Created
August 29, 2014 17:25
-
-
Save johnwunder/0aebd6638b46f06025b7 to your computer and use it in GitHub Desktop.
Proposed Changes, Report Without Content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="ISO-8859-1"?> | |
| <stix:STIX_Package | |
| xmlns:stix="http://stix.mitre.org/stix-1" | |
| xmlns:campaign="http://stix.mitre.org/Campaign-1" | |
| xmlns:coa="http://stix.mitre.org/CourseOfAction-1" | |
| xmlns:cyboxCommon="http://cybox.mitre.org/common-2" | |
| xmlns:AddressObj="http://cybox.mitre.org/objects#AddressObject-2" | |
| xmlns:CodeObj="http://cybox.mitre.org/objects#CodeObject-2" | |
| xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2" | |
| xmlns:MutexObj="http://cybox.mitre.org/objects#MutexObject-2" | |
| xmlns:DomainNameObj="http://cybox.mitre.org/objects#DomainNameObject-1" | |
| xmlns:cybox="http://cybox.mitre.org/cybox-2" | |
| xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2" | |
| xmlns:fireeye="http://www.fireeye.com" | |
| xmlns:marking="http://data-marking.mitre.org/Marking-1" | |
| xmlns:indicator="http://stix.mitre.org/Indicator-2" | |
| xmlns:terms="http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1" | |
| xmlns:stixCiqIdentity="http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1" | |
| xmlns:stixCommon="http://stix.mitre.org/common-1" | |
| xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1" | |
| xmlns:ta="http://stix.mitre.org/ThreatActor-1" | |
| xmlns:ttp="http://stix.mitre.org/TTP-1" | |
| xmlns:xpil="urn:oasis:names:tc:ciq:xpil:3" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:report="http://stix.mitre.org/Report-1" | |
| xsi:schemaLocation=" | |
| http://stix.mitre.org/stix-1 ../stix_core.xsd | |
| http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd | |
| http://stix.mitre.org/Campaign-1 ../campaign.xsd | |
| http://stix.mitre.org/ThreatActor-1 ../threat_actor.xsd | |
| http://stix.mitre.org/TTP-1 ../ttp.xsd | |
| http://stix.mitre.org/COA-1 ../course_of_action.xsd | |
| http://data-marking.mitre.org/Marking-1 ../data_marking.xsd | |
| http://data-marking.mitre.org/extensions/MarkingStructure#Terms_Of_Use-1 ../extensions/marking/terms_of_use_marking.xsd | |
| http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 ../extensions/identity/ciq_3.0_identity.xsd | |
| http://stix.mitre.org/Report-1 ../report.xsd | |
| " version="1.1.1"> | |
| <stix:Reports> | |
| <stix:Report id="fireeye:indicator-5cc558cc-b8fc-11e3-9a15-0800271e87e3" xsi:type="report:ReportType"> | |
| <report:Header> | |
| <report:Title>Poison Ivy: Assessing Damage and Extracting Intelligence</report:Title> | |
| <report:Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</report:Intent> | |
| <report:Description>This report spotlights Poison Ivy (PIVY), a RAT that remains popular and effective a full eight years after its release, despite its age and familiarity in IT security circles. | |
| Poison Ivy is a remote access tool that is freely available for download from its official web site at www.poisonivy-rat.com. First released in 2005, the tool has gone unchanged since 2008 with version 2.3.2. Poison Ivy includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. | |
| Poison Ivy's wide availability and easy-to-use features make it a popular choice for all kinds of criminals. But it is probably most notable for its role in many high profile, targeted APT attacks. | |
| These APTs pursue specific targets, using RATs to maintain a persistent presence within the target's network. They move laterally and escalate system privileges to extract sensitive information-whenever the attacker wants to do so. Because some RATs used in targeted attacks are widely available, determining whether an attack is part of a broader APT campaign can be difficult. Equally challenging is identifying malicious traffic to determine the attacker's post-compromise activities and assess overall damage - these RATs often encrypt their network communications after the initial exploit. | |
| In 2011, three years after the most recent release of PIVY, attackers used the RAT to compromise security firm RSA and steal data about its SecureID authentication system. That data was subsequently used in other attacks. The RSA attack was linked to Chinese threat actors and described at the time as extremely sophisticated. Exploiting a zero-day vulnerability, the attack delivered PIVY as the payload. It was not an isolated incident. The campaign appears to have started in 2010, with many other companies compromised. | |
| PIVY also played a key role in the 2011 campaign known as Nitro that targeted chemical makers, government agencies, defense contractors, and human rights groups. Still active a year later, the Nitro attackers used a zero-day vulnerability in Java to deploy PIVY in 2012. Just recently, PIVY was the payload of a zero-day exploit in Internet Explorer used in what is known as a "strategic web compromise" attack against visitors to a U.S. government website and a variety of others. | |
| RATs require live, direct, real-time human interaction by the APT attacker. This characteristic is distinctly different from crimeware (malware focused on cybercrime), where the criminal can issue commands to their botnet of compromised endpoints whenever they please and set them to work on a common goal such as a spam relay. In contrast, RATs are much more personal and may indicate that you are dealing with a dedicated threat actor that is interested in your organization specifically. | |
| </report:Description> | |
| <report:Information_Source> | |
| <stixCommon:Identity> | |
| <stixCommon:Name>MITRE</stixCommon:Name> | |
| </stixCommon:Identity> | |
| <stixCommon:Role xsi:type="stixVocabs:InformationSourceRoleVocab-1.0">Transformer/Translator</stixCommon:Role> | |
| <stixCommon:Contributing_Sources> | |
| <stixCommon:Source> | |
| <stixCommon:Identity id="fireeye:identity-81cade27-7df8-4730-836b-62d880e6e9d3"> | |
| <stixCommon:Name>FireEye, Inc.</stixCommon:Name> | |
| </stixCommon:Identity> | |
| <stixCommon:Role xsi:type="stixVocabs:InformationSourceRoleVocab-1.0">Initial Author</stixCommon:Role> | |
| <stixCommon:Time> | |
| <cyboxCommon:Produced_Time precision="day">2013-08-21T00:00:00Z</cyboxCommon:Produced_Time> | |
| </stixCommon:Time> | |
| </stixCommon:Source> | |
| </stixCommon:Contributing_Sources> | |
| <stixCommon:Time> | |
| <cyboxCommon:Produced_Time precision="day">2014-02-20T00:00:00Z</cyboxCommon:Produced_Time> | |
| </stixCommon:Time> | |
| <stixCommon:References> | |
| <stixCommon:Reference>http://www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf</stixCommon:Reference> | |
| </stixCommon:References> | |
| </report:Information_Source> | |
| </report:Header> | |
| <report:TTPs> | |
| <report:TTP idref="fireeye:ttp-591f0cb7-d66f-4e14-a8e6-5927b597f920" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7e7c8376-3bcb-4529-9bc3-08522d08106b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-36bdf9a7-ec1e-4963-be3b-6eeaa49a63a4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2ee01cb3-e9fa-46f9-8ec5-ffc9cb0b59f1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-33cc429f-7974-49a9-ab2e-6ebc3c37d62b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fa0ffc72-0f73-4b08-84a5-6ea62b46828b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f0bfc691-7945-47d9-95c7-a0219b8a5c67" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-dfb4e482-2b04-4365-973e-1feb5a567263" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-030d3edf-da7c-4d1f-a0b9-6c38a8af73db" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-19da6e1c-69a8-4c2f-886d-d620d09d3b5a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-dff22c1b-26f9-4fbd-8b42-8b8507c684fd" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e55c6eaa-bf0f-4b6b-9572-5cd0d3f62134" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-23a87226-706a-430e-96cd-d7f2c99b7b29" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-aaba08c5-e50d-49a1-a54a-cfdf1a68ff51" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-61a62a6a-9a18-4758-8e52-622431c4b8ae" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-5b2a2542-47fe-40f9-8915-4bf7c7397810" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-35322f13-94bd-4b97-abb6-2a9adc24b8d8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-80cd5722-40ff-4938-aba5-991bd8da2b39" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-c221ae40-f998-4fa9-ba46-9be04e163371" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-9717d5a3-773c-490d-b90f-718602fb3c43" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2c346548-2150-47f1-91c4-a78fa404be12" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8c1057bd-4a8a-4632-b0d4-b72ebd7936d3" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2e160c21-83d0-4d09-a833-c85327e49b46" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7bac9c8b-c19a-4ce6-9337-4750d68f05cc" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-30fb07e5-fe94-480e-9c15-8d494500cf17" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b8d4945a-5fc1-4ceb-a2c4-af17def8b396" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-30ea087f-7d2b-496b-9ed1-5f000c8b7695" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7b284c94-9598-4e6f-944e-188bbb36716d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f1a0e293-d490-4e89-9fbb-384188076f60" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-707ad4a8-e037-466c-9f59-ac935f53e606" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b1da97a0-e8e7-44d7-8faf-8907589d8465" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-a3f90728-8a0c-453b-9101-27515bd01d51" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f4478b80-3dd3-473d-878a-80a6a82a00a9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-cc3533bd-a1e5-411c-9cfe-3660dd07e8e3" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-c31b9c7e-3eda-4a93-aabc-e5a01d1e8577" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e5b7be4b-c7ca-40b8-b9f3-e686bb9c3c0d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-cc00cffe-36b3-40ad-a69c-26427af29935" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ca7cd0ef-48cf-4cf1-9ad8-aed3f83ffdc7" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4703ede5-2184-4f06-a6d0-0144faca4662" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-aedd016d-12c0-4d6e-902e-9a1cefd3e7e6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ea2c747d-4aa3-4573-8853-37b7159bc180" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-34a3d511-e213-40d5-a932-fc4d836d455e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-dcce72e4-fdb6-43af-8eb6-bd474a11ad4c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2821af3c-0f2b-45b4-92f5-465ca7a51920" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-862fd6e1-1711-4b70-8bec-1591f4baabc1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2e20839b-3ced-4bd7-868d-9cfae43eb84f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-15f9dece-0c7c-4579-a1f9-61dca12b2e34" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-dc5135f2-8d89-4993-a083-4fee4debdfb6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7b8662e4-286e-4862-8b00-79bd3750e3a5" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f86febd3-609b-4d2e-9fec-aa805cb498bf" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ddc66992-4a1a-470d-bfae-694e740ce181" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2787ecb2-9abe-4141-a61a-e4a04c02126f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ea91fe28-a94a-4511-a31e-a78eb7fcf9bd" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-027acc14-5136-478c-a9ff-24d7a8288014" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-08596787-5427-4220-8971-f56ca5aabf2b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ceb035a7-096c-4d8a-bb4c-8fdf2fb93cad" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-03fcd8c2-a5ee-46f3-b32e-0f0d655f1d92" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b30eab7f-e848-4170-acce-a21b7ae45902" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f34df5fa-b871-4102-9f33-431f7863d1c8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-c91715d4-e81f-4621-8d09-fec8c15d596f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3db69389-6359-4b1d-9f36-956a4e4e65e3" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-767d4bfe-da1d-4567-a9e5-982c69d6be45" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b89b39d3-5079-43ba-8984-5992a607ebde" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-30f89283-873f-4407-b114-a2863cef5684" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fb6aa549-c94a-4e45-b4fd-7e32602dad85" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0fd8d950-207a-42cd-b153-041be31e48d5" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-a19437ea-b8e3-4598-8423-5a73d88f17de" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2f5b0d2f-3a05-4b11-8d60-2244db7ba7d6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-78837766-44ae-4dc7-9fc1-a897d29f0d88" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2fd26025-1453-4df7-a594-4ba6f7cf54d9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-5a74a069-0759-4c93-8ea3-70c53a223230" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-d9bd9ffd-3e6f-453d-80f1-c2205c46dc78" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-54b02531-48bb-4ff5-ba37-f511908aa858" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-c6bc27e1-5ea8-4047-9a56-4be846f4b97d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0be8fa38-6ca3-4f87-bf47-44e5bbf6550b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ec1d7f53-2b04-4371-a04d-65f866f39244" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-cf1d3250-57c1-4f91-90d6-b08b9073ca5f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-9c892e1c-77e4-4ed2-a71b-9e6116a44435" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-63c1deff-2e5f-4493-86e9-a4bdcca01878" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-773eea2a-193c-4c85-9521-65f8f9042140" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-903a54fe-e116-4d73-9320-23609d13d8b0" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4d95e1e8-bdf5-4c10-81dd-9b86ab7da45d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-cb1f97b1-2919-4535-bfae-ceb396c52f44" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4ffee86a-b160-4a21-8b73-39c27fe6bf28" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-46a77043-53d1-4259-8121-9dbad4a8828f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-d129c652-a93c-4f2c-9d7a-feb621c0f499" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-07fed79f-6a17-4bf9-a2ed-e6f9877d646a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-5b971b83-f177-46d4-98ff-d2ffaac3f29e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-895af3d5-5700-475e-bb0b-54d29ec2be8e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e3cec144-e901-4acf-9f10-1008a51b1cb9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-25f6285e-0bd7-404b-8dd4-2b903369d38c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0ac3576b-6347-483d-a04b-2c4fc2c9084d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-1bbfa9a4-3be6-4597-83cb-1d70b26cd020" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b7ad5451-75ab-4e97-b92c-f72192b9cc87" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-641e9792-74f7-4b5a-823e-0b85e48d0f3b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b8ad4295-4554-42ad-a3f9-09d06856c666" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4406c7c7-6c58-478d-aacc-0334929ebdde" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4ea4a3cb-7e52-496c-935a-a57e41e0674e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-a5ae084e-1ea1-4be3-9ffe-dee4f0993dcf" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7b12666f-f332-438d-acff-73493ba82399" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3ae1dd84-5bd4-44c4-9200-7aab41d9973f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-48311f55-2f8d-4d00-87f9-b39cb338f72f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-05f3d767-ff79-41aa-a591-e88d0cb65f66" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-de8f548e-d2cf-4442-886a-814ef174e56b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-6bb608dc-9a2e-4e19-9975-01734a625b12" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8baac074-74b8-4a03-ac83-90618f338ce8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0eb3ffa1-654d-414d-ada0-ef210cc55d90" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ed7733f2-eaf6-4880-b6b8-b96061717d5a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-14fba9df-d3c2-4c80-a391-99d87a0707da" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4a38cbbf-51f7-42a0-98f5-a9bbc597dad0" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7ace7258-bfff-4c5b-bae4-6583a164abf4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3f1515b4-a171-48b2-8074-6599c784ed85" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-91b36537-bd12-457c-9a12-bd94956e0dec" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e3058c9e-4adb-41ae-8352-5317c1be98ee" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7e310f39-a851-4fcd-b687-d3565ffe6a57" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4aa71750-c8f3-4998-b4ed-f67d903dcff9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-5e8dfa9c-8940-46d5-90d9-d2f50bbf9902" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8214e79e-891a-4d4a-b6d7-26cbd145f63c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-daeb0891-b153-41d4-b18b-367a5492133a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-260d101a-dddc-4a84-9379-4b48418a3365" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8e4f6736-10de-4a15-934e-1367072428f4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2e6b7c86-9afd-4412-ac24-e43f08ec7d2e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3f39dad8-de02-468d-bd4b-de7ad4a4e357" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-27a595d0-b2b4-414a-899d-9e87893ac858" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8c857eb3-0576-494d-844f-7d911e50d49a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-5032acb9-c978-476a-953a-5d8ebd034d10" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-1f02f735-3aa2-41aa-a2f1-c82f4cfe1f58" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e49c5caa-16d1-473b-9e47-c43537c90ced" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fa89f3e2-7988-43d6-974a-ca8ff1084358" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-16db0c0e-8af6-4a5a-98c4-ae022d88295b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-a0f63787-a087-4261-a795-61fb2dae58da" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fb17d950-6fb0-4483-adc8-fe084cbc9586" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e2830a97-b3ef-4c07-8088-75fc624e296d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-534b451e-a5ee-4264-89a0-b57cd2d9a21d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-a14c6a5e-9fc0-455a-b4bb-f5e9c4fe4ff6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3ed0364f-62c8-4ebc-b136-deaf6966880b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-8e939441-036c-4a34-a80d-751a0395ae8e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-6e229c21-7b2f-405c-9cf0-1a9aa218ddaf" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-27cf110c-281e-4f93-94aa-cbd34c7efae4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f8a934bd-1570-4b45-927f-1e3af4cc8f45" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4d47bd96-8726-492b-ac8e-50cd4b50c8e8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-56736642-633e-4e2e-a823-484e4c037788" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-17099f03-5ec8-456d-a2de-968aebaafc78" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-74efd1f5-2718-41e7-981d-7e3b9cb50d71" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3321d61c-6bb1-426a-b853-52d8c3466532" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f2984dfd-131a-471a-a41f-cdd0fb432b92" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2c4ea690-56bb-41f5-bd79-b6ea19aad2e4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ab8a2af8-9411-4415-8c16-4a19e5dfea7e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2be46f2d-4e92-4201-ad83-85c47a69b98a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7781ffbf-2a5c-4a54-a489-2fddd85b7363" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-29acc82d-630c-461b-bb4e-ec99ab06b809" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-2b6638b2-9cc6-41bc-b883-aaf45f7a2947" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-c67fe311-d813-4bda-9b32-e19fbb0d1b0e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fe844499-4819-463c-84dc-362638ea727e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b0804b4d-4b1f-4e4a-a871-b1473e73a7c1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-33125ae7-0d34-4e97-ab8b-04c42ab60c3d" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-d1d15120-ea83-4634-9ed2-cd1f34d711f1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-65ab529f-7c86-423c-9d32-25e8152c0964" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0db3ebb2-b880-4961-a4e5-98f8f4c60e57" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-74e0b32c-7f4b-4fa9-a82d-46ecfb1a059a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-cd721637-f104-4a6d-a79e-f74530287be0" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-58404eca-36d7-4239-a890-630ba1d158f0" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-bb93ada5-b5f3-4174-bead-0faecdbe28ce" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3d7d1585-9cf4-401b-b480-2aae6131d15f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-1e89baef-ead0-47d0-8a71-52fbc46bc8db" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-9849ea2a-fc17-4068-9c01-dab903ada13c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0d5fe336-cb01-47df-93a6-7c5de9b01a5a" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-d8e98488-2c1f-41a9-86c9-602d5a96cac1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0b2e2718-a421-4f9a-ad54-2ab2136698fe" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-420ef2ec-4603-4107-a9a4-5b14fb27ec95" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-621f3091-a6b6-410b-b715-fb61d91d1511" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-387526e2-fa1a-4d12-aa15-535ed244cdc5" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-0768d1fb-70e6-4e31-a083-8a1abdf1d8ff" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-70d965e8-f28f-4223-abd2-a7efb403e038" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4d6850f0-483b-4f5f-b1da-f87a8510e9a6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-defb1821-8428-4ead-8c08-da365d237ab2" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-39c32255-bb13-468e-9cda-c5644b931cb4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-dcc8004b-ab26-4582-b7dc-568acbb48a57" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fa468c98-b8b9-4145-8308-4b91a2c34c72" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e61000b5-a2df-466d-9525-974b427fb7e9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-ae0ee06f-a939-422e-bf3c-718872457362" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-6379656a-19e5-483b-ae0d-747726690807" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3cb94b8d-da73-4624-ba1d-a2a9769cebd6" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7e39361b-cd37-450a-ab88-f934a103ff72" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-585b2299-7a01-48ee-89f9-7f966b2f641c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-fb6cb6fa-d4c4-4f4a-87e3-c3b7ae4d4a3c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-76b27221-959b-4471-8c9a-2af95655816c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-b7610226-c87a-465e-bff9-c3656f423416" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-1ca1bdde-4f34-4a35-a215-71007c060ba4" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-85bf512d-c12b-40f4-b0b6-793f71cb1e07" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7e16ec98-a87f-403d-a546-a0deb9fa4b81" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-45c33198-370c-4cf6-99e0-9cea66f237fa" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-3b83b772-fcba-46e4-9a52-cd4678c68b83" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-632ea185-c226-44e7-858a-05aac2d0c3bf" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-70d7f498-93a8-4a33-b6a0-028f5ef6ab36" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4d0aeaec-d073-4615-90b3-a9e717025db9" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-435adcbb-7a46-4255-a581-f9f8cf39644b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-4fe1269e-7360-471e-9788-d13af3dc77ef" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-7323cc18-c4b2-4e25-8a5e-3caa4afa3081" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-bf2bdcaf-61a0-4e90-bcce-ad0b0551a02e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-e51f43fe-37eb-4469-a666-a4c74708c9ed" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-f9e0c47b-a923-4ea6-805e-bd7dcdefeb26" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:TTP idref="fireeye:ttp-59fae6a2-4a3b-418e-8ca7-06a845820666" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| </report:TTPs> | |
| <report:Campaigns> | |
| <report:Campaign idref="fireeye:campaign-700c8b90-fd16-40e9-8b80-00b0c8bc84ee" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-752c225d-d6f6-4456-9130-d9580fd4007b" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-36082810-2226-4c00-88dc-d69f92efa60e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-4ce0b014-1313-4089-a2e6-ba0a37d934f8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-d02a1560-ff69-49f4-ac34-919b8aa4b91e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-157fd308-1677-46f5-a4b2-66cc24d801d7" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Campaign idref="fireeye:campaign-721976f9-56d7-4749-8c69-b3ac7c315f05" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| </report:Campaigns> | |
| <report:Threat_Actors> | |
| <report:Threat_Actor idref="fireeye:threatactor-7b14e202-bd27-4885-b8d7-b908a9651a03" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-9b371afe-ddfd-4954-abaf-8abb357ac78e" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-12b54231-a99d-431e-9587-34b4cb447e98" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-3cc07211-163e-4d26-8c5c-2d0998b60d4f" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-fb580b4d-b36d-415c-b711-d9997955f5c1" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-c5f80025-d518-470e-977d-e99d50ea21e8" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| <report:Threat_Actor idref="fireeye:threatactor-0d059e61-df46-46e4-9fe3-fb10dfd1751c" timestamp="2014-05-08T09:00:00.000000Z"/> | |
| </report:Threat_Actors> | |
| </stix:Report> | |
| </stix:Reports> | |
| </stix:STIX_Package> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment