Skip to content

Instantly share code, notes, and snippets.

@VVX7

VVX7/gist:fd3ca7e9ee39408b69861d6ba9420c29

Last active April 1, 2020 01:14
Show Gist options
  • Save VVX7/fd3ca7e9ee39408b69861d6ba9420c29 to your computer and use it in GitHub Desktop.
Save VVX7/fd3ca7e9ee39408b69861d6ba9420c29 to your computer and use it in GitHub Desktop.
Download ZIP
opencti_report
Raw
gistfile1.txt
{
"type": "bundle",
"id": "bundle--fbfc482f-0a2c-47c5-a02a-d9d415168da6",
"spec_version": "2.0",
"objects": [
{
"id": "report--041ded1e-864e-4fad-b6de-ac5a478f3084",
"type": "report",
"name": "Double Deceit",
"labels": [
"report"
],
"published": "2020-03-16T02:08:39.754Z",
"created": "2020-03-16T02:04:13.099Z",
"modified": "2020-04-01T01:02:53.751Z",
"x_opencti_report_class": "Threat Report",
"x_opencti_object_status": 2,
"x_opencti_source_confidence_level": 3,
"x_opencti_graph_data": "eyJub2RlcyI6eyI4MzJjOTc1Ni1kYzYwLTQ4NDctODI0ZC04MzM0YmM3Y2Y2ODUiOnsicG9zaXRpb24iOnsieCI6Ny45MTAwNTg2MzMxMzIwMTEsInkiOjI3Mi4zMDE3NTg5OTM5NjAzM319LCIxNjQxYTY5YS05OTFiLTQ2ZDEtOGY2MC00YjFmODYxMWQzZGQiOnsicG9zaXRpb24iOnsieCI6Nzg1LCJ5IjowfX0sIjIzMjhiNGMyLTAzYjgtNDAyYS1iODc4LTk5MzZjYTVhOWQ3NSI6eyJwb3NpdGlvbiI6eyJ4IjoxMjcuOTEwMDU4NjMzMTMyMDEsInkiOjI3Mi4zMDE3NTg5OTM5NjAzM319LCI1MDNkZDRkZC00NTU5LTQ5ZjItOTU0NC0wM2U4MjE3NDRmZjUiOnsicG9zaXRpb24iOnsieCI6MjQ3LjkxMDA1ODYzMzEzMjAyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiN2I3NTcxMGItMTdjMC00OGY4LWI3NjctMTY4NmFjNzgxZDU4Ijp7InBvc2l0aW9uIjp7IngiOjM2Ny45MTAwNTg2MzMxMzIsInkiOjI3Mi4zMDE3NTg5OTM5NjAzM319LCIzYzZiZjIzMy1kMWMyLTQ2OWMtOTNjNC0xN2E1NmYyMTg0MDEiOnsicG9zaXRpb24iOnsieCI6NDg3LjkxMDA1ODYzMzEzMiwieSI6MjcyLjMwMTc1ODk5Mzk2MDMzfX0sIjVlYTdmNTNlLTY3NDktNDdiMi1hNjIyLTU2MWNhZTJmYzQ5ZiI6eyJwb3NpdGlvbiI6eyJ4Ijo2MDcuOTEwMDU4NjMzMTMyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiY2U2YmI2NmMtMzU1ZC00OTM4LWExOWYtMDU3N2QzYzliYzQzIjp7InBvc2l0aW9uIjp7IngiOjcyNy45MTAwNTg2MzMxMzIsInkiOjI3Mi4zMDE3NTg5OTM5NjAzM319LCJiNWIwYjAzZi05MWI5LTRiZjctODdmMy02MmI4NGY0MDBkMjYiOnsicG9zaXRpb24iOnsieCI6ODQ3LjkxMDA1ODYzMzEzMiwieSI6MjcyLjMwMTc1ODk5Mzk2MDMzfX0sIjVlYmFmOTliLTUxOTItNGM0MS1iMzMzLTE5MzE1NDhiMTk2OCI6eyJwb3NpdGlvbiI6eyJ4Ijo5NjcuOTEwMDU4NjMzMTMyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiMTlmZDAwODItNjIzOC00ODdiLWEyZGItMTM0YThhMWYxYWZkIjp7InBvc2l0aW9uIjp7IngiOjEwODcuOTEwMDU4NjMzMTMyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiMTE4NjA0ZWItODc0ZC00ZTY1LThhZTQtZjhkYjFmZTVhNTcwIjp7InBvc2l0aW9uIjp7IngiOjEyMDcuOTEwMDU4NjMzMTMyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiMzA4NjZhNTYtZDIyZS00ZDZlLTg0NDAtNjUxYTA0YTNlYjAyIjp7InBvc2l0aW9uIjp7IngiOjEzMjcuOTEwMDU4NjMzMTMyLCJ5IjoyNzIuMzAxNzU4OTkzOTYwMzN9fSwiYjhhOTJlNDMtZmU5Ni00N2ZiLWE1NTQtMzUzMzk1MGUzZjdhIjp7InBvc2l0aW9uIjp7IngiOjE4MDUsInkiOjB9fSwiNjc0MDZlNTctMWI5ZS00MmZiLWE0YWYtYThkNTUxYjkyNTNlIjp7InBvc2l0aW9uIjp7IngiOjE2ODUsInkiOjYwMC4xMDU5MDg4MTM1NDYyfX0sImI1MzMxMWU3LTkyZTctNDQ2ZC05NTg2LTc0OTljZWU5NmU4YSI6eyJwb3NpdGlvbiI6eyJ4IjoxNjg1LCJ5IjowfX0sIjBjZDFhM2JiLTQ3ZDQtNGI3NS04YjlmLTRlNzg3Y2VjNTRmMyI6eyJwb3NpdGlvbiI6eyJ4IjoxNDQ3LjkxMDA1ODYzMzEzMiwieSI6MjcyLjMwMTc1ODk5Mzk2MDMzfX0sImI2MDUxY2JmLTQxYTEtNDdjZS1hYWNhLTM2ZmZlYjI4NTExNCI6eyJwb3NpdGlvbiI6eyJ4IjoxNjg1LCJ5IjozNzB9fSwiZmRmYzU0Y2YtOGQ0Yi00MGE5LTgwNDUtYzA2ZGFiYzI4NTE4Ijp7InBvc2l0aW9uIjp7IngiOjE2ODUsInkiOjE4NX19LCI1NDhkMGMwOS1kZGExLTRmZTItYmJmNS03OTFmMWIxY2RiMmUiOnsicG9zaXRpb24iOnsieCI6MTIyLjkxMDA1ODYzMzEzMjAxLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiYWNhMTZlNDAtZWIwZC00MDU2LTg2ZGItOGNiNmVhMjI0Njk5Ijp7InBvc2l0aW9uIjp7IngiOjAsInkiOjExMH19LCIyMjE1NGRjMS02MzU2LTQwMmQtODM2Zi02MzhiNjg0NmQ1MTQiOnsicG9zaXRpb24iOnsieCI6NzIyLjkxMDA1ODYzMzEzMiwieSI6MTk3LjMwMTc1ODk5Mzk2MDMzfX0sImMyM2RmZGM5LTliNzYtNGNkYi05ZTI5LWRjZDJkODY3MzlmMyI6eyJwb3NpdGlvbiI6eyJ4Ijo0ODIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiMTU3NjBiMzEtZjBiMC00NTQ5LWFkZjUtNTUxOGEyZDhlYzQzIjp7InBvc2l0aW9uIjp7IngiOjYwMi45MTAwNTg2MzMxMzIsInkiOjE5Ny4zMDE3NTg5OTM5NjAzM319LCI5MjQ4M2RhZC0zNTQyLTQ0ZmUtOGU2Ny01ZjRiOTc3MTExM2UiOnsicG9zaXRpb24iOnsieCI6MjQyLjkxMDA1ODYzMzEzMjAyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiNzg2ZDBhYTUtMDlhNy00MjEyLTllYjEtNWY3NjYxNWQxMjRlIjp7InBvc2l0aW9uIjp7IngiOjM2Mi45MTAwNTg2MzMxMzIsInkiOjE5Ny4zMDE3NTg5OTM5NjAzM319LCIxZTg2NjI5YS0zYjM3LTQyZWUtYjY2NS1lNmNmYTMwOTA5MDIiOnsicG9zaXRpb24iOnsieCI6OTYyLjkxMDA1ODYzMzEzMiwieSI6MTk3LjMwMTc1ODk5Mzk2MDMzfX0sIjRiNjJmZDA3LWFlOGYtNDNkZS04MTRhLWY5MDE1ZjRlNmMzYSI6eyJwb3NpdGlvbiI6eyJ4Ijo4NDIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiNjJhMjE3MGQtNmEzZC00YWVmLTk0ZWItMDdkNTQ5ZDZmODdlIjp7InBvc2l0aW9uIjp7IngiOjEwODIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiMDE5MDMwZDgtNWYwYS00NjQ1LTlmZmMtNmEwYWE1N2VhY2UxIjp7InBvc2l0aW9uIjp7IngiOjEyMDIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiYWNmNzc0YTUtNjhlMi00MzJkLWI3NjAtNmE0OGY4ZTJmNGI4Ijp7InBvc2l0aW9uIjp7IngiOjEzMjIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiMTA3ZWJlYWYtZWRlNC00OTQwLWFhYjktNzQ5YTMwYTRjYjFhIjp7InBvc2l0aW9uIjp7IngiOjE0NDIuOTEwMDU4NjMzMTMyLCJ5IjoxOTcuMzAxNzU4OTkzOTYwMzN9fSwiMDFlNmZhZjMtZmE2ZS00ODFlLTkyNjAtYjc4MDY4OTM2NDdkIjp7InBvc2l0aW9uIjp7IngiOjE2ODAsInkiOjI5NX19LCI5NTM4ZTYxMy0zNGM3LTQ2NmQtOWM0YS02YzUyZDU1OTBlMzIiOnsicG9zaXRpb24iOnsieCI6MTgwMCwieSI6MTEwfX0sImZhNmNmYWE4LTc5YTctNDhiOC04YjQyLTBkODdjNzYzYzZjOCI6eyJwb3NpdGlvbiI6eyJ4IjoxNjgwLCJ5IjoxMTB9fSwiNTc4NDZkMGYtOWU5ZS00NjY5LWIwNGUtYTZmMjAyZDYwNmU1Ijp7InBvc2l0aW9uIjp7IngiOjE2ODAsInkiOjQ4MH19LCIyNTYwMTdkMS0zYzIwLTRkZDAtYTQzZi1lZjBjODc5YzQ2NDUiOnsicG9zaXRpb24iOnsieCI6MTU2MCwieSI6MTEwfX19LCJ6b29tIjo5MS43MjcxMzc1NjQ0OTE1Niwib2Zmc2V0WCI6LTE2Ljg2NTc0NDA0MDA4ODA3NCwib2Zmc2V0WSI6MzM0LjAxMTc4NzUxNzI4NTh9",
"x_opencti_id": "34cea411-4c1d-42f2-aa17-e6b0f0d43155",
"x_opencti_tags": [
{
"id": "4a2a36f0-844e-4282-b98f-6254a20b871d",
"tag_type": "threat",
"value": "IRA",
"color": "#f12323"
},
{
"id": "06f2dd9a-4011-4737-a58b-4996fb38f3e1",
"tag_type": "threat",
"value": "Disinformation",
"color": "#f67bef"
}
],
"external_references": [
{
"id": "external-reference--3aeeda66-3779-4cb7-93fe-e2fca7065371",
"source_name": "Graphika",
"description": "Russian operation linked to former IRA associates employed social media users in Ghana to target black communities in the US.",
"url": "https://d1qmdf3vop2l07.cloudfront.net/zealous-canopy.cloudvent.net/compressed/_min_/9b2c8500d6f7520d1593fd4285c18a71.pdf",
"external_id": "IRA in Ghana: Double Deceit",
"x_opencti_id": "678f4922-7af9-4bb3-a44c-851d097aea26",
"x_opencti_created": "2020-03-16T02:23:45.240Z",
"x_opencti_modified": "2020-03-16T02:23:45.240Z"
},
{
"id": "external-reference--84ab47c2-0aa4-4b0d-aebf-9bd4b5e1422f",
"source_name": "CNN",
"description": "Inside a Russian troll factory in Ghana",
"url": "https://www.cnn.com/2020/03/12/world/russia-ghana-troll-farms-2020-ward/index.html",
"external_id": "Russian election meddling is back -- via Ghana and Nigeria -- and in your feeds",
"x_opencti_id": "b46940bc-1ff0-4b2c-839d-7bc99c1e27ce",
"x_opencti_created": "2020-03-16T02:24:36.607Z",
"x_opencti_modified": "2020-03-16T02:24:36.607Z"
}
],
"object_refs": [
"tool--19994f85-6807-4560-a8c9-50299a10fe22",
"campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"attack-pattern--a3be1451-50cc-46b4-a4ba-0506e5d9ad24",
"attack-pattern--049f40f5-c3e0-4ab1-b865-8782be8cb9d4",
"attack-pattern--4f0ca414-30ea-4653-b1ca-c617f7ad883d",
"attack-pattern--99d5f10e-7ed8-4e85-87d1-ff4b73d8e9a4",
"attack-pattern--169675c9-2f18-462b-ba7d-0e37cc0d96d5",
"attack-pattern--e3625d60-3bc5-40fd-9366-885392df8e9b",
"attack-pattern--1aba2935-a5fa-4db1-bde7-632e708bb531",
"attack-pattern--617bb7ec-c53d-47de-bc98-3d5bc65a89ed",
"attack-pattern--c10a54f4-da7f-49c0-96f1-e992e96374ba",
"attack-pattern--2af155a0-e968-4d92-af3e-bcbdbf799764",
"attack-pattern--841be7e7-5f88-4fd1-8f81-54938d62e52b",
"identity--1a82d3db-6c07-4135-a1f3-7f6159970524",
"identity--3e45f29a-3269-491f-ac9d-5e680db683b2",
"identity--fcd7d0dc-5825-482a-a1a6-dc07600a6762",
"attack-pattern--8f84d9a1-b7f4-43bb-92ba-eba1a305f593",
"intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"relationship--5abd0c91-4909-40fe-9e30-a6d8c0ba947b",
"relationship--8c627376-9ff0-426c-8372-2bc4620fe16b",
"relationship--9acc44b4-53c7-4db6-b2d2-d6a291d55fdb",
"relationship--8b6df982-b170-4810-9eae-616d01445c57",
"relationship--68fb7901-6272-4115-89b7-39db51b2e655",
"relationship--1dbe26ab-0300-4b2b-9b6d-e5a2cb31694f",
"relationship--974b1a1f-ac48-4baa-ad09-c265f655efc4",
"relationship--00c5a7aa-2783-4de4-b2e6-0521cd6a3684",
"relationship--cc6cf4f1-776b-4593-9a0e-8dcb42057584",
"relationship--da373d13-c33c-438a-947e-17a11d09eac3",
"relationship--0e0864d5-ff3b-4003-bb3b-92cbc39cf4f4",
"relationship--2ed386e6-b5a5-496a-bb25-8bc63bca2f34",
"relationship--79bb1e17-44b1-4241-ba1a-64b96b092bc5",
"relationship--bf0fabc7-b7a0-4cc9-aa96-ee72e9a4840e",
"relationship--ab96eab5-7a76-4597-bba8-de30870ccd5d",
"relationship--1ccc1258-048a-4e2a-89f5-f1c75dacc919",
"relationship--e0cd6f82-55f9-4d88-88a8-b529fb43cd01",
"relationship--bb8a38a3-c64b-4156-8732-5add3f8cd836"
]
},
{
"id": "tool--19994f85-6807-4560-a8c9-50299a10fe22",
"type": "tool",
"name": "Telegram",
"labels": [
"tool"
],
"description": "Encrypted messaging app",
"created": "2020-03-16T02:01:51.908Z",
"modified": "2020-03-16T02:01:51.908Z",
"x_opencti_id": "832c9756-dc60-4847-824d-8334bc7cf685"
},
{
"id": "identity--1a82d3db-6c07-4135-a1f3-7f6159970524",
"type": "identity",
"name": "Graphika",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2020-03-16T01:51:58.027Z",
"modified": "2020-03-16T01:51:58.027Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "b8a92e43-fe96-47fb-a554-3533950e3f7a"
},
{
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"type": "marking-definition",
"definition_type": "TLP",
"definition": {
"TLP": "TLP:WHITE"
},
"created": "2020-02-26T15:26:01.153Z",
"x_opencti_modified": "2020-02-26T15:26:01.153Z",
"x_opencti_id": "a0c66bd2-e39a-43f9-a4a8-13eb55adbcba"
},
{
"id": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"type": "campaign",
"name": "Double Deceit",
"labels": [
"campaign"
],
"description": "IRA in Ghana: Double Deceit",
"x_opencti_first_seen": "2020-03-16T01:52:01.223Z",
"x_opencti_last_seen": "2020-03-16T01:52:01.223Z",
"created": "2020-03-16T01:52:01.224Z",
"modified": "2020-03-16T01:52:01.224Z",
"x_opencti_id": "1641a69a-991b-46d1-8f60-4b1f8611d3dd",
"created_by_ref": "identity--1a82d3db-6c07-4135-a1f3-7f6159970524",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_opencti_tags": [
{
"id": "06f2dd9a-4011-4737-a58b-4996fb38f3e1",
"tag_type": "threat",
"value": "Disinformation",
"color": "#f67bef"
}
]
},
{
"id": "attack-pattern--a3be1451-50cc-46b4-a4ba-0506e5d9ad24",
"type": "attack-pattern",
"x_opencti_external_id": "T0053",
"name": "Twitter trolls amplify and manipulate",
"labels": [
"attack-pattern"
],
"description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized) e.g. BlackLivesMatter or MeToo",
"created": "2019-12-08T02:27:58.325Z",
"modified": "2019-12-08T02:27:58.325Z",
"x_opencti_id": "2328b4c2-03b8-402a-b878-9936ca5a9d75",
"kill_chain_phases": [
{
"id": "kill-chain-phase--21f00b9e-b21f-493e-a023-7fd9b9c6cb71",
"kill_chain_name": "amitt-attack",
"phase_name": "exposure",
"x_opencti_id": "9473c9da-380d-4a69-81cf-3a69c8b48d76",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:43.588Z",
"x_opencti_modified": "2020-02-27T03:04:43.588Z"
}
],
"external_references": [
{
"id": "external-reference--e9390c23-9156-495e-83be-bde2fbd83943",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0053.md",
"external_id": "T0053",
"x_opencti_id": "a296259d-0870-4b40-ac5d-b05503c403db",
"x_opencti_created": "2020-02-27T03:04:51.602Z",
"x_opencti_modified": "2020-02-27T03:04:51.602Z"
}
]
},
{
"id": "attack-pattern--049f40f5-c3e0-4ab1-b865-8782be8cb9d4",
"type": "attack-pattern",
"x_opencti_external_id": "T0043",
"name": "Use SMS/ WhatsApp/ Chat apps",
"labels": [
"attack-pattern"
],
"description": "Direct messaging via encypted app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a diffucult space to monitor, but also a difficult space to build acclaim or notoriety.",
"created": "2019-12-08T02:27:58.322Z",
"modified": "2019-12-08T02:27:58.322Z",
"x_opencti_id": "503dd4dd-4559-49f2-9544-03e821744ff5",
"kill_chain_phases": [
{
"id": "kill-chain-phase--031af698-0419-41e9-a4d2-a908f5c7c03f",
"kill_chain_name": "amitt-attack",
"phase_name": "pump-priming",
"x_opencti_id": "b56d1c04-48a6-4025-941c-0409668f8a81",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:45.607Z",
"x_opencti_modified": "2020-02-27T03:04:45.607Z"
}
],
"external_references": [
{
"id": "external-reference--838ad0d0-ec11-4b9c-a332-302321e74933",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0043.md",
"external_id": "T0043",
"x_opencti_id": "7a9e7130-fb02-4bb9-9e89-2b12134dc042",
"x_opencti_created": "2020-02-27T03:05:12.669Z",
"x_opencti_modified": "2020-02-27T03:05:12.669Z"
}
]
},
{
"id": "attack-pattern--4f0ca414-30ea-4653-b1ca-c617f7ad883d",
"type": "attack-pattern",
"x_opencti_external_id": "T0039",
"name": "Bait legitimate influencers",
"labels": [
"attack-pattern"
],
"description": "Credibility in a social media environment is often a function of the size of a user's network. \"Influencers\" are so-called because of their reach, typically understood as: 1) the size of their network (i.e. the number of followers, perhaps weighted by their own influence); and 2) The rate at which their comments are re-circulated (these two metrics are related). Add traditional media players at all levels of credibility and professionalism to this, and the number of potential influencial carriers available for unwitting amplification becomes substantial.\n\nBy targeting high-influence people and organizations in all types of media with narratives and content engineered to appeal their emotional or ideological drivers, influence campaigns are able to add perceived credibility to their messaging via saturation and adoption by trusted agents such as celebrities, journalists and local leaders.",
"created": "2019-12-08T02:27:58.321Z",
"modified": "2019-12-08T02:27:58.321Z",
"x_opencti_id": "7b75710b-17c0-48f8-b767-1686ac781d58",
"kill_chain_phases": [
{
"id": "kill-chain-phase--031af698-0419-41e9-a4d2-a908f5c7c03f",
"kill_chain_name": "amitt-attack",
"phase_name": "pump-priming",
"x_opencti_id": "b56d1c04-48a6-4025-941c-0409668f8a81",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:45.607Z",
"x_opencti_modified": "2020-02-27T03:04:45.607Z"
}
],
"external_references": [
{
"id": "external-reference--611e3a5d-91c0-476a-ae3e-06723069535a",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0039.md",
"external_id": "T0039",
"x_opencti_id": "aba1a865-6a12-4a90-a6eb-09602f545edc",
"x_opencti_created": "2020-02-27T03:05:18.683Z",
"x_opencti_modified": "2020-02-27T03:05:18.683Z"
}
]
},
{
"id": "attack-pattern--99d5f10e-7ed8-4e85-87d1-ff4b73d8e9a4",
"type": "attack-pattern",
"x_opencti_external_id": "T0021",
"name": "Memes",
"labels": [
"attack-pattern"
],
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"created": "2019-12-08T02:27:58.316Z",
"modified": "2019-12-08T02:27:58.316Z",
"x_opencti_id": "3c6bf233-d1c2-469c-93c4-17a56f218401",
"kill_chain_phases": [
{
"id": "kill-chain-phase--5a4c3850-04a2-4017-9943-4ad541444a91",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-content",
"x_opencti_id": "763cb9cd-b619-4089-afa7-9b122c63ff25",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:41.577Z",
"x_opencti_modified": "2020-02-27T03:04:41.577Z"
}
],
"external_references": [
{
"id": "external-reference--b6ef4c85-abb5-43b2-825a-4f899b5f617a",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0021.md",
"external_id": "T0021",
"x_opencti_id": "24fdef18-7649-48d7-b588-601946814052",
"x_opencti_created": "2020-02-27T03:05:09.751Z",
"x_opencti_modified": "2020-02-27T03:05:09.751Z"
}
]
},
{
"id": "attack-pattern--169675c9-2f18-462b-ba7d-0e37cc0d96d5",
"type": "attack-pattern",
"x_opencti_external_id": "T0030",
"name": "Backstop personas",
"labels": [
"attack-pattern"
],
"description": "Create other assets/dossier/cover/fake relationships and/or connections or documents, sites, bylines, attributions, to establish/augment/inflate crediblity/believability",
"created": "2019-12-08T02:27:58.319Z",
"modified": "2019-12-08T02:27:58.319Z",
"x_opencti_id": "5ea7f53e-6749-47b2-a622-561cae2fc49f",
"kill_chain_phases": [
{
"id": "kill-chain-phase--a7eed63a-1eae-4e7f-beec-62aaec503254",
"kill_chain_name": "amitt-attack",
"phase_name": "channel-selection",
"x_opencti_id": "a1e15105-a276-427d-ba11-96a83bb3f2d0",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:57.620Z",
"x_opencti_modified": "2020-02-27T03:04:57.620Z"
}
],
"external_references": [
{
"id": "external-reference--9a9ce850-189b-449b-bffc-a2abd5f9e429",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0030.md",
"external_id": "T0030",
"x_opencti_id": "61128cbe-0d93-4d38-9c98-42446b511e91",
"x_opencti_created": "2020-02-27T03:05:11.744Z",
"x_opencti_modified": "2020-02-27T03:05:11.744Z"
}
]
},
{
"id": "attack-pattern--e3625d60-3bc5-40fd-9366-885392df8e9b",
"type": "attack-pattern",
"x_opencti_external_id": "T0018",
"name": "Paid targeted ads",
"labels": [
"attack-pattern"
],
"description": "Create or fund advertisements targeted at specific populations",
"created": "2019-12-08T02:27:58.315Z",
"modified": "2019-12-08T02:27:58.315Z",
"x_opencti_id": "ce6bb66c-355d-4938-a19f-0577d3c9bc43",
"kill_chain_phases": [
{
"id": "kill-chain-phase--8895aae2-71ac-4fc4-acab-3a395eccdb4e",
"kill_chain_name": "amitt-attack",
"phase_name": "microtargeting",
"x_opencti_id": "278083ae-e275-4c16-b59c-a941a3a663bb",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:36.593Z",
"x_opencti_modified": "2020-02-27T03:04:36.593Z"
}
],
"external_references": [
{
"id": "external-reference--c0a06925-fa8c-4c35-a928-07c4ebce182a",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0018.md",
"external_id": "T0018",
"x_opencti_id": "1c0121cd-b809-4844-b557-63b17dc32134",
"x_opencti_created": "2020-02-27T03:04:37.474Z",
"x_opencti_modified": "2020-02-27T03:04:37.474Z"
}
]
},
{
"id": "attack-pattern--1aba2935-a5fa-4db1-bde7-632e708bb531",
"type": "attack-pattern",
"x_opencti_external_id": "T0014",
"name": "Create funding campaigns",
"labels": [
"attack-pattern"
],
"description": "Generate revenue through online funding campaigns. e.g. Gather data, advance credible persona via Gofundme; Patreon; or via fake website connecting via PayPal or Stripe. (Example 2016) #VaccinateUS Gofundme campaigns to pay for Targetted facebook ads (Larry Cook, targetting Washington State mothers, $1,776 to boost posts over 9 months).",
"created": "2019-12-08T02:27:58.314Z",
"modified": "2019-12-08T02:27:58.314Z",
"x_opencti_id": "b5b0b03f-91b9-4bf7-87f3-62b84f400d26",
"kill_chain_phases": [
{
"id": "kill-chain-phase--02841c64-161c-4f0d-a81e-da9502295a65",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-networks",
"x_opencti_id": "356b0065-2a8e-46ab-8206-bc76110a5819",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:05:00.626Z",
"x_opencti_modified": "2020-02-27T03:05:00.626Z"
}
],
"external_references": [
{
"id": "external-reference--3a9684bb-9939-4afc-9019-d6e291ebd155",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0014.md",
"external_id": "T0014",
"x_opencti_id": "2698417e-0772-4d82-806f-41dac60a763c",
"x_opencti_created": "2020-02-27T03:10:15.637Z",
"x_opencti_modified": "2020-02-27T03:10:15.637Z"
}
]
},
{
"id": "attack-pattern--617bb7ec-c53d-47de-bc98-3d5bc65a89ed",
"type": "attack-pattern",
"x_opencti_external_id": "T0055",
"name": "Use hashtag",
"labels": [
"attack-pattern"
],
"description": "Use a dedicated hashtag for the incident (e.g. #PhosphorusDisaster) - either create a campaign/incident specific hashtag, or take over an existing hashtag.",
"created": "2019-12-08T02:27:58.326Z",
"modified": "2019-12-08T02:27:58.326Z",
"x_opencti_id": "5ebaf99b-5192-4c41-b333-1931548b1968",
"kill_chain_phases": [
{
"id": "kill-chain-phase--21f00b9e-b21f-493e-a023-7fd9b9c6cb71",
"kill_chain_name": "amitt-attack",
"phase_name": "exposure",
"x_opencti_id": "9473c9da-380d-4a69-81cf-3a69c8b48d76",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:43.588Z",
"x_opencti_modified": "2020-02-27T03:04:43.588Z"
}
],
"external_references": [
{
"id": "external-reference--668b577c-8e1a-4746-989f-1fbcb47e22b2",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0055.md",
"external_id": "T0055",
"x_opencti_id": "4ed1b8db-ae46-45d7-8d8e-1b84bac6d0ac",
"x_opencti_created": "2020-02-27T03:05:16.681Z",
"x_opencti_modified": "2020-02-27T03:05:16.681Z"
}
]
},
{
"id": "attack-pattern--c10a54f4-da7f-49c0-96f1-e992e96374ba",
"type": "attack-pattern",
"x_opencti_external_id": "T0013",
"name": "Create fake websites",
"labels": [
"attack-pattern"
],
"description": "Create media assets to support fake organizations (e.g. think tank), people (e.g. experts) and/or serve as sites to distribute malware/launch phishing operations.",
"created": "2019-12-08T02:27:58.314Z",
"modified": "2019-12-08T02:27:58.314Z",
"x_opencti_id": "19fd0082-6238-487b-a2db-134a8a1f1afd",
"kill_chain_phases": [
{
"id": "kill-chain-phase--02841c64-161c-4f0d-a81e-da9502295a65",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-networks",
"x_opencti_id": "356b0065-2a8e-46ab-8206-bc76110a5819",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:05:00.626Z",
"x_opencti_modified": "2020-02-27T03:05:00.626Z"
}
],
"external_references": [
{
"id": "external-reference--81d819ba-ed1e-45c2-aeae-7c2a0f36f32e",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0013.md",
"external_id": "T0013",
"x_opencti_id": "eec88f26-1cd0-41d5-a54d-275ca85eb47e",
"x_opencti_created": "2020-02-27T03:10:13.699Z",
"x_opencti_modified": "2020-02-27T03:10:13.699Z"
}
]
},
{
"id": "attack-pattern--2af155a0-e968-4d92-af3e-bcbdbf799764",
"type": "attack-pattern",
"x_opencti_external_id": "T0007",
"name": "Create fake Social Media Profiles / Pages / Groups",
"labels": [
"attack-pattern"
],
"description": "Create key social engineering assets needed to amplify content, manipulate algorithms, fool public and/or specific incident/campaign targets. \n\nComputational propaganda depends substantially on false perceptions of credibility and acceptance. By creating fake users and groups with a variety of interests and commitments, attackers can ensure that their messages both come from trusted sources and appear more widely adopted than they actually are. \n\nExamples: Ukraine elections (2019) circumvent Facebook\u2019s new safeguards by paying Ukrainian citizens to give a Russian agent access to their personal pages. EU Elections (2019) Avaaz reported more than 500 suspicious pages and groups to Facebook related to the three-month investigation of Facebook disinformation networks in Europe. Mueller report (2016) The IRA was able to reach up to 126 million Americans on Facebook via a mixture of fraudulent accounts, groups, and advertisements, the report says. Twitter accounts it created were portrayed as real American voices by major news outlets. It was even able to hold real-life rallies, mobilizing hundreds of people at a time in major cities like Philadelphia and Miami. ",
"created": "2019-12-08T02:27:58.312Z",
"modified": "2019-12-08T02:27:58.312Z",
"x_opencti_id": "118604eb-874d-4e65-8ae4-f8db1fe5a570",
"kill_chain_phases": [
{
"id": "kill-chain-phase--2990cf0a-78f1-4d4d-be7c-e49a65c4fa69",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-people",
"x_opencti_id": "1993cc83-ac24-433c-ae65-434b8495a12e",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:53.613Z",
"x_opencti_modified": "2020-02-27T03:04:53.613Z"
}
],
"external_references": [
{
"id": "external-reference--135e825f-50cf-4d7a-9001-27ba7b5d3c03",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0007.md",
"external_id": "T0007",
"x_opencti_id": "bbf5dc36-86ef-41cd-98e9-0af29ab56dde",
"x_opencti_created": "2020-02-27T03:04:53.774Z",
"x_opencti_modified": "2020-02-27T03:04:53.774Z"
}
]
},
{
"id": "attack-pattern--841be7e7-5f88-4fd1-8f81-54938d62e52b",
"type": "attack-pattern",
"x_opencti_external_id": "T0010",
"name": "Cultivate ignorant agents",
"labels": [
"attack-pattern"
],
"description": "Cultivate propagandists for a cause, the goals of which are not fully comprehended, and who are used cynically by the leaders of the cause. Independent actors use social media and specialised web sites to strategically reinforce and spread messages compatible with their own. Their networks are infiltrated and used by state media disinformation organisations to amplify the state\u2019s own disinformation strategies against target populations. Many are traffickers in conspiracy theories or hoaxes, unified by a suspicion of Western governments and mainstream media. Their narratives, which appeal to leftists hostile to globalism and military intervention and nationalists against immigration, are frequently infiltrated and shaped by state-controlled trolls and altered news items from agencies such as RT and Sputnik. Also know as \"useful idiots\" or \"unwitting agents\".",
"created": "2019-12-08T02:27:58.313Z",
"modified": "2019-12-08T02:27:58.313Z",
"x_opencti_id": "30866a56-d22e-4d6e-8440-651a04a3eb02",
"kill_chain_phases": [
{
"id": "kill-chain-phase--02841c64-161c-4f0d-a81e-da9502295a65",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-networks",
"x_opencti_id": "356b0065-2a8e-46ab-8206-bc76110a5819",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:05:00.626Z",
"x_opencti_modified": "2020-02-27T03:05:00.626Z"
}
],
"external_references": [
{
"id": "external-reference--62346942-ec6e-485f-8e2a-3046c007d970",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0010.md",
"external_id": "T0010",
"x_opencti_id": "60d2c71f-086d-4828-87f1-35d6165e322b",
"x_opencti_created": "2020-02-27T03:05:00.798Z",
"x_opencti_modified": "2020-02-27T03:05:00.798Z"
}
]
},
{
"id": "identity--7b82b010-b1c0-4dae-981f-7756374a17df",
"type": "identity",
"name": "Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d'Information",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2020-02-23T23:40:53.575Z",
"modified": "2020-02-23T23:40:53.575Z",
"x_opencti_organization_class": null,
"x_opencti_identity_type": "organization",
"x_opencti_id": "f8d09b74-f84d-4a66-a3e7-210699399f92"
},
{
"id": "identity--3e45f29a-3269-491f-ac9d-5e680db683b2",
"type": "identity",
"name": "Russian Federation",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2019-10-26T14:55:55.885Z",
"modified": "2019-10-26T14:55:55.885Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "67406e57-1b9e-42fb-a4af-a8d551b9253e",
"created_by_ref": "identity--7b82b010-b1c0-4dae-981f-7756374a17df"
},
{
"id": "identity--fcd7d0dc-5825-482a-a1a6-dc07600a6762",
"type": "identity",
"name": "Ghana",
"identity_class": "organization",
"labels": [
"identity"
],
"created": "2019-10-26T14:55:55.847Z",
"modified": "2019-10-26T14:55:55.847Z",
"x_opencti_identity_type": "country",
"x_opencti_id": "b53311e7-92e7-446d-9586-7499cee96e8a",
"created_by_ref": "identity--7b82b010-b1c0-4dae-981f-7756374a17df"
},
{
"id": "attack-pattern--8f84d9a1-b7f4-43bb-92ba-eba1a305f593",
"type": "attack-pattern",
"x_opencti_external_id": "T0015",
"name": "Create hashtag",
"labels": [
"attack-pattern"
],
"description": "Many incident-based campaigns will create a hashtag to promote their fabricated event (e.g. #ColumbianChemicals to promote a fake story about a chemical spill in Louisiana). \n\nCreating a hashtag for an incident can have two important effects:\n1. Create a perception of reality around an event. Certainly only \"real\" events would be discussed in a hashtag. After all, the event has a name!\n2. Publicize the story more widely through trending lists and search behavior \n\nAsset needed to direct/control/manage \"conversation\" connected to launching new incident/campaign with new hashtag for applicable social media sites ie: Twitter, LinkedIn)",
"created": "2019-12-08T02:27:58.315Z",
"modified": "2019-12-08T02:27:58.315Z",
"x_opencti_id": "0cd1a3bb-47d4-4b75-8b9f-4e787cec54f3",
"kill_chain_phases": [
{
"id": "kill-chain-phase--02841c64-161c-4f0d-a81e-da9502295a65",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-networks",
"x_opencti_id": "356b0065-2a8e-46ab-8206-bc76110a5819",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:05:00.626Z",
"x_opencti_modified": "2020-02-27T03:05:00.626Z"
}
],
"external_references": [
{
"id": "external-reference--22ce0b28-19cd-435b-8f1d-2b44e92c2346",
"source_name": "amitt-attack",
"url": "https://github.com/misinfosecproject/amitt_framework/blob/master/techniques/T0015.md",
"external_id": "T0015",
"x_opencti_id": "e3f0d6ed-6c35-4db3-b488-87b8d34c5332",
"x_opencti_created": "2020-02-27T03:05:15.679Z",
"x_opencti_modified": "2020-02-27T03:05:15.679Z"
}
]
},
{
"id": "intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"type": "intrusion-set",
"name": "Internet Research Agency",
"labels": [
"intrusion-set"
],
"description": "Russia backed IRA.",
"resource_level": "organization",
"x_opencti_first_seen": "2020-03-16T01:31:07.663Z",
"x_opencti_last_seen": "2020-03-16T01:31:07.663Z",
"created": "2020-03-15T21:28:54.249Z",
"modified": "2020-03-22T01:19:13.877Z",
"x_opencti_id": "b6051cbf-41a1-47ce-aaca-36ffeb285114"
},
{
"id": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"type": "threat-actor",
"name": "EBLA",
"labels": [
"threat-actor"
],
"description": "NGO front for IRA",
"created": "2020-03-16T02:09:04.794Z",
"modified": "2020-03-16T02:09:04.794Z",
"x_opencti_id": "fdfc54cf-8d4b-40a9-8045-c06dabc28518",
"x_opencti_tags": [
{
"id": "4a2a36f0-844e-4282-b98f-6254a20b871d",
"tag_type": "threat",
"value": "IRA",
"color": "#f12323"
}
]
},
{
"id": "relationship--5abd0c91-4909-40fe-9e30-a6d8c0ba947b",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--a3be1451-50cc-46b4-a4ba-0506e5d9ad24",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--a3be1451-50cc-46b4-a4ba-0506e5d9ad24",
"created": "2020-03-16T02:00:09.289Z",
"modified": "2020-03-16T02:00:09.289Z",
"x_opencti_first_seen": "2020-03-16T02:04:47.000Z",
"x_opencti_last_seen": "2020-03-16T02:04:47.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "548d0c09-dda1-4fe2-bbf5-791f1b1cdb2e"
},
{
"id": "relationship--8c627376-9ff0-426c-8372-2bc4620fe16b",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "tool--19994f85-6807-4560-a8c9-50299a10fe22",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "tool--19994f85-6807-4560-a8c9-50299a10fe22",
"created": "2020-03-16T02:02:03.088Z",
"modified": "2020-03-16T02:02:03.088Z",
"x_opencti_first_seen": "2020-03-16T02:06:40.000Z",
"x_opencti_last_seen": "2020-03-16T02:06:40.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "aca16e40-eb0d-4056-86db-8cb6ea224699"
},
{
"id": "relationship--9acc44b4-53c7-4db6-b2d2-d6a291d55fdb",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--e3625d60-3bc5-40fd-9366-885392df8e9b",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--e3625d60-3bc5-40fd-9366-885392df8e9b",
"created": "2020-03-16T01:58:55.043Z",
"modified": "2020-03-16T01:58:55.043Z",
"x_opencti_first_seen": "2020-03-16T02:03:32.000Z",
"x_opencti_last_seen": "2020-03-16T02:03:32.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "22154dc1-6356-402d-836f-638b6846d514"
},
{
"id": "relationship--8b6df982-b170-4810-9eae-616d01445c57",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--99d5f10e-7ed8-4e85-87d1-ff4b73d8e9a4",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--99d5f10e-7ed8-4e85-87d1-ff4b73d8e9a4",
"created": "2020-03-16T01:59:05.100Z",
"modified": "2020-03-16T01:59:05.100Z",
"x_opencti_first_seen": "2020-03-16T02:03:43.000Z",
"x_opencti_last_seen": "2020-03-16T02:03:43.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "c23dfdc9-9b76-4cdb-9e29-dcd2d86739f3"
},
{
"id": "relationship--68fb7901-6272-4115-89b7-39db51b2e655",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--169675c9-2f18-462b-ba7d-0e37cc0d96d5",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--169675c9-2f18-462b-ba7d-0e37cc0d96d5",
"created": "2020-03-16T01:59:17.689Z",
"modified": "2020-03-16T01:59:17.689Z",
"x_opencti_first_seen": "2020-03-16T02:03:56.000Z",
"x_opencti_last_seen": "2020-03-16T02:03:56.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "15760b31-f0b0-4549-adf5-5518a2d8ec43"
},
{
"id": "relationship--1dbe26ab-0300-4b2b-9b6d-e5a2cb31694f",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--049f40f5-c3e0-4ab1-b865-8782be8cb9d4",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--049f40f5-c3e0-4ab1-b865-8782be8cb9d4",
"created": "2020-03-16T01:59:59.936Z",
"modified": "2020-03-16T01:59:59.936Z",
"x_opencti_first_seen": "2020-03-16T02:04:38.000Z",
"x_opencti_last_seen": "2020-03-16T02:04:38.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "92483dad-3542-44fe-8e67-5f4b9771113e"
},
{
"id": "relationship--974b1a1f-ac48-4baa-ad09-c265f655efc4",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--4f0ca414-30ea-4653-b1ca-c617f7ad883d",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--4f0ca414-30ea-4653-b1ca-c617f7ad883d",
"created": "2020-03-16T01:59:33.385Z",
"modified": "2020-03-16T01:59:33.385Z",
"x_opencti_first_seen": "2020-03-16T02:04:11.000Z",
"x_opencti_last_seen": "2020-03-16T02:04:11.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "786d0aa5-09a7-4212-9eb1-5f76615d124e"
},
{
"id": "relationship--00c5a7aa-2783-4de4-b2e6-0521cd6a3684",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--617bb7ec-c53d-47de-bc98-3d5bc65a89ed",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--617bb7ec-c53d-47de-bc98-3d5bc65a89ed",
"created": "2020-03-16T01:57:15.774Z",
"modified": "2020-03-16T01:57:15.774Z",
"x_opencti_first_seen": "2020-03-16T02:01:53.000Z",
"x_opencti_last_seen": "2020-03-16T02:01:53.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "1e86629a-3b37-42ee-b665-e6cfa3090902"
},
{
"id": "relationship--cc6cf4f1-776b-4593-9a0e-8dcb42057584",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--1aba2935-a5fa-4db1-bde7-632e708bb531",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--1aba2935-a5fa-4db1-bde7-632e708bb531",
"created": "2020-03-16T01:57:54.922Z",
"modified": "2020-03-16T01:57:54.922Z",
"x_opencti_first_seen": "2020-03-16T02:02:32.000Z",
"x_opencti_last_seen": "2020-03-16T02:02:32.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "4b62fd07-ae8f-43de-814a-f9015f4e6c3a"
},
{
"id": "relationship--da373d13-c33c-438a-947e-17a11d09eac3",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--c10a54f4-da7f-49c0-96f1-e992e96374ba",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--c10a54f4-da7f-49c0-96f1-e992e96374ba",
"created": "2020-03-16T01:57:41.429Z",
"modified": "2020-03-16T01:57:41.429Z",
"x_opencti_first_seen": "2020-03-16T02:02:19.000Z",
"x_opencti_last_seen": "2020-03-16T02:02:19.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "62a2170d-6a3d-4aef-94eb-07d549d6f87e"
},
{
"id": "relationship--0e0864d5-ff3b-4003-bb3b-92cbc39cf4f4",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--2af155a0-e968-4d92-af3e-bcbdbf799764",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--2af155a0-e968-4d92-af3e-bcbdbf799764",
"created": "2020-03-16T01:55:31.503Z",
"modified": "2020-03-16T01:55:31.503Z",
"x_opencti_first_seen": "2020-03-16T02:00:08.000Z",
"x_opencti_last_seen": "2020-03-16T02:00:08.000Z",
"x_opencti_weight": 4,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "019030d8-5f0a-4645-9ffc-6a0aa57eace1",
"kill_chain_phases": [
{
"id": "kill-chain-phase--2990cf0a-78f1-4d4d-be7c-e49a65c4fa69",
"kill_chain_name": "amitt-attack",
"phase_name": "develop-people",
"x_opencti_id": "1993cc83-ac24-433c-ae65-434b8495a12e",
"x_opencti_phase_order": 0,
"x_opencti_created": "2020-02-27T03:04:53.613Z",
"x_opencti_modified": "2020-02-27T03:04:53.613Z"
}
]
},
{
"id": "relationship--2ed386e6-b5a5-496a-bb25-8bc63bca2f34",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--841be7e7-5f88-4fd1-8f81-54938d62e52b",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--841be7e7-5f88-4fd1-8f81-54938d62e52b",
"created": "2020-03-16T01:56:54.042Z",
"modified": "2020-03-16T01:56:54.042Z",
"x_opencti_first_seen": "2020-03-16T02:01:12.000Z",
"x_opencti_last_seen": "2020-03-16T02:01:12.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "acf774a5-68e2-432d-b760-6a48f8e2f4b8"
},
{
"id": "relationship--79bb1e17-44b1-4241-ba1a-64b96b092bc5",
"type": "relationship",
"relationship_type": "uses",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "attack-pattern--8f84d9a1-b7f4-43bb-92ba-eba1a305f593",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "attack-pattern--8f84d9a1-b7f4-43bb-92ba-eba1a305f593",
"created": "2020-03-18T02:38:18.007Z",
"modified": "2020-03-18T02:38:18.007Z",
"x_opencti_first_seen": "2020-03-15T04:00:00.000Z",
"x_opencti_last_seen": "2020-03-15T04:00:00.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "107ebeaf-ede4-4940-aab9-749a30a4cb1a"
},
{
"id": "relationship--bf0fabc7-b7a0-4cc9-aa96-ee72e9a4840e",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"target_ref": "intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"x_opencti_source_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"x_opencti_target_ref": "intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"created": "2020-03-16T02:10:17.944Z",
"modified": "2020-03-16T02:10:17.944Z",
"x_opencti_first_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_last_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_weight": 3,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "01e6faf3-fa6e-481e-9260-b7806893647d"
},
{
"id": "relationship--ab96eab5-7a76-4597-bba8-de30870ccd5d",
"type": "relationship",
"relationship_type": "related-to",
"description": "Graphika broke the story.",
"source_ref": "identity--1a82d3db-6c07-4135-a1f3-7f6159970524",
"target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"x_opencti_source_ref": "identity--1a82d3db-6c07-4135-a1f3-7f6159970524",
"x_opencti_target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"created": "2020-03-16T02:11:42.545Z",
"modified": "2020-03-16T02:11:42.545Z",
"x_opencti_first_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_last_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "9538e613-34c7-466d-9c4a-6c52d5590e32"
},
{
"id": "relationship--1ccc1258-048a-4e2a-89f5-f1c75dacc919",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "identity--fcd7d0dc-5825-482a-a1a6-dc07600a6762",
"target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"x_opencti_source_ref": "identity--fcd7d0dc-5825-482a-a1a6-dc07600a6762",
"x_opencti_target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"created": "2020-03-16T02:21:21.134Z",
"modified": "2020-03-16T02:21:21.134Z",
"x_opencti_first_seen": "2020-03-15T04:00:00.000Z",
"x_opencti_last_seen": "2020-03-15T04:00:00.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "fa6cfaa8-79a7-48b8-8b42-0d87c763c6c8"
},
{
"id": "relationship--e0cd6f82-55f9-4d88-88a8-b529fb43cd01",
"type": "relationship",
"relationship_type": "related-to",
"source_ref": "intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"target_ref": "identity--3e45f29a-3269-491f-ac9d-5e680db683b2",
"x_opencti_source_ref": "intrusion-set--7f60001d-1490-4f5b-a163-c133adb00ed7",
"x_opencti_target_ref": "identity--3e45f29a-3269-491f-ac9d-5e680db683b2",
"created": "2020-03-16T02:20:22.826Z",
"modified": "2020-03-16T02:20:22.826Z",
"x_opencti_first_seen": "2020-03-16T02:00:08.000Z",
"x_opencti_last_seen": "2020-03-16T02:00:08.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "57846d0f-9e9e-4669-b04e-a6f202d606e5"
},
{
"id": "relationship--bb8a38a3-c64b-4156-8732-5add3f8cd836",
"type": "relationship",
"relationship_type": "attributed-to",
"source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"x_opencti_source_ref": "campaign--515a97ed-9c78-4b55-bf3a-4399a29f7b94",
"x_opencti_target_ref": "threat-actor--e8136e6b-6cfa-4e5e-bd4d-d2745dca91a8",
"created": "2020-03-16T02:10:01.128Z",
"modified": "2020-03-16T02:10:01.128Z",
"x_opencti_first_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_last_seen": "2020-03-16T02:07:48.000Z",
"x_opencti_weight": 1,
"x_opencti_role_played": "Unknown",
"x_opencti_id": "256017d1-3c20-4dd0-a43f-ef0c879c4645"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment