518 lines
No EOL
24 KiB
JSON
518 lines
No EOL
24 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5c225981-ae64-4141-8a37-430a02de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:46.000Z",
|
|
"modified": "2018-12-26T21:42:46.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5c225981-ae64-4141-8a37-430a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:46.000Z",
|
|
"modified": "2018-12-26T21:42:46.000Z",
|
|
"name": "OSINT - Destructive Shamoon Malware Continues its Return with a New Anti-American Message",
|
|
"published": "2018-12-26T21:42:48Z",
|
|
"object_refs": [
|
|
"observed-data--5c225990-7df0-46a3-8fee-4cb202de0b81",
|
|
"url--5c225990-7df0-46a3-8fee-4cb202de0b81",
|
|
"x-misp-attribute--5c2259a6-f400-4bce-ac8d-493102de0b81",
|
|
"observed-data--5c225a92-e620-4078-96a5-4d8402de0b81",
|
|
"x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81",
|
|
"observed-data--5c225d74-4938-48b1-a404-4e9802de0b81",
|
|
"file--5c225d74-4938-48b1-a404-4e9802de0b81",
|
|
"observed-data--5c225d74-ed64-4f4b-8094-4e9a02de0b81",
|
|
"file--5c225d74-ed64-4f4b-8094-4e9a02de0b81",
|
|
"indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81",
|
|
"indicator--5c225a67-c328-4d9e-9076-a51902de0b81",
|
|
"indicator--5c225af5-c140-458f-b353-4e1d02de0b81",
|
|
"x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335",
|
|
"x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72",
|
|
"x-misp-object--d6f1dcfb-ad11-482d-b7af-105f27616350",
|
|
"x-misp-object--6672ba95-da71-4081-8a5c-34ce8863a146",
|
|
"x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce",
|
|
"x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623",
|
|
"relationship--783bd18e-4032-4b4d-bfff-8e4ec6a285ad",
|
|
"relationship--ca2588fd-256c-4a1a-91fc-4bbc602d553a",
|
|
"relationship--127eaa78-120e-4bf4-81c7-8a76fe736f23",
|
|
"relationship--b144ad83-afe0-48a8-ab84-589e2fef7bc9"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:tool=\"Shamoon\"",
|
|
"misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon\"",
|
|
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c225990-7df0-46a3-8fee-4cb202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:23:44.000Z",
|
|
"modified": "2018-12-25T16:23:44.000Z",
|
|
"first_observed": "2018-12-25T16:23:44Z",
|
|
"last_observed": "2018-12-25T16:23:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5c225990-7df0-46a3-8fee-4cb202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5c225990-7df0-46a3-8fee-4cb202de0b81",
|
|
"value": "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5c2259a6-f400-4bce-ac8d-493102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:24:06.000Z",
|
|
"modified": "2018-12-25T16:24:06.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the drowned Syrian refugee and child Alan Kurdi as part of targeted attacks attributed to the Iranian State. The image includes the text \"WE WILL TAKE REVENGE ON THE BLOOD AND TEARS OF OUR CHILDREN\" which is displayed in tandem with the overwriting of files on a victim's system.\r\n\r\nThe newest Shamoon sample was uploaded from France on December 23, 2018 and utilizes the commercial packing tool Enigma version 4 as a means of obfuscation. As observed in previous Shamoon samples the internal file name invokes a known PC tool, likely as a lure to allay initial user suspicion. In this case the malicious internal file name is \"Baidu PC Faster\" and uses the description \"Baidu WiFi Hotspot Setup\". A closer inspection of the file resources utilized by the sample reveals similarities with Shamoon V2 malware. Specifically, the resource \"GRANT\" is included which indicates that this sample was like compiled based on the second version of the codebase."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c225a92-e620-4078-96a5-4d8402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:28:02.000Z",
|
|
"modified": "2018-12-25T16:28:02.000Z",
|
|
"first_observed": "2018-12-25T16:28:02Z",
|
|
"last_observed": "2018-12-25T16:28:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"x509-fingerprint-sha1\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x509-certificate",
|
|
"spec_version": "2.1",
|
|
"id": "x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81",
|
|
"hashes": {
|
|
"SHA-1": "4b953f30f1de4dfef894b136daa155ceafc243a0"
|
|
}
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c225d74-4938-48b1-a404-4e9802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:40:20.000Z",
|
|
"modified": "2018-12-25T16:40:20.000Z",
|
|
"first_observed": "2018-12-25T16:40:20Z",
|
|
"last_observed": "2018-12-25T16:40:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5c225d74-4938-48b1-a404-4e9802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5c225d74-4938-48b1-a404-4e9802de0b81",
|
|
"name": "gfxprc_X64_pro.exe"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5c225d74-ed64-4f4b-8094-4e9a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:40:20.000Z",
|
|
"modified": "2018-12-25T16:40:20.000Z",
|
|
"first_observed": "2018-12-25T16:40:20Z",
|
|
"last_observed": "2018-12-25T16:40:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5c225d74-ed64-4f4b-8094-4e9a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5c225d74-ed64-4f4b-8094-4e9a02de0b81",
|
|
"name": "gfxprc_X64.exe"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:44.000Z",
|
|
"modified": "2018-12-26T21:42:44.000Z",
|
|
"description": "Shamoon (Packed)",
|
|
"pattern": "[file:hashes.MD5 = 'd0c3852e376423247ae45c24592880b6' AND file:hashes.SHA1 = '7335b8bdc62f35e2579ba18b91dc6227c586ef75' AND file:hashes.SHA256 = 'f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-12-26T21:42:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c225a67-c328-4d9e-9076-a51902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:45.000Z",
|
|
"modified": "2018-12-26T21:42:45.000Z",
|
|
"description": "Shamoon (Unpacked)",
|
|
"pattern": "[file:hashes.MD5 = '5711ac3dd15b019f558ec29e68d13ca9' AND file:hashes.SHA1 = 'b18b92a25078aa5f23a9987fd9038440b58b9566' AND file:hashes.SHA256 = 'c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-12-26T21:42:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5c225af5-c140-458f-b353-4e1d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:29:41.000Z",
|
|
"modified": "2018-12-25T16:29:41.000Z",
|
|
"pattern": "[x509-certificate:hashes.SHA1 = '4b953f30f1de4dfef894b136daa155ceafc243a0' AND x509-certificate:issuer = 'CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa c10, OU=VeriSign Trust Network, O=\\\\\"VeriSign, Inc.\\\\\", C=US\r\nSerial: 5faee9e83f32948f3b2040ac6df0145c' AND x509-certificate:serial_number = '5faee9e83f32948f3b2040ac6df0145c' AND x509-certificate:subject = 'CN=\\\\\"Baidu Online Network Technology Beijing Co.,Ltd.\\\\\", OU=Baidu security, O=\\\\\"Baidu Online Network Technology Beijing Co.,Ltd.\\\\\", L=Beijing, ST=Beijing, C=CN']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-12-25T16:29:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"x509\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:35:15.000Z",
|
|
"modified": "2018-12-25T16:35:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-24T12:02:45",
|
|
"category": "Other",
|
|
"uuid": "24757b25-e392-4525-b407-8c37aeb11fe7"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/",
|
|
"category": "External analysis",
|
|
"uuid": "ff29c3a5-6fd7-433f-8a09-c432727c88ca"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/69",
|
|
"category": "Other",
|
|
"uuid": "582751d6-7f02-4f98-ad88-85bb6f4a62b0"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-25T16:35:16.000Z",
|
|
"modified": "2018-12-25T16:35:16.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-24T15:16:39",
|
|
"category": "Other",
|
|
"uuid": "c5f5eb09-38ee-4bfa-b02e-d0df84f64dde"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545664599/",
|
|
"category": "External analysis",
|
|
"uuid": "c78c0cb0-5e91-4886-ab6e-4fcd5558c7a3"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "14/68",
|
|
"category": "Other",
|
|
"uuid": "55f75f6c-75a4-48e7-806d-9323b916f2d7"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d6f1dcfb-ad11-482d-b7af-105f27616350",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:27:50.000Z",
|
|
"modified": "2018-12-26T21:27:50.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-24T12:02:45",
|
|
"category": "Other",
|
|
"uuid": "a92b6f8d-367f-47bf-bc24-d7ba884d1cd6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/",
|
|
"category": "External analysis",
|
|
"uuid": "38ef2af6-3419-4fcf-a241-310d4927f1c9"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/69",
|
|
"category": "Other",
|
|
"uuid": "efec593f-48cd-433f-97aa-bde26003aa72"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6672ba95-da71-4081-8a5c-34ce8863a146",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:27:51.000Z",
|
|
"modified": "2018-12-26T21:27:51.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-26T20:58:38",
|
|
"category": "Other",
|
|
"uuid": "cc6abc85-e4fd-4877-8928-cf40bd36e0bd"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545857918/",
|
|
"category": "External analysis",
|
|
"uuid": "cd8c1b95-440e-469f-b4da-2adb4dcce401"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/70",
|
|
"category": "Other",
|
|
"uuid": "a91f8039-b52b-4b4d-b56e-17a544538240"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:45.000Z",
|
|
"modified": "2018-12-26T21:42:45.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-24T12:02:45",
|
|
"category": "Other",
|
|
"uuid": "caf5dc57-8207-43de-96eb-e8de55273ee1"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/",
|
|
"category": "External analysis",
|
|
"uuid": "006f3849-b2a3-4383-b093-aa18f8577a47"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/69",
|
|
"category": "Other",
|
|
"uuid": "cfd788c2-f51f-4978-94ec-415097d849ba"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-12-26T21:42:46.000Z",
|
|
"modified": "2018-12-26T21:42:46.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-12-26T20:58:38",
|
|
"category": "Other",
|
|
"uuid": "41a18372-be40-4844-b6db-820b3e6d5812"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545857918/",
|
|
"category": "External analysis",
|
|
"uuid": "41808df6-6a9f-4c20-94e8-fa206a56f065"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "32/70",
|
|
"category": "Other",
|
|
"uuid": "08437b29-50a1-4188-aeeb-d7a9e1c7e60e"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--783bd18e-4032-4b4d-bfff-8e4ec6a285ad",
|
|
"created": "2018-12-25T16:39:30.000Z",
|
|
"modified": "2018-12-25T16:39:30.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81",
|
|
"target_ref": "x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ca2588fd-256c-4a1a-91fc-4bbc602d553a",
|
|
"created": "2018-12-26T21:42:47.000Z",
|
|
"modified": "2018-12-26T21:42:47.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81",
|
|
"target_ref": "x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--127eaa78-120e-4bf4-81c7-8a76fe736f23",
|
|
"created": "2018-12-25T16:38:20.000Z",
|
|
"modified": "2018-12-25T16:38:20.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c225a67-c328-4d9e-9076-a51902de0b81",
|
|
"target_ref": "x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b144ad83-afe0-48a8-ab84-589e2fef7bc9",
|
|
"created": "2018-12-26T21:42:47.000Z",
|
|
"modified": "2018-12-26T21:42:47.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5c225a67-c328-4d9e-9076-a51902de0b81",
|
|
"target_ref": "x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |