f-d3e9-461d-ac77-438a809dd0de",
|
|
"relationship--69fd438e-cd88-4c96-8414-548c79730136",
|
|
"relationship--1ac7dd8d-2bb6-40fa-9c39-97d452ea7525",
|
|
"relationship--fcd477aa-5db8-4a28-8369-260dfcac4e17",
|
|
"relationship--909d42dd-e5aa-4e70-afbb-57eee368b9ff",
|
|
"relationship--2fb76090-abf1-4ba0-b016-12ed1a1b9427",
|
|
"relationship--07c2fb94-4d4c-4d4d-8faa-9abe66f30472",
|
|
"relationship--8a70372b-b8ee-4570-a2bb-7ac575507c79",
|
|
"relationship--fcd22565-c16b-464d-a141-250b0f27fb2f",
|
|
"relationship--0698fcdf-8dbe-42f4-b23c-f5b569c8fe84"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:threat-actor=\"Turla Group\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"estimative-language:likelihood-probability=\"very-likely\"",
|
|
"misp-galaxy:tool=\"COMpfun\"",
|
|
"misp-galaxy:tool=\"Reductor\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d95e3c6-2aa4-45e6-b0ca-46a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:18:10.000Z",
|
|
"modified": "2019-10-03T12:18:10.000Z",
|
|
"first_observed": "2019-10-03T12:18:10Z",
|
|
"last_observed": "2019-10-03T12:18:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5d95e3c6-2aa4-45e6-b0ca-46a5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5d95e3c6-2aa4-45e6-b0ca-46a5950d210f",
|
|
"value": "https://securelist.com/compfun-successor-reductor/93633/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44b-9428-43f9-8caf-4e2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:35.000Z",
|
|
"modified": "2019-10-03T12:06:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27ce434ad1e240075c48a51722f8e87f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44b-4d9c-46e9-958e-42e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:35.000Z",
|
|
"modified": "2019-10-03T12:06:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e02b1b1d32e23975f496d1d1e0eb7a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44c-1f40-4f7a-842f-4834950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:35.000Z",
|
|
"modified": "2019-10-03T12:06:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '518ab503808e747c5d0dde6bfb54b95a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44c-d36c-480d-b175-4bc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:36.000Z",
|
|
"modified": "2019-10-03T12:06:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7911f8d717dc9d7a78d99e687a12d7ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44c-39dc-46a5-9820-47c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:36.000Z",
|
|
"modified": "2019-10-03T12:06:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9c7e50e7ce36c1b7d8ca2af2082f4cd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44c-d07c-4b64-922d-472b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:36.000Z",
|
|
"modified": "2019-10-03T12:06:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0387665fe7e006b5233c66f6bd5bb9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e44c-f164-4110-854d-43d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:06:36.000Z",
|
|
"modified": "2019-10-03T12:06:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6caa1bfcca872f0cbe2e7346b006ab4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:06:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e498-07f0-44dc-a11c-4453950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:07:52.000Z",
|
|
"modified": "2019-10-03T12:07:52.000Z",
|
|
"pattern": "[domain-name:value = 'adstat.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:07:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e498-174c-408d-ac07-4aac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:07:52.000Z",
|
|
"modified": "2019-10-03T12:07:52.000Z",
|
|
"pattern": "[domain-name:value = 'bill-tat.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:07:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:09:15.000Z",
|
|
"modified": "2019-10-03T12:09:15.000Z",
|
|
"first_observed": "2019-10-03T12:09:15Z",
|
|
"last_observed": "2019-10-03T12:09:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"ipv4-addr--5d95e4eb-d450-4d33-981b-49bfe387cbd9"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"src_ref": "ipv4-addr--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5d95e4eb-d450-4d33-981b-49bfe387cbd9",
|
|
"value": "200.63.45.192"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5d95e72f-d3c4-42e0-8040-4fe9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:18:55.000Z",
|
|
"modified": "2019-10-03T12:18:55.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target\u2019s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have.\r\n\r\nWe called these new modules \u2018Reductor\u2019 after a .pdb path left in some samples. Besides typical RAT functions such as uploading, downloading and executing files, Reductor\u2019s authors put a lot of effort into manipulating digital certificates and marking outbound TLS traffic with unique host-related identifiers.\r\n\r\nThe Kaspersky Attribution Engine shows strong code similarities between this family and the COMPfun Trojan. Moreover, further research showed that the original COMpfun Trojan most probably is used as a downloader in one of the distribution schemes. Based on these similarities, we\u2019re quite sure the new malware was developed by the COMPfun authors.\r\n\r\nThe COMpfun malware was initially documented by G-DATA in 2014. Although G-DATA didn\u2019t identify which actor was using this malware, Kaspersky tentatively linked it to the Turla APT, based on the victimology. Our telemetry indicates that the current campaign using Reductor started at the end of April 2019 and remained active at the time of writing (August 2019). We identified targets in Russia and Belarus.\r\n\r\nWe registered two initial infection schemes: Reductor spreads by either infecting popular software distributions (Internet Downloader Manager, WinRAR, etc. and, for at least one victim, through a popular warez website over HTTP); or its decryptor/dropper is spread using COMpfun\u2019s ability to download files on already infected hosts."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d9ec7e0-48e0-4106-ac7e-43e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-10T05:55:44.000Z",
|
|
"modified": "2019-10-10T05:55:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3e93f8b7c46a32236c225926d9f063f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-10T05:55:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d9ec7e0-a730-412b-a02e-4ba1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-10T05:55:44.000Z",
|
|
"modified": "2019-10-10T05:55:44.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5a5de7165faa9ad0ed3b2094ee6cff89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-10T05:55:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--9499eb17-e165-4ddd-96ff-6a04056a5197",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:07:08.000Z",
|
|
"modified": "2019-10-03T12:07:08.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7911f8d717dc9d7a78d99e687a12d7ad' AND file:hashes.SHA1 = 'e49666f7882f299c2845c7e31e3d842a387ef10d' AND file:hashes.SHA256 = '4e2d038e9d72ee4d660755ba973a31471dda167d1a51bfdfe60abb2b3de78ba1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:07:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--2c492ff9-0eaf-47ec-882b-28395b2447c9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:07:08.000Z",
|
|
"modified": "2019-10-03T12:07:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-05-19 16:41:15",
|
|
"category": "Other",
|
|
"uuid": "6f1c02b3-7e03-4457-b0d2-bb57f4594085"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/4e2d038e9d72ee4d660755ba973a31471dda167d1a51bfdfe60abb2b3de78ba1/analysis/1558284075/",
|
|
"category": "Payload delivery",
|
|
"uuid": "3b60de42-cdef-418e-97ce-93717a2412ce"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/68",
|
|
"category": "Payload delivery",
|
|
"uuid": "334ec304-ebb4-4527-badb-85b9d0ada237"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e5cb-de84-4411-9e52-4c52950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:12:59.000Z",
|
|
"modified": "2019-10-03T12:12:59.000Z",
|
|
"pattern": "[x509-certificate:hashes.SHA1 = '119b2be9c17d8c7c5ab0fa1a17aaf69082bab21d' AND x509-certificate:issuer = 'ie-paypal' AND x509-certificate:validity_not_after = '20311117T000000-0800']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:12:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"x509\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e621-1790-4a3f-8d53-4a22950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:14:25.000Z",
|
|
"modified": "2019-10-03T12:14:25.000Z",
|
|
"pattern": "[x509-certificate:hashes.SHA1 = '546f7a565920aeb0021a1d05525ff0b3df51d020' AND x509-certificate:issuer = 'GeoTrust Rsa CA' AND x509-certificate:validity_not_after = '20311117T000000-0800']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:14:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"x509\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e659-fdbc-41db-8e88-4990950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:15:21.000Z",
|
|
"modified": "2019-10-03T12:15:21.000Z",
|
|
"pattern": "[x509-certificate:hashes.SHA1 = '959eb6c7f45b7c5c761d5b758e65d9ef7ea20cf3' AND x509-certificate:issuer = 'GeoTrust Rsa CA' AND x509-certificate:validity_not_after = '20311117T000000-0800']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:15:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"x509\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5d95e68b-16c0-47d1-bd8a-4269950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:16:11.000Z",
|
|
"modified": "2019-10-03T12:16:11.000Z",
|
|
"pattern": "[x509-certificate:hashes.SHA1 = '992bace0bc815e43626d59d790cef50907c6ea9b' AND x509-certificate:issuer = 'VeriSign, Inc.' AND x509-certificate:validity_not_after = '20311117T000000-0800']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-10-03T12:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"x509\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T13:01:33.000Z",
|
|
"modified": "2019-10-03T13:01:33.000Z",
|
|
"labels": [
|
|
"misp:name=\"command\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "All C2 communications are handled in a standalone malware thread. Reductor sends HTTP POST queries to the /query.php scripts on the C2s listed in its configuration. The POST query contains the target\u2019s unique hardware ID encrypted with AES 128. The C2 returns one of the following encrypted commands.",
|
|
"category": "Other",
|
|
"uuid": "5d95ee8f-dac0-4724-94ca-47b1950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "trigger",
|
|
"value": "Network",
|
|
"category": "Other",
|
|
"uuid": "5d95ee8f-16dc-43b1-855c-40e7950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "location",
|
|
"value": "Bundled",
|
|
"category": "Other",
|
|
"uuid": "5d95ee8f-5850-4ebf-a819-4720950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95eeae-1724-4536-b98c-49b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:50:54.000Z",
|
|
"modified": "2019-10-03T12:50:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Get the host name",
|
|
"category": "Other",
|
|
"uuid": "5d95eeaf-7354-452c-9798-43b6950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "hostinfo",
|
|
"category": "Other",
|
|
"uuid": "5d95eeaf-1290-4305-be37-498a950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95eec7-48f8-4b2a-9558-46c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:51:19.000Z",
|
|
"modified": "2019-10-03T12:51:19.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Get the timeout value from the corresponding registry value",
|
|
"category": "Other",
|
|
"uuid": "5d95eec7-cf64-4268-8a63-434a950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "gettimeout",
|
|
"category": "Other",
|
|
"uuid": "5d95eec7-15a8-4238-adfd-4542950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95eeee-23fc-4693-becb-4b7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:51:58.000Z",
|
|
"modified": "2019-10-03T12:51:58.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Parse strings and set corresponding values in the system registries. So far only one option is supported \u2013 timeout",
|
|
"category": "Other",
|
|
"uuid": "5d95eeef-4b14-435e-9364-4fb2950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "options",
|
|
"category": "Other",
|
|
"uuid": "5d95eeef-1d38-409c-8396-4060950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ef16-1204-47ba-8bc9-41dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:52:38.000Z",
|
|
"modified": "2019-10-03T12:52:38.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Transmit the current C2 domains used by target",
|
|
"category": "Other",
|
|
"uuid": "5d95ef16-0388-41d5-a2f7-4569950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "domainlist",
|
|
"category": "Other",
|
|
"uuid": "5d95ef16-9d5c-4b14-9227-4fbb950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ef38-f244-4c43-a544-41c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:53:12.000Z",
|
|
"modified": "2019-10-03T12:53:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Download the file of interest",
|
|
"category": "Other",
|
|
"uuid": "5d95ef38-d59c-419e-89e3-42d6950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "downfile",
|
|
"category": "Other",
|
|
"uuid": "5d95ef38-86b4-44d0-891a-4d3e950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ef5c-eb2c-48f9-a95f-42ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:53:48.000Z",
|
|
"modified": "2019-10-03T12:53:48.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Upload the file of interest",
|
|
"category": "Other",
|
|
"uuid": "5d95ef5c-86f4-4135-836e-41bf950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "upfile",
|
|
"category": "Other",
|
|
"uuid": "5d95ef5c-4734-4a1c-9d21-4c56950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ef87-54fc-49aa-a417-4740950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:54:31.000Z",
|
|
"modified": "2019-10-03T12:54:31.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Create the process that executes mentioned file",
|
|
"category": "Other",
|
|
"uuid": "5d95ef87-53d8-449a-9c86-47a1950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "execfile",
|
|
"category": "Other",
|
|
"uuid": "5d95ef87-deb8-47dc-8bdd-45bb950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95ef9f-972c-4b95-b577-41ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:54:55.000Z",
|
|
"modified": "2019-10-03T12:54:55.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Do nothing. Possibly used to check the connection with the host",
|
|
"category": "Other",
|
|
"uuid": "5d95ef9f-3878-4f8f-b286-4bdd950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "nop",
|
|
"category": "Other",
|
|
"uuid": "5d95ef9f-880c-471d-9849-49a3950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95efbc-3038-48e6-b25c-48a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:55:24.000Z",
|
|
"modified": "2019-10-03T12:55:24.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Delete installed digital certificates, files, cookies and system registry values including those related to COM CLSID or LSA notification package persistence",
|
|
"category": "Other",
|
|
"uuid": "5d95efbc-e7c8-4d86-9b0d-4c79950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "kill",
|
|
"category": "Other",
|
|
"uuid": "5d95efbc-18f4-421c-bc70-4f6d950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95efd6-61e4-458e-8445-42c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:55:50.000Z",
|
|
"modified": "2019-10-03T12:55:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Delete file at a specified path",
|
|
"category": "Other",
|
|
"uuid": "5d95efd7-d120-4621-a7e8-43b4950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "deletefile",
|
|
"category": "Other",
|
|
"uuid": "5d95efd7-74e0-498c-b936-404e950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5d95effb-e4a0-41af-b5a8-48b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-10-03T12:56:27.000Z",
|
|
"modified": "2019-10-03T12:56:27.000Z",
|
|
"labels": [
|
|
"misp:name=\"command-line\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "description",
|
|
"value": "Renew the digital certificates installed on target",
|
|
"category": "Other",
|
|
"uuid": "5d95effc-6a30-4f50-833b-4fef950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "value",
|
|
"value": "certlist",
|
|
"category": "Other",
|
|
"uuid": "5d95effc-2bd8-4075-b30e-4892950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "command-line"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--276459dd-60f4-44f4-a23d-a1458d299aca",
|
|
"created": "2019-10-03T12:07:08.000Z",
|
|
"modified": "2019-10-03T12:07:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--9499eb17-e165-4ddd-96ff-6a04056a5197",
|
|
"target_ref": "x-misp-object--2c492ff9-0eaf-47ec-882b-28395b2447c9"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--85a620e2-6883-420c-82d3-c27b6aea3cbe",
|
|
"created": "2019-10-03T12:57:03.000Z",
|
|
"modified": "2019-10-03T12:57:03.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95ef87-54fc-49aa-a417-4740950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1f20116f-d3e9-461d-ac77-438a809dd0de",
|
|
"created": "2019-10-03T12:57:36.000Z",
|
|
"modified": "2019-10-03T12:57:36.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95eeae-1724-4536-b98c-49b2950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--69fd438e-cd88-4c96-8414-548c79730136",
|
|
"created": "2019-10-03T12:58:22.000Z",
|
|
"modified": "2019-10-03T12:58:22.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95eec7-48f8-4b2a-9558-46c5950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1ac7dd8d-2bb6-40fa-9c39-97d452ea7525",
|
|
"created": "2019-10-03T12:58:48.000Z",
|
|
"modified": "2019-10-03T12:58:48.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95ef16-1204-47ba-8bc9-41dd950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fcd477aa-5db8-4a28-8369-260dfcac4e17",
|
|
"created": "2019-10-03T12:59:08.000Z",
|
|
"modified": "2019-10-03T12:59:08.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95ef9f-972c-4b95-b577-41ef950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--909d42dd-e5aa-4e70-afbb-57eee368b9ff",
|
|
"created": "2019-10-03T12:59:32.000Z",
|
|
"modified": "2019-10-03T12:59:32.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95efbc-3038-48e6-b25c-48a8950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fb76090-abf1-4ba0-b016-12ed1a1b9427",
|
|
"created": "2019-10-03T13:00:11.000Z",
|
|
"modified": "2019-10-03T13:00:11.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95effb-e4a0-41af-b5a8-48b4950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--07c2fb94-4d4c-4d4d-8faa-9abe66f30472",
|
|
"created": "2019-10-03T13:00:31.000Z",
|
|
"modified": "2019-10-03T13:00:31.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95efd6-61e4-458e-8445-42c4950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--8a70372b-b8ee-4570-a2bb-7ac575507c79",
|
|
"created": "2019-10-03T13:00:49.000Z",
|
|
"modified": "2019-10-03T13:00:49.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95ef38-f244-4c43-a544-41c5950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--fcd22565-c16b-464d-a141-250b0f27fb2f",
|
|
"created": "2019-10-03T13:01:12.000Z",
|
|
"modified": "2019-10-03T13:01:12.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95eeee-23fc-4693-becb-4b7b950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0698fcdf-8dbe-42f4-b23c-f5b569c8fe84",
|
|
"created": "2019-10-03T13:01:33.000Z",
|
|
"modified": "2019-10-03T13:01:33.000Z",
|
|
"relationship_type": "includes",
|
|
"source_ref": "x-misp-object--5d95ee8f-feec-4106-a189-41c7950d210f",
|
|
"target_ref": "x-misp-object--5d95ef5c-eb2c-48f9-a95f-42ea950d210f"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |