STIX 2.0 to MISP Objects mapping
MISP Objects are containers grouping related MISP attributes. When importing STIX 2.0 content, composite STIX structures (an Indicator with a multi-field pattern, or an Observed Data with multiple observable objects) are mapped to the corresponding MISP object template.
The list of currently supported MISP object templates is available here.
Current mapping
- Domain-IP object (custom case)
- STIX - Observed Data
{ "type": "observed-data", "id": "observed-data--dc624447-684a-488f-9e16-f78f717d8efd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "1": { "type": "ipv4-addr", "value": "149.13.33.14" }, "0": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "1" ], "x_misp_hostname": "circl.lu", "x_misp_port": "8443" } }, "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] } - MISP
{ "name": "domain-ip", "meta-category": "network", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "template_version": "11", "uuid": "dc624447-684a-488f-9e16-f78f717d8efd", "Attribute": [ { "uuid": "3d7a759e-7952-5468-8c4a-3a477ab9d191", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "b8f44674-8739-5cf6-80b1-c1e782b22b23", "object_relation": "hostname", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "db22ff22-2964-519a-817e-22806ed63f8f", "object_relation": "port", "value": "8443", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "17ff04b2-891d-5fa4-8693-bcf51669941c", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Observed Data
- Domain-IP object (standard case)
- STIX - Observed Data
{ "type": "observed-data", "id": "observed-data--5ac337df-e078-4e99-8b17-02550a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "ipv4-addr", "value": "149.13.33.14" }, "1": { "type": "ipv4-addr", "value": "185.194.93.14" }, "2": { "type": "domain-name", "value": "misp-project.org", "resolves_to_refs": [ "0", "1" ] }, "3": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "0", "1" ] } }, "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"False\"" ] } - MISP
{ "name": "domain-ip", "meta-category": "network", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "template_version": "11", "uuid": "5ac337df-e078-4e99-8b17-02550a00020f", "Attribute": [ { "uuid": "ef28458b-615e-5a22-ad90-9ab27e2fa044", "object_relation": "domain", "value": "misp-project.org", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "77ad8ec4-c04b-5f51-98f0-e61e937fb0c2", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "1267d7f9-790d-51a1-9f4a-8904d4de2b31", "object_relation": "ip", "value": "185.194.93.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "78d46bcf-86c8-5deb-b59d-9246c5550dce", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Observed Data
- File object with a Windows PE binary extension
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5ac47782-e1b8-40b6-96b4-02510a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97' AND file:hashes.'SHA-1' = '5898fc860300e228dcd54c0b1045b5fa0dcda502' AND file:hashes.'SHA-256' = '3a3468fa89b2ab7cbfe5400858a8ec0066e9e8defa9a64c993b5f24210244df8' AND file:name = 'oui' AND file:size = '1234' AND file:x_misp_entropy = '1.234' AND file:extensions.'windows-pebinary-ext'.imphash = '23ea835ab4b9017c74dfb023d2301c99' AND file:extensions.'windows-pebinary-ext'.number_of_sections = '8' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '5369222868' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2019-03-16T12:31:22Z' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'PuTTy' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'PuTTy' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SSH, Telnet and Rlogin client' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = 'Release 0.71 (with embedded help)' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '080904B0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'PuTTy suite' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = 'Release 0.71' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Simoe Tatham' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1997-2019 Simon Tatham.' AND file:extensions.'windows-pebinary-ext'.x_misp_impfuzzy = '192:8GMV5iqHKV+5RvUV5iqHKV+5RvAVDNNhwkCtRxwUQt63yf2y9sAkexSECI:vMVzB5R8VzB5R4XGtRxwUccc2y9scxt' AND file:extensions.'windows-pebinary-ext'.sections[0].entropy = '7.836462238824369' AND file:extensions.'windows-pebinary-ext'.sections[0].name = '.rsrc' AND file:extensions.'windows-pebinary-ext'.sections[0].size = '305152' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.MD5 = '8a2a5fc2ce56b3b04d58539a95390600' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-1' = '0aeb9def096e9f73e9460afe6f8783a32c7eabdf' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-256' = 'c6b3ac8303a72be90b0e47f69977e6f5665693d4ea0aa93e5c27b5c556c7cf9b' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-512' = '98fce208e6ed9612db53725fe03b73ab7cb1b487814d521c3c218273cad33891ce832c4f842c6f492d92df1e78414c82a00ddb91a1f8ec7d67325231a597a78f' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.SSDEEP = '6144:BvqbV6zoA5yJJ1entjx+UJlVshhKuqMrgyNhahL2uSvhM:BvuVy5UJUtwUJ/UjHSEuSvK']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] } - MISP
[ { "name": "file", "meta-category": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "description": "File object describing a file with meta-information", "template_version": "25", "uuid": "5ac47782-e1b8-40b6-96b4-02510a00020f", "ObjectReference": [ { "uuid": "eb01cafe-2e83-4e18-8817-e6efe7959e89", "object_uuid": "5ac47782-e1b8-40b6-96b4-02510a00020f", "referenced_uuid": "73d10d99-c013-43a7-8fdb-d7e8d55a176c", "relationship_type": "includes" } ], "Attribute": [ { "uuid": "44c1b3ef-56fd-5eda-881f-d1d861165779", "object_relation": "md5", "value": "b2a5abfeef9e36964281a31e17b57c97", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "30ca571b-21e1-5d35-8961-23cb2a6d15b2", "object_relation": "sha1", "value": "5898fc860300e228dcd54c0b1045b5fa0dcda502", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "511d1a95-5b49-54fa-83eb-e6239b654ea8", "object_relation": "sha256", "value": "3a3468fa89b2ab7cbfe5400858a8ec0066e9e8defa9a64c993b5f24210244df8", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "03301da9-9267-5091-9a85-a504585d463d", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "a6dee513-fe56-5554-bc11-9762396169d6", "object_relation": "size-in-bytes", "value": "1234", "type": "size-in-bytes", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "733bdd0f-4dd6-5c66-8852-2918f7b5dcd8", "object_relation": "entropy", "value": "1.234", "type": "float", "disable_correlation": true, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }, { "name": "pe", "meta-category": "file", "template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", "description": "Object describing a Portable Executable", "template_version": "11", "uuid": "73d10d99-c013-43a7-8fdb-d7e8d55a176c", "ObjectReference": [ { "uuid": "d88a7353-b195-4259-a0c1-e7194aaea73b", "object_uuid": "73d10d99-c013-43a7-8fdb-d7e8d55a176c", "referenced_uuid": "e004144f-a288-481e-9a9f-823278833484", "relationship_type": "includes" } ], "Attribute": [ { "uuid": "72e1a43f-35fd-5ae4-8295-5c0e4cfca5e2", "object_relation": "entrypoint-address", "value": "5369222868", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "d35f202f-e89d-53c2-81be-6804f90c80fa", "object_relation": "imphash", "value": "23ea835ab4b9017c74dfb023d2301c99", "type": "imphash", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "8c18a781-3f07-5b04-87f1-78cc4f967868", "object_relation": "number-sections", "value": "8", "type": "counter", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "712b242b-3b98-58b5-96da-257ce5fec952", "object_relation": "type", "value": "exe", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "becaee1f-5efb-544d-aadf-9af328dddc7e", "object_relation": "compilation-timestamp", "value": "2019-03-16T12:31:22+00:00", "type": "datetime", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "cd58298c-b13f-57d8-bb87-77a88d59de93", "object_relation": "original-filename", "value": "PuTTy", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery" }, { "uuid": "ef65699e-cfe3-5f36-8f51-eaa6243440dd", "object_relation": "internal-filename", "value": "PuTTy", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery" }, { "uuid": "8eb829df-c85e-5dd0-8221-1c2454ed4da6", "object_relation": "file-description", "value": "SSH, Telnet and Rlogin client", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "0c1b9cdd-5e30-5aa9-8bbc-a9c42b71f214", "object_relation": "file-version", "value": "Release 0.71 (with embedded help)", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "7979d4d9-fbec-518d-8eed-90d53e48fcc7", "object_relation": "lang-id", "value": "080904B0", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "b19d767b-ad03-5de3-8203-a57067bb1390", "object_relation": "product-name", "value": "PuTTy suite", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "a0baadcc-0329-5475-bc55-ea643bd442ce", "object_relation": "product-version", "value": "Release 0.71", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "54b0d69d-51f9-566e-ac6a-0086f8f78954", "object_relation": "company-name", "value": "Simoe Tatham", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "4c38b484-bad8-5ed5-9e63-bedba33759d4", "object_relation": "legal-copyright", "value": "Copyright \u00a9 1997-2019 Simon Tatham.", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "4445ad69-db27-56b8-9648-306456c23c16", "object_relation": "impfuzzy", "value": "192:8GMV5iqHKV+5RvUV5iqHKV+5RvAVDNNhwkCtRxwUQt63yf2y9sAkexSECI:vMVzB5R8VzB5R4XGtRxwUccc2y9scxt", "type": "impfuzzy", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }, { "name": "pe-section", "meta-category": "file", "template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a", "description": "Object describing a section of a Portable Executable", "template_version": "3", "uuid": "e004144f-a288-481e-9a9f-823278833484", "Attribute": [ { "uuid": "88272e26-8dc6-5fe2-bceb-ac782ffc0a0a", "object_relation": "entropy", "value": "7.836462238824369", "type": "float", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "6ae22987-c106-5388-981b-db3e62404cf2", "object_relation": "name", "value": ".rsrc", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "4385ad23-3adc-53dc-82ba-a3239b8cee22", "object_relation": "size-in-bytes", "value": "305152", "type": "size-in-bytes", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "d2de06c2-2b79-58fd-a4d6-7fada700f016", "object_relation": "md5", "value": "8a2a5fc2ce56b3b04d58539a95390600", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "9352b999-509f-586b-9708-0cc99f311373", "object_relation": "sha1", "value": "0aeb9def096e9f73e9460afe6f8783a32c7eabdf", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "e5c9acb1-9e28-5e7c-80db-4422413a9991", "object_relation": "sha256", "value": "c6b3ac8303a72be90b0e47f69977e6f5665693d4ea0aa93e5c27b5c556c7cf9b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "7ecef93f-2c66-5884-bdc7-71fe0aeba836", "object_relation": "sha512", "value": "98fce208e6ed9612db53725fe03b73ab7cb1b487814d521c3c218273cad33891ce832c4f842c6f492d92df1e78414c82a00ddb91a1f8ec7d67325231a597a78f", "type": "sha512", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "47341526-f70c-5a13-8869-0f454a236a2a", "object_relation": "ssdeep", "value": "6144:BvqbV6zoA5yJJ1entjx+UJlVshhKuqMrgyNhahL2uSvhM:BvuVy5UJUtwUJ/UjHSEuSvK", "type": "ssdeep", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } ] - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5ac47782-e1b8-40b6-96b4-02510a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97", "SHA-1": "5898fc860300e228dcd54c0b1045b5fa0dcda502", "SHA-256": "3a3468fa89b2ab7cbfe5400858a8ec0066e9e8defa9a64c993b5f24210244df8" }, "size": 1234, "name": "oui", "extensions": { "windows-pebinary-ext": { "pe_type": "exe", "imphash": "23ea835ab4b9017c74dfb023d2301c99", "number_of_sections": 8, "optional_header": { "address_of_entry_point": 5369222868 }, "sections": [ { "name": ".rsrc", "size": 305152, "entropy": 7.836462238824369, "hashes": { "MD5": "8a2a5fc2ce56b3b04d58539a95390600", "SHA-1": "0aeb9def096e9f73e9460afe6f8783a32c7eabdf", "SHA-256": "c6b3ac8303a72be90b0e47f69977e6f5665693d4ea0aa93e5c27b5c556c7cf9b", "SHA-512": "98fce208e6ed9612db53725fe03b73ab7cb1b487814d521c3c218273cad33891ce832c4f842c6f492d92df1e78414c82a00ddb91a1f8ec7d67325231a597a78f", "ssdeep": "6144:BvqbV6zoA5yJJ1entjx+UJlVshhKuqMrgyNhahL2uSvhM:BvuVy5UJUtwUJ/UjHSEuSvK" } } ], "x_misp_company_name": "Simoe Tatham", "x_misp_compilation_timestamp": "2019-03-16T12:31:22Z", "x_misp_file_description": "SSH, Telnet and Rlogin client", "x_misp_file_version": "Release 0.71 (with embedded help)", "x_misp_impfuzzy": "192:8GMV5iqHKV+5RvUV5iqHKV+5RvAVDNNhwkCtRxwUQt63yf2y9sAkexSECI:vMVzB5R8VzB5R4XGtRxwUccc2y9scxt", "x_misp_internal_filename": "PuTTy", "x_misp_lang_id": "080904B0", "x_misp_legal_copyright": "Copyright \u00a9 1997-2019 Simon Tatham.", "x_misp_original_filename": "PuTTy", "x_misp_product_name": "PuTTy suite", "x_misp_product_version": "Release 0.71" } }, "x_misp_entropy": "1.234" } }, "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--5ac47782-e1b8-40b6-96b4-02510a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97' AND file:hashes.'SHA-1' = '5898fc860300e228dcd54c0b1045b5fa0dcda502' AND file:hashes.'SHA-256' = '3a3468fa89b2ab7cbfe5400858a8ec0066e9e8defa9a64c993b5f24210244df8' AND file:name = 'oui' AND file:extensions.'windows-pebinary-ext'.imphash = '23ea835ab4b9017c74dfb023d2301c99' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'PuTTy' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'PuTTy' AND file:extensions.'windows-pebinary-ext'.x_misp_impfuzzy = '192:8GMV5iqHKV+5RvUV5iqHKV+5RvAVDNNhwkCtRxwUQt63yf2y9sAkexSECI:vMVzB5R8VzB5R4XGtRxwUccc2y9scxt' AND file:extensions.'windows-pebinary-ext'.sections[0].name = '.rsrc' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.MD5 = '8a2a5fc2ce56b3b04d58539a95390600' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-1' = '0aeb9def096e9f73e9460afe6f8783a32c7eabdf' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-256' = 'c6b3ac8303a72be90b0e47f69977e6f5665693d4ea0aa93e5c27b5c556c7cf9b' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.'SHA-512' = '98fce208e6ed9612db53725fe03b73ab7cb1b487814d521c3c218273cad33891ce832c4f842c6f492d92df1e78414c82a00ddb91a1f8ec7d67325231a597a78f' AND file:extensions.'windows-pebinary-ext'.sections[0].hashes.SSDEEP = '6144:BvqbV6zoA5yJJ1entjx+UJlVshhKuqMrgyNhahL2uSvhM:BvuVy5UJUtwUJ/UjHSEuSvK']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--381d4bb0-d07c-4128-8880-eede3c7825f5", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5ac47782-e1b8-40b6-96b4-02510a00020f", "target_ref": "observed-data--5ac47782-e1b8-40b6-96b4-02510a00020f" } ] - MISP
[ { "name": "file", "meta-category": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "description": "File object describing a file with meta-information", "template_version": "25", "uuid": "5ac47782-e1b8-40b6-96b4-02510a00020f", "ObjectReference": [ { "uuid": "3ea282ac-327c-46ed-994b-b63752749b8a", "object_uuid": "5ac47782-e1b8-40b6-96b4-02510a00020f", "referenced_uuid": "61f720bc-2fb8-5a7a-a849-4542b59048e4", "relationship_type": "includes" } ], "Attribute": [ { "uuid": "0ffc2d79-b7f5-57f2-80a9-1059c73ebae0", "object_relation": "md5", "value": "b2a5abfeef9e36964281a31e17b57c97", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "005ed2fd-feec-5e88-8eb1-6a9d31d3f6d8", "object_relation": "sha1", "value": "5898fc860300e228dcd54c0b1045b5fa0dcda502", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "880b522b-ffdc-5f9e-b236-c454aa6df2ef", "object_relation": "sha256", "value": "3a3468fa89b2ab7cbfe5400858a8ec0066e9e8defa9a64c993b5f24210244df8", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "ac6e3961-b4a8-55c5-b739-5b1f3efc9db6", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "24f96323-562e-537b-8f9b-98a82b04f8aa", "object_relation": "size-in-bytes", "value": "1234", "type": "size-in-bytes", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "df182c88-18c1-518b-ad77-f4e2d44a1b90", "object_relation": "entropy", "value": "1.234", "type": "float", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }, { "name": "pe", "meta-category": "file", "template_uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", "description": "Object describing a Portable Executable", "template_version": "11", "uuid": "61f720bc-2fb8-5a7a-a849-4542b59048e4", "ObjectReference": [ { "uuid": "7f809db8-ef47-4c70-83e0-5dcd342f4037", "object_uuid": "61f720bc-2fb8-5a7a-a849-4542b59048e4", "referenced_uuid": "fb7ddfd6-13c1-5ca6-bd1e-04efa3af3247", "relationship_type": "includes" } ], "Attribute": [ { "uuid": "7dc8cde2-bc1a-5d44-b542-9f326f0d6ee7", "object_relation": "entrypoint-address", "value": "5369222868", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "cb8829f2-06a5-55eb-a957-b3a2402a5e15", "object_relation": "imphash", "value": "23ea835ab4b9017c74dfb023d2301c99", "type": "imphash", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "e76d4377-21fe-5a56-a10f-b2b2519c84e4", "object_relation": "number-sections", "value": "8", "type": "counter", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "d3cc0da0-ab1c-57e9-9f2f-35a55e4be135", "object_relation": "type", "value": "exe", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "04c88329-3f78-56c7-878b-afa6b6d44a18", "object_relation": "company-name", "value": "Simoe Tatham", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "1bd33ed2-0764-55a5-8aed-bf3ae9408062", "object_relation": "compilation-timestamp", "value": "2019-03-16T12:31:22+00:00", "type": "datetime", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "8ff8236d-7a2c-52ff-8104-4732e0acdf51", "object_relation": "file-description", "value": "SSH, Telnet and Rlogin client", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "48965304-361d-538f-baa3-d6961274741a", "object_relation": "file-version", "value": "Release 0.71 (with embedded help)", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "f9c26894-4e50-5a28-bf53-8c78148a3690", "object_relation": "impfuzzy", "value": "192:8GMV5iqHKV+5RvUV5iqHKV+5RvAVDNNhwkCtRxwUQt63yf2y9sAkexSECI:vMVzB5R8VzB5R4XGtRxwUccc2y9scxt", "type": "impfuzzy", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "566e4116-5228-5d42-a45a-029f0298a32a", "object_relation": "internal-filename", "value": "PuTTy", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "b363c1e5-8a0e-51e8-8160-4bb748496263", "object_relation": "lang-id", "value": "080904B0", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "a51d7d2d-565e-55a4-9065-8d4b015f36b0", "object_relation": "legal-copyright", "value": "Copyright \u00a9 1997-2019 Simon Tatham.", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "386e63e1-49fa-5293-83f8-e245e1ee3a2e", "object_relation": "original-filename", "value": "PuTTy", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "9ae9011b-b13a-5a38-91f8-6bb6820fa957", "object_relation": "product-name", "value": "PuTTy suite", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "4b286c6c-1596-5b24-af6f-f50f5d195c20", "object_relation": "product-version", "value": "Release 0.71", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }, { "name": "pe-section", "meta-category": "file", "template_uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a", "description": "Object describing a section of a Portable Executable", "template_version": "3", "uuid": "fb7ddfd6-13c1-5ca6-bd1e-04efa3af3247", "Attribute": [ { "uuid": "32f76b8f-f1f6-5346-8edf-372169230ce8", "object_relation": "entropy", "value": 7.836462238824369, "type": "float", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "d35b8568-7286-5273-8c10-65e8d76ae245", "object_relation": "name", "value": ".rsrc", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "9a06f844-b40e-5f92-ae29-896eee5b6cc0", "object_relation": "size-in-bytes", "value": "305152", "type": "size-in-bytes", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "08ddaeeb-e2e2-5530-9b01-5e5b9fcd2ecc", "object_relation": "md5", "value": "8a2a5fc2ce56b3b04d58539a95390600", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "e0a62bf4-51cb-5810-a1d9-36aa83aef1c2", "object_relation": "sha1", "value": "0aeb9def096e9f73e9460afe6f8783a32c7eabdf", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "96f4eace-3ea4-5f27-97c1-1826a92af2ef", "object_relation": "sha256", "value": "c6b3ac8303a72be90b0e47f69977e6f5665693d4ea0aa93e5c27b5c556c7cf9b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "be9a0001-3296-5f23-9b0c-3b4497a8ae37", "object_relation": "sha512", "value": "98fce208e6ed9612db53725fe03b73ab7cb1b487814d521c3c218273cad33891ce832c4f842c6f492d92df1e78414c82a00ddb91a1f8ec7d67325231a597a78f", "type": "sha512", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" }, { "uuid": "1dfff8b7-f813-5a46-a5c9-efb0c6ed80a2", "object_relation": "ssdeep", "value": "6144:BvqbV6zoA5yJJ1entjx+UJlVshhKuqMrgyNhahL2uSvhM:BvuVy5UJUtwUJ/UjHSEuSvK", "type": "ssdeep", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5ac47782-e1b8-40b6-96b4-02510a00020f" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } ]
- STIX - Indicator
- Script object where state is “Malicious”
- STIX - Malware
{ "type": "malware", "id": "malware--ce12c406-cf09-457b-875a-41ab75d6dc4d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "infected.py", "description": "A script that infects command line shells", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"script\"", "misp:meta-category=\"misc\"" ], "implementation_languages": [ "Python" ], "x_misp_script": "print('You are infected')", "x_misp_script_as_attachment": { "value": "infected.py", "data": "cHJpbnQoJ1lvdSBhcmUgaW5mZWN0ZWQnKQo=" }, "x_misp_state": "Malicious" } - MISP
{ "name": "script", "meta-category": "misc", "template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2", "description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.", "template_version": "7", "uuid": "ce12c406-cf09-457b-875a-41ab75d6dc4d", "Attribute": [ { "uuid": "dac2edac-d547-5e50-85a4-e9452224445c", "object_relation": "filename", "value": "infected.py", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery" }, { "uuid": "c1e87f91-0b89-58f6-bd3d-2f884b776bcb", "object_relation": "comment", "value": "A script that infects command line shells", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "61351eaf-8de4-5e32-9832-a92fa37a192a", "object_relation": "language", "value": "Python", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "2cb36b7e-1b0b-5ecf-aab8-9117fc7f02c6", "object_relation": "script", "value": "print('You are infected')", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "2ede7ee1-5d19-53d5-b9a3-0b83b625c184", "object_relation": "state", "value": "Malicious", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "cHJpbnQoJ1lvdSBhcmUgaW5mZWN0ZWQnKQo=", "uuid": "035d88c0-b16d-4310-aca5-fa545a1be3ac", "object_relation": "script-as-attachment", "value": "infected.py", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Malware
- Script object where state is not “Malicious”
- STIX - Tool
{ "type": "tool", "id": "tool--9d14bdd1-5d32-4b4d-bd50-fd3a9d1c1c04", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "hello.py", "description": "A peaceful script", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"script\"", "misp:meta-category=\"misc\"" ], "x_misp_language": "Python", "x_misp_script": "print('Hello World')", "x_misp_script_as_attachment": { "value": "hello.py", "data": "cHJpbnQoJ0hlbGxvIFdvcmxkJykK" }, "x_misp_state": "Harmless" } - MISP
{ "name": "script", "meta-category": "misc", "template_uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2", "description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.", "template_version": "7", "uuid": "9d14bdd1-5d32-4b4d-bd50-fd3a9d1c1c04", "Attribute": [ { "uuid": "ca486900-87da-576d-9bd3-377404a21218", "object_relation": "filename", "value": "hello.py", "type": "filename", "disable_correlation": true, "to_ids": true, "category": "Payload delivery" }, { "uuid": "f4fc31a9-2995-5d0e-87f5-bc7aa8f0af1f", "object_relation": "comment", "value": "A peaceful script", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "551b0110-98ec-526d-97c9-fae46920b783", "object_relation": "language", "value": "Python", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "99f9b240-1e68-5f54-95ff-41791cb59846", "object_relation": "script", "value": "print('Hello World')", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "f2ccdac7-b2e8-5e65-be11-1228b55fbf11", "object_relation": "state", "value": "Harmless", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "cHJpbnQoJ0hlbGxvIFdvcmxkJykK", "uuid": "54471636-bf45-42a8-925e-a65202249c55", "object_relation": "script-as-attachment", "value": "hello.py", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Tool
- android-app
- STIX - Indicator
{ "type": "indicator", "id": "indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[software:name = 'Facebook' AND software:x_misp_certificate = 'c3a94cdf5ad4d71fd60c16ba8801529c78e7398f' AND software:x_misp_domain = 'facebook.com']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"android-app\"", "misp:meta-category=\"file\"" ] } - MISP
{ "name": "android-app", "meta-category": "file", "template_uuid": "92836f23-4730-4eae-82ac-9f00d5299735", "description": "Indicators related to an Android app", "template_version": "2", "uuid": "02782ed5-b27f-4abc-8bae-efebe13a46dd", "Attribute": [ { "uuid": "cbd5d1c3-f15c-58f4-95da-484d3ff06c53", "object_relation": "name", "value": "Facebook", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "3c277be5-0978-5e09-8ec9-1e0321c5434d", "object_relation": "certificate", "value": "c3a94cdf5ad4d71fd60c16ba8801529c78e7398f", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "3b7370a1-0a85-55f3-910b-3a7fbccaf0c0", "object_relation": "domain", "value": "facebook.com", "type": "domain", "disable_correlation": false, "to_ids": true, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--02782ed5-b27f-4abc-8bae-efebe13a46dd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "software", "name": "Facebook", "x_misp_certificate": "c3a94cdf5ad4d71fd60c16ba8801529c78e7398f", "x_misp_domain": "facebook.com" } }, "labels": [ "misp:name=\"android-app\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[software:name = 'Facebook' AND software:x_misp_certificate = 'c3a94cdf5ad4d71fd60c16ba8801529c78e7398f' AND software:x_misp_domain = 'facebook.com']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"android-app\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--083173fd-5fce-4b13-b413-bf10aa781ee5", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd", "target_ref": "observed-data--02782ed5-b27f-4abc-8bae-efebe13a46dd" } ] - MISP
{ "name": "android-app", "meta-category": "file", "template_uuid": "92836f23-4730-4eae-82ac-9f00d5299735", "description": "Indicators related to an Android app", "template_version": "2", "uuid": "02782ed5-b27f-4abc-8bae-efebe13a46dd", "Attribute": [ { "uuid": "27bc5b4c-16e3-5535-ae7f-cef6f4ec210d", "object_relation": "name", "value": "Facebook", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd" }, { "uuid": "f483da88-87c8-5b33-bd7f-d6d81aeca945", "object_relation": "certificate", "value": "c3a94cdf5ad4d71fd60c16ba8801529c78e7398f", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd" }, { "uuid": "dd282f72-28ae-5cb0-973d-f86e706c2028", "object_relation": "domain", "value": "facebook.com", "type": "domain", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--02782ed5-b27f-4abc-8bae-efebe13a46dd" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- asn
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5b23c82b-6508-4bdc-b580-045b0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[autonomous-system:number = '66642' AND autonomous-system:name = 'AS name' AND autonomous-system:x_misp_subnet_announced = '1.2.3.4' AND autonomous-system:x_misp_subnet_announced = '8.8.8.8']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"asn\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "asn", "meta-category": "network", "template_uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6587", "description": "Autonomous system object describing an autonomous system which can include one or more network operators managing an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.", "template_version": "6", "uuid": "5b23c82b-6508-4bdc-b580-045b0a00020f", "Attribute": [ { "uuid": "a704512f-866c-508c-a17d-5b92d7cda8c7", "object_relation": "asn", "value": "AS66642", "type": "AS", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "8326c3ae-927d-53e0-a7fc-9b1448aef3c5", "object_relation": "description", "value": "AS name", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "1d96b729-0143-5425-b33c-610a6080658f", "object_relation": "subnet-announced", "value": "1.2.3.4", "type": "ip-src", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "46eb4961-c0d4-5854-97f6-ee0b3a38af38", "object_relation": "subnet-announced", "value": "8.8.8.8", "type": "ip-src", "disable_correlation": false, "to_ids": true, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5b23c82b-6508-4bdc-b580-045b0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "autonomous-system", "number": 66642, "name": "AS name", "x_misp_subnet_announced": [ "1.2.3.4", "8.8.8.8" ] } }, "labels": [ "misp:name=\"asn\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5b23c82b-6508-4bdc-b580-045b0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[autonomous-system:number = '66642']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"asn\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--36414951-fe93-4021-8234-9d7fae390de9", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5b23c82b-6508-4bdc-b580-045b0a00020f", "target_ref": "observed-data--5b23c82b-6508-4bdc-b580-045b0a00020f" } ] - MISP
{ "name": "asn", "meta-category": "network", "template_uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6587", "description": "Autonomous system object describing an autonomous system which can include one or more network operators managing an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.", "template_version": "6", "uuid": "5b23c82b-6508-4bdc-b580-045b0a00020f", "Attribute": [ { "uuid": "6be3cc6a-bcbd-55d8-aaa6-a87e30c60f1a", "object_relation": "asn", "value": "66642", "type": "AS", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5b23c82b-6508-4bdc-b580-045b0a00020f" }, { "uuid": "f0f5e2c9-4c9b-5b3a-8281-38a0d8590948", "object_relation": "description", "value": "AS name", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "aa6282c0-41bc-5154-b054-0ba6b655f610", "object_relation": "subnet-announced", "value": "1.2.3.4", "type": "ip-src", "disable_correlation": false, "to_ids": false, "category": "Network activity" }, { "uuid": "e8665b1d-117e-5136-b69c-eba2d3fcc49a", "object_relation": "subnet-announced", "value": "8.8.8.8", "type": "ip-src", "disable_correlation": false, "to_ids": false, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- attack-pattern
- STIX - Attack Pattern
{ "type": "attack-pattern", "id": "attack-pattern--7205da54-70de-4fa7-9b34-e14e63fe6787", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "Buffer Overflow in Local Command-Line Utilities", "description": "This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "vulnerability" } ], "labels": [ "misp:name=\"attack-pattern\"", "misp:meta-category=\"vulnerability\"" ], "external_references": [ { "source_name": "capec", "external_id": "CAPEC-9" } ], "x_misp_prerequisites": "The target hosst exposes a command-line utility to the user. The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited.", "x_misp_related_weakness": [ "CWE-118", "CWE-120" ], "x_misp_solutions": "Carefully review the service\\'s implementation before making it available to users." } - MISP
{ "name": "attack-pattern", "meta-category": "vulnerability", "template_uuid": "35928348-56be-4d7f-9752-a80927936351", "description": "Attack pattern describing a common attack pattern enumeration and classification.", "template_version": "1", "uuid": "7205da54-70de-4fa7-9b34-e14e63fe6787", "Attribute": [ { "uuid": "d3312bd3-e750-5b9e-a2a7-bd7ebd5eb59d", "object_relation": "summary", "value": "This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "415f2b3b-fdee-51ca-b5da-d85ecea5cc46", "object_relation": "name", "value": "Buffer Overflow in Local Command-Line Utilities", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "53de7a0f-4916-5c6a-9581-2aeaecd276d2", "object_relation": "prerequisites", "value": "The target hosst exposes a command-line utility to the user. The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited.", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "e2a337e0-70ac-5317-9964-f948412b1b16", "object_relation": "related-weakness", "value": "CWE-118", "type": "weakness", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "949c6ea0-f59b-5f00-981e-d9f5c7958303", "object_relation": "related-weakness", "value": "CWE-120", "type": "weakness", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "ff8ee95e-ef69-5b42-b0cf-5e39ff800a14", "object_relation": "solutions", "value": "Carefully review the service\\'s implementation before making it available to users.", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "a8971964-0272-447a-9877-7a8c6e6ee34d", "object_relation": "id", "value": "9", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Attack Pattern
- course-of-action
- STIX - Course of Action
{ "type": "course-of-action", "id": "course-of-action--5d514ff9-ac30-4fb5-b9e7-3eb4a964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "Block traffic to PIVY C2 Server (10.10.10.10)", "description": "Block communication between the PIVY agents and the C2 Server", "labels": [ "misp:name=\"course-of-action\"", "misp:meta-category=\"misc\"" ], "x_misp_cost": "Low", "x_misp_efficacy": "High", "x_misp_impact": "Low", "x_misp_objective": "Block communication between the PIVY agents and the C2 Server", "x_misp_stage": "Response", "x_misp_type": "Perimeter Blocking" } - MISP
{ "name": "course-of-action", "meta-category": "misc", "template_uuid": "3d1c2c06-68a9-4394-8c8d-258d115f796f", "description": "An object describing a specific measure taken to prevent or respond to an attack.", "template_version": "1", "uuid": "5d514ff9-ac30-4fb5-b9e7-3eb4a964451a", "Attribute": [ { "uuid": "d94001f7-c370-5f65-8a32-bed6b9e3497e", "object_relation": "name", "value": "Block traffic to PIVY C2 Server (10.10.10.10)", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "133554fe-a933-5b98-99d0-2525f0890b95", "object_relation": "description", "value": "Block communication between the PIVY agents and the C2 Server", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "f8273792-0420-508a-8100-477cfe344928", "object_relation": "cost", "value": "Low", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "02f98a6d-60dc-59c2-a505-d5ed0c332c2c", "object_relation": "efficacy", "value": "High", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "3816cef5-fdb9-58b0-b4da-795917e23fdb", "object_relation": "impact", "value": "Low", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "2d74de51-1c2c-531b-89ed-19aab006430b", "object_relation": "objective", "value": "Block communication between the PIVY agents and the C2 Server", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "9cd3cb8e-4a55-58eb-9caa-868695035970", "object_relation": "stage", "value": "Response", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "ca21bcf8-a932-5cfd-93ec-82aad971aec9", "object_relation": "type", "value": "Perimeter Blocking", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Course of Action
- cpe-asset
- STIX - Indicator
{ "type": "indicator", "id": "indicator--3f53a829-6307-4006-b7a2-ff53dace4159", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[software:cpe = 'cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*' AND software:languages = 'ENG' AND software:name = 'Word' AND software:vendor = 'Microsoft' AND software:version = '2002' AND software:x_misp_description = 'Microsoft Word is a word processing software developed by Microsoft.']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"cpe-asset\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "cpe-asset", "meta-category": "misc", "template_uuid": "8ea002c4-172d-45ae-8d91-1cdea825e6a9", "description": "An asset which can be defined by a CPE. This can be a generic asset. CPE is a structured naming scheme for information technology systems, software, and packages.", "template_version": "1", "uuid": "3f53a829-6307-4006-b7a2-ff53dace4159", "Attribute": [ { "uuid": "0a94f3d6-1fa9-5927-bc76-302a37d9530e", "object_relation": "cpe", "value": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "type": "cpe", "disable_correlation": false, "to_ids": true, "category": "External analysis" }, { "uuid": "a735d0eb-d82b-5219-be4c-043748a3bddc", "object_relation": "language", "value": "ENG", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "60cdef19-ff6e-51ef-91aa-94b8ccc6c23c", "object_relation": "product", "value": "Word", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "3f88396a-6024-50fa-86d9-476931b4bb5a", "object_relation": "vendor", "value": "Microsoft", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "b0c697a9-09cb-5f2d-a8c3-8da5a3cc8716", "object_relation": "version", "value": "2002", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "2e6f8b95-3bb1-50b2-ae22-6b83004aa8db", "object_relation": "description", "value": "Microsoft Word is a word processing software developed by Microsoft.", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--3f53a829-6307-4006-b7a2-ff53dace4159", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "software", "name": "Word", "cpe": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "languages": [ "ENG" ], "vendor": "Microsoft", "version": "2002", "x_misp_description": "Microsoft Word is a word processing software developed by Microsoft." } }, "labels": [ "misp:name=\"cpe-asset\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--3f53a829-6307-4006-b7a2-ff53dace4159", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[software:cpe = 'cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"cpe-asset\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--ea9e373b-57f1-46bd-9b65-aa845865817b", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--3f53a829-6307-4006-b7a2-ff53dace4159", "target_ref": "observed-data--3f53a829-6307-4006-b7a2-ff53dace4159" } ] - MISP
{ "name": "cpe-asset", "meta-category": "misc", "template_uuid": "8ea002c4-172d-45ae-8d91-1cdea825e6a9", "description": "An asset which can be defined by a CPE. This can be a generic asset. CPE is a structured naming scheme for information technology systems, software, and packages.", "template_version": "1", "uuid": "3f53a829-6307-4006-b7a2-ff53dace4159", "Attribute": [ { "uuid": "4160b135-52d4-5953-b747-71e431d07286", "object_relation": "cpe", "value": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "type": "cpe", "disable_correlation": false, "to_ids": true, "category": "External analysis", "comment": "Indicator ID: indicator--3f53a829-6307-4006-b7a2-ff53dace4159" }, { "uuid": "dec0bc31-e616-5d3b-8e55-72b62edd5514", "object_relation": "language", "value": "ENG", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "ffe10ee3-7554-5fad-aa53-cae849ba2d88", "object_relation": "product", "value": "Word", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "1e66db4c-c87f-5d39-ae2f-33e2e6a2d308", "object_relation": "vendor", "value": "Microsoft", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "ea6e93e3-1006-5e5c-9cc4-438dc1a72e51", "object_relation": "version", "value": "2002", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "5e596341-ed28-5fc6-bbaf-9fbf23c69050", "object_relation": "description", "value": "Microsoft Word is a word processing software developed by Microsoft.", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- credential
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5b1f9378-46d4-494b-a4c1-044e0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:user_id = 'misp' AND user-account:x_misp_text = 'MISP default credentials' AND user-account:x_misp_password = 'Password1234' AND user-account:x_misp_type = 'password' AND user-account:x_misp_origin = 'malware-analysis' AND user-account:x_misp_format = 'clear-text' AND user-account:x_misp_notification = 'victim-notified']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"credential\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "credential", "meta-category": "misc", "template_uuid": "a27e98c9-9b0e-414c-8076-d201e039ca09", "description": "Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).", "template_version": "5", "uuid": "5b1f9378-46d4-494b-a4c1-044e0a00020f", "Attribute": [ { "uuid": "c73664a1-7ca5-5457-8ab1-537ec9bf249f", "object_relation": "username", "value": "misp", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "49ee2117-830f-53b7-b3ef-96744306f742", "object_relation": "text", "value": "MISP default credentials", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "2f031cb8-56b0-5bda-aa1a-7504af7e4095", "object_relation": "password", "value": "Password1234", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "2c935b07-71d2-5bf3-b3e4-634c2572f7c9", "object_relation": "type", "value": "password", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "a7e1cad5-e8c1-5cd9-864b-217550e1da1f", "object_relation": "origin", "value": "malware-analysis", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "7a03f077-eca5-570d-89d0-1e96fd9600fe", "object_relation": "format", "value": "clear-text", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "a2d352a9-52b0-5c06-9ed8-d9aff6bd1441", "object_relation": "notification", "value": "victim-notified", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5b1f9378-46d4-494b-a4c1-044e0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "misp", "x_misp_format": "clear-text", "x_misp_notification": "victim-notified", "x_misp_origin": "malware-analysis", "x_misp_password": "Password1234", "x_misp_text": "MISP default credentials", "x_misp_type": "password" } }, "labels": [ "misp:name=\"credential\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--5b1f9378-46d4-494b-a4c1-044e0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:x_misp_text = 'MISP default credentials']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"credential\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--49fd4899-8273-4e23-9e70-d92c507fb3bf", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5b1f9378-46d4-494b-a4c1-044e0a00020f", "target_ref": "observed-data--5b1f9378-46d4-494b-a4c1-044e0a00020f" } ] - MISP
{ "name": "credential", "meta-category": "misc", "template_uuid": "a27e98c9-9b0e-414c-8076-d201e039ca09", "description": "Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).", "template_version": "5", "uuid": "5b1f9378-46d4-494b-a4c1-044e0a00020f", "Attribute": [ { "uuid": "c76c35db-fc5e-5e76-8e6d-e8d38dbd8bfe", "object_relation": "username", "value": "misp", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "f29756b5-c6a3-53e4-8be5-5d0ceb16c8f5", "object_relation": "password", "value": "Password1234", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "1e6f7457-5e23-52ff-bee5-b03cbf49c444", "object_relation": "format", "value": "clear-text", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "27148a4d-26fe-52d3-90d7-869919c90b79", "object_relation": "notification", "value": "victim-notified", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "5d8770cc-6c2d-5976-b816-e026e9be4963", "object_relation": "origin", "value": "malware-analysis", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "2af354aa-d2e9-5398-ac08-d6984fdc3c0a", "object_relation": "text", "value": "MISP default credentials", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5b1f9378-46d4-494b-a4c1-044e0a00020f" }, { "uuid": "49cb96ba-a48e-55ee-9cfe-fa6b8d3e9033", "object_relation": "type", "value": "password", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- domain-ip
- STIX - Indicator
{ "type": "indicator", "id": "indicator--dc624447-684a-488f-9e16-f78f717d8efd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[domain-name:value = 'circl.lu' AND domain-name:x_misp_hostname = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14' AND domain-name:x_misp_port = '8443']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "domain-ip", "meta-category": "network", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "template_version": "11", "uuid": "dc624447-684a-488f-9e16-f78f717d8efd", "Attribute": [ { "uuid": "dc05d335-bb06-5fdd-9017-bf58f04fb76f", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "95f79729-7e86-535a-9e69-40461b5c4e0f", "object_relation": "hostname", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "d7f3d92c-82cc-599a-b4cd-e3321c78c630", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "04c94fea-7463-5f4a-8d2d-ad3ca7ba69c3", "object_relation": "port", "value": "8443", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--dc624447-684a-488f-9e16-f78f717d8efd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "1" ], "x_misp_hostname": "circl.lu", "x_misp_port": "8443" }, "1": { "type": "ipv4-addr", "value": "149.13.33.14" } }, "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--dc624447-684a-488f-9e16-f78f717d8efd", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[domain-name:value = 'circl.lu' AND domain-name:x_misp_hostname = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--5d2dcfac-c0c1-418c-af91-028b8776bdee", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--dc624447-684a-488f-9e16-f78f717d8efd", "target_ref": "observed-data--dc624447-684a-488f-9e16-f78f717d8efd" } ] - MISP
{ "name": "domain-ip", "meta-category": "network", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "template_version": "11", "uuid": "dc624447-684a-488f-9e16-f78f717d8efd", "Attribute": [ { "uuid": "a33716a1-70dd-5e54-8137-489c68302dc3", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--dc624447-684a-488f-9e16-f78f717d8efd" }, { "uuid": "cc83c61a-dd74-506d-a71e-ed48ec4865ac", "object_relation": "hostname", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--dc624447-684a-488f-9e16-f78f717d8efd" }, { "uuid": "db22ff22-2964-519a-817e-22806ed63f8f", "object_relation": "port", "value": "8443", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "4e6b1935-7218-5626-bca1-8a9a23e86dfb", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--dc624447-684a-488f-9e16-f78f717d8efd" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- email
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5e396622-2a54-4c8d-b61d-159da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:to_refs[0].value = 'jdoe@random.org' AND email-message:to_refs[0].display_name = 'John Doe' AND email-message:cc_refs[0].value = 'diana.prince@dc.us' AND email-message:cc_refs[0].display_name = 'Diana Prince' AND email-message:cc_refs[1].value = 'marie.curie@nobel.fr' AND email-message:cc_refs[1].display_name = 'Marie Curie' AND email-message:bcc_refs[0].value = 'jfk@gov.us' AND email-message:bcc_refs[0].display_name = 'John Fitzgerald Kennedy' AND email-message:from_ref.value = 'donald.duck@disney.com' AND email-message:from_ref.display_name = 'Donald Duck' AND email-message:additional_header_fields.reply_to = 'reply-to@email.test' AND email-message:subject = 'Email test subject' AND email-message:additional_header_fields.x_mailer = 'x-mailer-test' AND email-message:body_multipart[0].body_raw_ref.name = 'attachment1.file' AND email-message:body_multipart[0].content_disposition = 'attachment' AND email-message:body_multipart[1].body_raw_ref.name = 'attachment2.file' AND email-message:body_multipart[1].content_disposition = 'attachment' AND email-message:x_misp_user_agent = 'Test user agent' AND email-message:x_misp_mime_boundary = 'Test mime boundary' AND email-message:x_misp_message_id = '25']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "email", "meta-category": "network", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "description": "Email object describing an email with meta-information", "template_version": "19", "uuid": "5e396622-2a54-4c8d-b61d-159da964451a", "Attribute": [ { "uuid": "624dd773-3928-5de0-8f26-2e476cbf4da0", "object_relation": "to", "value": "jdoe@random.org", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "52130ffb-1055-595c-9790-ebb6b30cac35", "object_relation": "to-display-name", "value": "John Doe", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "efc5afc1-0143-545e-b631-0a6a2018b8bd", "object_relation": "cc", "value": "diana.prince@dc.us", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "2483d6a2-6bc9-5f7c-aeb5-d09704b0091d", "object_relation": "cc-display-name", "value": "Diana Prince", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "7d3a8959-f201-5657-9229-0cb79b359f62", "object_relation": "cc", "value": "marie.curie@nobel.fr", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "9fed8f41-64e6-5e32-9521-d0c5a0a03447", "object_relation": "cc-display-name", "value": "Marie Curie", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "7ab14f48-2d13-5958-8b32-bfc1271ec1a0", "object_relation": "bcc", "value": "jfk@gov.us", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "6a7d9c63-ef86-5a08-b348-f44325311ac6", "object_relation": "bcc-display-name", "value": "John Fitzgerald Kennedy", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "930e9750-f8e3-5bad-9b94-278a65778533", "object_relation": "from", "value": "donald.duck@disney.com", "type": "email-src", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "4e065da5-2f42-574e-a0c0-839f49d06afc", "object_relation": "from-display-name", "value": "Donald Duck", "type": "email-src-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "6f3c2d02-083f-54e3-927b-9697c05ae5f3", "object_relation": "reply-to", "value": "reply-to@email.test", "type": "email-reply-to", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "ba54f9e0-02c4-5126-8fb8-200cd0b2d7e3", "object_relation": "subject", "value": "Email test subject", "type": "email-subject", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "dbf964ca-09aa-5d86-93e5-e8c280a1301b", "object_relation": "x-mailer", "value": "x-mailer-test", "type": "email-x-mailer", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "2ae62ac4-20d7-571e-9e32-5b33fe725fd1", "object_relation": "user-agent", "value": "Test user agent", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "3f1d6ddc-1154-59c6-a2a4-5eb6aff4c590", "object_relation": "mime-boundary", "value": "Test mime boundary", "type": "email-mime-boundary", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "cea0c916-c69b-5e0d-93fd-52d99c3b326c", "object_relation": "message-id", "value": "25", "type": "email-message-id", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "f97e6d67-0ca8-5c15-b6cf-d06781ce15a5", "object_relation": "attachment", "value": "attachment1.file", "type": "attachment", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "375280c8-5132-56dd-9f2f-1e4e2fa868e2", "object_relation": "attachment", "value": "attachment2.file", "type": "attachment", "category": "Payload delivery", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5e396622-2a54-4c8d-b61d-159da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "email-message", "is_multipart": true, "from_ref": "1", "to_refs": [ "2" ], "cc_refs": [ "3", "4" ], "bcc_refs": [ "5" ], "subject": "Email test subject", "additional_header_fields": { "Reply-To": "reply-to@email.test", "X-Mailer": "x-mailer-test" }, "body_multipart": [ { "body_raw_ref": "6", "content_disposition": "attachment; filename='attachment1.file'" }, { "body_raw_ref": "7", "content_disposition": "attachment; filename='attachment2.file'" } ], "x_misp_message_id": "25", "x_misp_mime_boundary": "Test mime boundary", "x_misp_user_agent": "Test user agent" }, "1": { "type": "email-addr", "value": "donald.duck@disney.com", "display_name": "Donald Duck" }, "2": { "type": "email-addr", "value": "jdoe@random.org", "display_name": "John Doe" }, "3": { "type": "email-addr", "value": "diana.prince@dc.us", "display_name": "Diana Prince" }, "4": { "type": "email-addr", "value": "marie.curie@nobel.fr", "display_name": "Marie Curie" }, "5": { "type": "email-addr", "value": "jfk@gov.us", "display_name": "John Fitzgerald Kennedy" }, "6": { "type": "file", "name": "attachment1.file" }, "7": { "type": "file", "name": "attachment2.file" } }, "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5e396622-2a54-4c8d-b61d-159da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[email-message:to_refs[0].value = 'jdoe@random.org' AND email-message:cc_refs[0].value = 'diana.prince@dc.us' AND email-message:cc_refs[1].value = 'marie.curie@nobel.fr' AND email-message:bcc_refs[0].value = 'jfk@gov.us' AND email-message:from_ref.value = 'donald.duck@disney.com' AND email-message:body_multipart[0].body_raw_ref.name = 'attachment1.file' AND email-message:body_multipart[0].content_disposition = 'attachment' AND email-message:body_multipart[1].body_raw_ref.name = 'attachment2.file' AND email-message:body_multipart[1].content_disposition = 'attachment']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"email\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--dd033127-0059-4994-9c1d-5a9b3830fcd9", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5e396622-2a54-4c8d-b61d-159da964451a", "target_ref": "observed-data--5e396622-2a54-4c8d-b61d-159da964451a" } ] - MISP
{ "name": "email", "meta-category": "network", "template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "description": "Email object describing an email with meta-information", "template_version": "19", "uuid": "5e396622-2a54-4c8d-b61d-159da964451a", "Attribute": [ { "uuid": "212c4c21-8951-5e72-b364-1ad344c3ae59", "object_relation": "from", "value": "donald.duck@disney.com", "type": "email-src", "category": "Payload delivery", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5e396622-2a54-4c8d-b61d-159da964451a" }, { "uuid": "7844c964-a695-5687-8ab3-7fe929ce91aa", "object_relation": "from-display-name", "value": "Donald Duck", "type": "email-src-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "6485b772-5173-5b83-ad7b-bf7c3c3e397a", "object_relation": "to", "value": "jdoe@random.org", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5e396622-2a54-4c8d-b61d-159da964451a" }, { "uuid": "22687ea7-3d7b-56e4-83aa-da0f91b5a51c", "object_relation": "to-display-name", "value": "John Doe", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "26dc2435-b297-5ab8-b78a-ec8cad3f5e5d", "object_relation": "cc", "value": "diana.prince@dc.us", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5e396622-2a54-4c8d-b61d-159da964451a" }, { "uuid": "23de13fd-1ac8-5d0d-8696-0227bf61376d", "object_relation": "cc-display-name", "value": "Diana Prince", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "3920cc9c-d4ee-52ec-8fb2-0db2147181c9", "object_relation": "cc", "value": "marie.curie@nobel.fr", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5e396622-2a54-4c8d-b61d-159da964451a" }, { "uuid": "f8996ce5-555f-5945-a4dc-c95e57228979", "object_relation": "cc-display-name", "value": "Marie Curie", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "b3e02857-2364-50a2-85ca-64126deac750", "object_relation": "bcc", "value": "jfk@gov.us", "type": "email-dst", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5e396622-2a54-4c8d-b61d-159da964451a" }, { "uuid": "d1b0c462-e221-528e-a963-30d3c5d10b7d", "object_relation": "bcc-display-name", "value": "John Fitzgerald Kennedy", "type": "email-dst-display-name", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "a09bb45d-1cd0-5787-bc48-3017aab4c2a8", "object_relation": "subject", "value": "Email test subject", "type": "email-subject", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "893b27f4-78a7-5e51-a730-6f94ea6af5b5", "object_relation": "message-id", "value": "25", "type": "email-message-id", "category": "Payload delivery", "disable_correlation": true, "to_ids": false }, { "uuid": "bb694d01-c09f-5870-afb3-a9d5f7ba180a", "object_relation": "mime-boundary", "value": "Test mime boundary", "type": "email-mime-boundary", "category": "Payload delivery", "disable_correlation": true, "to_ids": false }, { "uuid": "a5a5a314-c29e-543a-9180-62c0bef8d04e", "object_relation": "user-agent", "value": "Test user agent", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "66d04a88-0f13-537a-8c5f-0d065d291887", "object_relation": "reply-to", "value": "reply-to@email.test", "type": "email-reply-to", "category": "Payload delivery", "disable_correlation": false, "to_ids": false }, { "uuid": "ae4f6a9b-7994-51b8-a9bb-acae9357a8ba", "object_relation": "x-mailer", "value": "x-mailer-test", "type": "email-x-mailer", "category": "Payload delivery", "disable_correlation": true, "to_ids": false }, { "uuid": "4b7ba7d6-71c9-5e71-84c8-0d1a8ee9a443", "object_relation": "attachment", "value": "attachment1.file", "type": "email-attachment", "category": "Payload delivery", "disable_correlation": false, "to_ids": true }, { "uuid": "8dd20ff5-58dd-5ae3-9ece-409bdf85ade5", "object_relation": "attachment", "value": "attachment2.file", "type": "email-attachment", "category": "Payload delivery", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- employee
- STIX - Identity
{ "type": "identity", "id": "identity--685a38e1-3ca1-40ef-874d-3a04b9fb3af6", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "John Doe", "description": "John Doe is known", "identity_class": "individual", "contact_information": "email-address: jdoe@email.com", "labels": [ "misp:name=\"employee\"", "misp:meta-category=\"misc\"" ], "x_misp_employee_type": "Supervisor" } - MISP
{ "name": "employee", "meta-category": "misc", "template_uuid": "443b2f15-d7c9-4d3d-bfd2-38f099753e83", "description": "An employee and related data points", "template_version": "1", "uuid": "685a38e1-3ca1-40ef-874d-3a04b9fb3af6", "Attribute": [ { "uuid": "0f506bcb-328b-5ea7-940e-fc4bab7f45b5", "object_relation": "full-name", "value": "John Doe", "type": "full-name", "disable_correlation": true, "to_ids": false, "category": "Person" }, { "uuid": "a75f25af-7585-5df8-9bfa-0b6d28b92d0a", "object_relation": "text", "value": "John Doe is known", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "422d0c1e-70ee-54f7-b94c-0ec55b04842d", "object_relation": "employee-type", "value": "Supervisor", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "43580786-af0f-57d0-8410-eab84cf872e7", "object_relation": "email-address", "value": "jdoe@email.com", "type": "target-email", "disable_correlation": false, "to_ids": false, "category": "Targeting data" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- facebook-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--7d8ac653-b65c-42a6-8420-ddc71d65f50d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'facebook' AND user-account:user_id = '1392781243' AND user-account:account_login = 'octocat' AND user-account:x_misp_link = 'https://facebook.com/octocat' AND user-account:x_misp_user_avatar.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_user_avatar.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"facebook-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "facebook-account", "meta-category": "misc", "template_uuid": "b9862b95-7d78-4938-a2b5-13e45c60f25a", "description": "Facebook account.", "template_version": "1", "uuid": "7d8ac653-b65c-42a6-8420-ddc71d65f50d", "Attribute": [ { "uuid": "98b5a53f-03c7-50e5-b62f-f66550aba859", "object_relation": "account-id", "value": "1392781243", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "db0b9d42-38fa-5ef2-b138-46c7acd32ae9", "object_relation": "account-name", "value": "octocat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "b081b078-7554-575a-8f11-5d37c4f8e7f7", "object_relation": "link", "value": "https://facebook.com/octocat", "type": "link", "disable_correlation": false, "to_ids": true, "category": "External analysis" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "20ae5885-1b2f-51af-8651-9d01080324fd", "object_relation": "user-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--7d8ac653-b65c-42a6-8420-ddc71d65f50d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "1392781243", "account_login": "octocat", "account_type": "facebook", "x_misp_link": "https://facebook.com/octocat", "x_misp_user_avatar": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" } } }, "labels": [ "misp:name=\"facebook-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--7d8ac653-b65c-42a6-8420-ddc71d65f50d", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'facebook' AND user-account:user_id = '1392781243']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"facebook-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--7db8539b-3a18-4ba3-9fac-d38d3aa03bdd", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7d8ac653-b65c-42a6-8420-ddc71d65f50d", "target_ref": "observed-data--7d8ac653-b65c-42a6-8420-ddc71d65f50d" } ] - MISP
{ "name": "facebook-account", "meta-category": "misc", "template_uuid": "b9862b95-7d78-4938-a2b5-13e45c60f25a", "description": "Facebook account.", "template_version": "1", "uuid": "7d8ac653-b65c-42a6-8420-ddc71d65f50d", "Attribute": [ { "uuid": "1461fdaf-6628-5a96-bcca-b50938103e06", "object_relation": "account-id", "value": "1392781243", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--7d8ac653-b65c-42a6-8420-ddc71d65f50d" }, { "uuid": "e1fe13b6-be4b-5ea3-b235-98f522c0073e", "object_relation": "account-name", "value": "octocat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "d478d2bc-fa21-5d05-aa06-e77c6d06eb7d", "object_relation": "link", "value": "https://facebook.com/octocat", "type": "link", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "20a144fb-b5a8-5323-8e1c-868673dc4289", "object_relation": "user-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- file
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5e384ae7-672c-4250-9cda-3b4da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:hashes.'SHA-1' = '46aba99aa7158e4609aaa72b50990842fd22ae86' AND file:hashes.'SHA-256' = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b' AND file:name = 'oui' AND file:name_enc = 'UTF-8' AND file:size = '35' AND file:parent_directory_ref.path = '/var/www/MISP/app/files/scripts/tmp' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.x_misp_filename = 'oui' AND file:content_ref.hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.mime_type = 'application/zip') AND (file:content_ref.payload_bin = 'Tm9uLW1hbGljaW91cyBmaWxlCg==' AND file:content_ref.x_misp_filename = 'non')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] } - MISP
{ "name": "file", "meta-category": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "description": "File object describing a file with meta-information", "template_version": "25", "uuid": "5e384ae7-672c-4250-9cda-3b4da964451a", "Attribute": [ { "uuid": "b35e4661-524c-5f93-b50c-9b06d8771ecd", "object_relation": "md5", "value": "8764605c6f388c89096b534d33565802", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "3658f8d6-a658-5bf7-a5c3-7f96ac89fc65", "object_relation": "sha1", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "913515d1-4580-5b19-93aa-5b66c54c6e23", "object_relation": "sha256", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "ec60937d-4962-57a7-ba8e-5eed49a4da82", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "d386bb36-fa15-5b93-b290-0bc27ff1c796", "object_relation": "file-encoding", "value": "UTF-8", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "cc05c743-7a13-5385-87b5-e8462122882b", "object_relation": "size-in-bytes", "value": "35", "type": "size-in-bytes", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "b183e93e-9f17-5748-be0c-adb2a6b69280", "object_relation": "path", "value": "/var/www/MISP/app/files/scripts/tmp", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "uuid": "cc3d8019-98d8-59d1-b7da-4f2d44fd58b2", "object_relation": "malware-sample", "value": "oui|8764605c6f388c89096b534d33565802", "type": "malware-sample", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "malware_filename": "oui" }, { "data": "Tm9uLW1hbGljaW91cyBmaWxlCg==", "uuid": "066ce28b-245e-553b-b4e7-df9e6e4a6eae", "object_relation": "attachment", "value": "non", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5e384ae7-672c-4250-9cda-3b4da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "8764605c6f388c89096b534d33565802", "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86", "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" }, "size": 35, "name": "oui", "name_enc": "UTF-8", "created": "2021-10-25T16:22:00Z", "modified": "2022-10-25T16:22:00Z", "parent_directory_ref": "1", "content_ref": "2", "x_misp_attachment": { "value": "non", "data": "Tm9uLW1hbGljaW91cyBmaWxlCg==" } }, "1": { "type": "directory", "path": "/var/www/MISP/app/files/scripts/tmp" }, "2": { "type": "artifact", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbiwLwAAACMAAAAgABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAkAAzu1jV87tY1fdXgLAAEEIQAAAAQhAAAAUxIrDdj2V8dHuHoKPVDwAeOqqY3shFf5CKvJ/TZg7iNXlXSgxTaWwMnb6fESF/RQSwcIL1G4sC8AAAAjAAAAUEsDBAoACQAAAAaOU1FAAezaDwAAAAMAAAAtABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQJAAM7tY1fO7WNX3V4CwABBCEAAAAEIQAAAI7lFn9K1EsuznCkFF9PRFBLBwhAAezaDwAAAAMAAABQSwECHgMKAAkAAAAGjlNRL1G4sC8AAAAjAAAAIAAYAAAAAAABAAAApIEAAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAUAAzu1jV91eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAGjlNRQAHs2g8AAAADAAAALQAYAAAAAAABAAAApIGZAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQFAAM7tY1fdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAB8BAAAAAA==", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "x_misp_filename": "oui" } }, "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--5e384ae7-672c-4250-9cda-3b4da964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:hashes.'SHA-1' = '46aba99aa7158e4609aaa72b50990842fd22ae86' AND file:hashes.'SHA-256' = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b' AND file:name = 'oui' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbiwLwAAACMAAAAgABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAkAAzu1jV87tY1fdXgLAAEEIQAAAAQhAAAAUxIrDdj2V8dHuHoKPVDwAeOqqY3shFf5CKvJ/TZg7iNXlXSgxTaWwMnb6fESF/RQSwcIL1G4sC8AAAAjAAAAUEsDBAoACQAAAAaOU1FAAezaDwAAAAMAAAAtABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQJAAM7tY1fO7WNX3V4CwABBCEAAAAEIQAAAI7lFn9K1EsuznCkFF9PRFBLBwhAAezaDwAAAAMAAABQSwECHgMKAAkAAAAGjlNRL1G4sC8AAAAjAAAAIAAYAAAAAAABAAAApIEAAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAUAAzu1jV91eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAGjlNRQAHs2g8AAAADAAAALQAYAAAAAAABAAAApIGZAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQFAAM7tY1fdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.x_misp_filename = 'oui' AND file:content_ref.hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.mime_type = 'application/zip')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--f9626c9a-ad6f-4351-9553-0a3dbffc46d6", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5e384ae7-672c-4250-9cda-3b4da964451a", "target_ref": "observed-data--5e384ae7-672c-4250-9cda-3b4da964451a" } ] - MISP
{ "name": "file", "meta-category": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "description": "File object describing a file with meta-information", "template_version": "25", "uuid": "5e384ae7-672c-4250-9cda-3b4da964451a", "Attribute": [ { "uuid": "4d61a9f5-3e53-5970-8dbd-57876b383992", "object_relation": "md5", "value": "8764605c6f388c89096b534d33565802", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5e384ae7-672c-4250-9cda-3b4da964451a" }, { "uuid": "31877d35-5c1a-5925-bd53-fd44614b0d46", "object_relation": "sha1", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5e384ae7-672c-4250-9cda-3b4da964451a" }, { "uuid": "e948e5d4-a19c-514a-a7be-47de47368cce", "object_relation": "sha256", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5e384ae7-672c-4250-9cda-3b4da964451a" }, { "uuid": "061c77f6-64db-58dd-acff-3b0482940ff4", "object_relation": "creation-time", "value": "2021-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "dd099fd6-4b00-5055-8d6b-4ad227b369a1", "object_relation": "modification-time", "value": "2022-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "c4af11a1-451a-52c6-8e49-ed17d6523dd6", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--5e384ae7-672c-4250-9cda-3b4da964451a" }, { "uuid": "7089b717-9054-5f01-8e54-08ccc9fcbb24", "object_relation": "file-encoding", "value": "UTF-8", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "b6d9a949-2c6a-550c-92a6-3685c3f69c35", "object_relation": "size-in-bytes", "value": "35", "type": "size-in-bytes", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "Tm9uLW1hbGljaW91cyBmaWxlCg==", "uuid": "1a4fb5ab-7870-51b3-af59-55096bb23d85", "object_relation": "attachment", "value": "non", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "3723555c-f4c4-5e9c-9541-3b9e1699664d", "object_relation": "path", "value": "/var/www/MISP/app/files/scripts/tmp", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "uuid": "e668d25a-e269-5c1f-b3f4-2ca7cd08c106", "object_relation": "malware-sample", "value": "oui|8764605c6f388c89096b534d33565802", "type": "malware-sample", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "malware_filename": "oui" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- github-user
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5177abbd-c437-4acb-9173-eee371ad24da", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'github' AND user-account:user_id = '1' AND user-account:display_name = 'Octo Cat' AND user-account:account_login = 'octocat' AND user-account:x_misp_organisation = 'GitHub' AND user-account:x_misp_profile_image.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_profile_image.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"github-user\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "github-user", "meta-category": "misc", "template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4", "description": "GitHub user", "template_version": "3", "uuid": "5177abbd-c437-4acb-9173-eee371ad24da", "Attribute": [ { "uuid": "597c0499-57a5-5d47-b37d-493ce3357161", "object_relation": "id", "value": "1", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "c3c9f49e-04e5-5706-9f88-6515a4e2d7f2", "object_relation": "user-fullname", "value": "Octo Cat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "a8fc644e-afcd-5a1c-b7c5-cf3c7ceeb1fc", "object_relation": "username", "value": "octocat", "type": "github-username", "disable_correlation": false, "to_ids": true, "category": "Social network" }, { "uuid": "99a397e4-9c95-52c4-9a21-6523e757fe3a", "object_relation": "organisation", "value": "GitHub", "type": "github-organisation", "disable_correlation": false, "to_ids": true, "category": "Social network" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "277d6971-1f8c-5a31-ac71-f1d26ab931e3", "object_relation": "profile-image", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5177abbd-c437-4acb-9173-eee371ad24da", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "1", "account_login": "octocat", "account_type": "github", "display_name": "Octo Cat", "x_misp_organisation": "GitHub", "x_misp_profile_image": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" } } }, "labels": [ "misp:name=\"github-user\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--5177abbd-c437-4acb-9173-eee371ad24da", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'github' AND user-account:user_id = '1']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"github-user\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--d88cf4b1-e4ed-46c6-9a2d-af8bafda3e8a", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5177abbd-c437-4acb-9173-eee371ad24da", "target_ref": "observed-data--5177abbd-c437-4acb-9173-eee371ad24da" } ] - MISP
{ "name": "github-user", "meta-category": "misc", "template_uuid": "4329b5e6-8e6a-4b55-8fd1-9033782017d4", "description": "GitHub user", "template_version": "3", "uuid": "5177abbd-c437-4acb-9173-eee371ad24da", "Attribute": [ { "uuid": "efd38429-9888-54e9-995a-c4231bbed523", "object_relation": "id", "value": "1", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5177abbd-c437-4acb-9173-eee371ad24da" }, { "uuid": "42b6ed63-09b6-50f1-92ac-f0601ea33ee4", "object_relation": "username", "value": "octocat", "type": "github-username", "disable_correlation": false, "to_ids": false, "category": "Social network" }, { "uuid": "c9f537f5-9be1-59f6-b67a-e82b1168ab23", "object_relation": "user-fullname", "value": "Octo Cat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "acf6a2de-f916-5ffa-8e20-e2054cad44ad", "object_relation": "organisation", "value": "GitHub", "type": "github-organisation", "disable_correlation": false, "to_ids": false, "category": "Social network" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "a8f91267-8fab-5842-98c7-a1d7630cc09e", "object_relation": "profile-image", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- gitlab-user
- STIX - Indicator
{ "type": "indicator", "id": "indicator--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'gitlab' AND user-account:user_id = '1234567890' AND user-account:display_name = 'John Doe' AND user-account:account_login = 'j0hnd0e']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"gitlab-user\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "gitlab-user", "meta-category": "misc", "template_uuid": "39ef3197-08f5-445f-b3b6-9d4d8604071c", "description": "GitLab user. Gitlab.com user or self-hosted GitLab instance", "template_version": "1", "uuid": "20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "Attribute": [ { "uuid": "0cfd7d88-6f04-5600-af49-da7ff9a0961a", "object_relation": "id", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "5be3b88a-bf49-5cc8-95db-7ae931eba994", "object_relation": "name", "value": "John Doe", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "0d48bd6a-4cd9-5590-8ff0-c41f438e0afc", "object_relation": "username", "value": "j0hnd0e", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "1234567890", "account_login": "j0hnd0e", "account_type": "gitlab", "display_name": "John Doe" } }, "labels": [ "misp:name=\"gitlab-user\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'gitlab' AND user-account:user_id = '1234567890']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"gitlab-user\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--746d942a-8a4a-482c-8bb2-88137bb9ef72", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "target_ref": "observed-data--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b" } ] - MISP
{ "name": "gitlab-user", "meta-category": "misc", "template_uuid": "39ef3197-08f5-445f-b3b6-9d4d8604071c", "description": "GitLab user. Gitlab.com user or self-hosted GitLab instance", "template_version": "1", "uuid": "20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b", "Attribute": [ { "uuid": "7bc3afa2-fbb2-5c9e-a714-7cdab44a4074", "object_relation": "id", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--20a39ad0-e8e1-4917-9fb8-40fecc4d0e7b" }, { "uuid": "caa344ed-6f9a-5673-a715-f6b2fac52bf0", "object_relation": "name", "value": "John Doe", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "f5d93f9f-50c6-5fbc-891d-d3cf8140e4d9", "object_relation": "username", "value": "j0hnd0e", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- http-request
- STIX - Indicator
{ "type": "indicator", "id": "indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '8.8.8.8') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.13.33.14') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu') AND network-traffic:extensions.'http-request-ext'.request_method = 'POST' AND network-traffic:extensions.'http-request-ext'.request_value = '/projects/internships/' AND network-traffic:extensions.'http-request-ext'.request_value = 'http://circl.lu/projects/internships/' AND network-traffic:extensions.'http-request-ext'.request_header.'Content-Type' = 'JSON' AND network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla Firefox']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"http-request\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "http-request", "meta-category": "network", "template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b", "description": "A single HTTP request header", "template_version": "4", "uuid": "cfdb71ed-889f-4646-a388-43d936e1e3b9", "Attribute": [ { "uuid": "67584aa7-7f8c-5221-a583-b3d1494f83be", "object_relation": "ip-src", "value": "8.8.8.8')", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "abad100c-35cd-539c-98c5-31c7761ffcec", "object_relation": "ip-dst", "value": "149.13.33.14')", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "682ebd1e-beb4-566e-9cd1-814ef158afde", "object_relation": "host", "value": "circl.lu')", "type": "hostname", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "a50b9f45-e3a5-5b30-b523-02ea20adf63b", "object_relation": "method", "value": "POST", "type": "http-method", "category": "Network activity", "disable_correlation": true, "to_ids": true }, { "uuid": "ceb148f0-a780-5c72-ad93-6b8c2c1788f4", "object_relation": "content-type", "value": "JSON", "type": "other", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "49d54462-4bb0-508b-8182-23f320ab555c", "object_relation": "user-agent", "value": "Mozilla Firefox", "type": "text", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "77b0a826-2691-5622-9f74-ee812069e0e8", "object_relation": "uri", "value": "/projects/internships/", "type": "uri", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "0ad68eda-5f2f-5e33-8c6a-f743d80fe43a", "object_relation": "url", "value": "http://circl.lu/projects/internships/", "type": "url", "category": "Network activity", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--cfdb71ed-889f-4646-a388-43d936e1e3b9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "dst_ref": "2", "protocols": [ "tcp", "http" ], "extensions": { "http-request-ext": { "request_method": "POST", "request_value": "/projects/internships/", "request_header": { "Content-Type": "JSON", "User-Agent": "Mozilla Firefox" } } }, "x_misp_url": "http://circl.lu/projects/internships/" }, "1": { "type": "ipv4-addr", "value": "8.8.8.8" }, "2": { "type": "ipv4-addr", "value": "149.13.33.14" }, "3": { "type": "domain-name", "value": "circl.lu", "resolves_to_refs": [ "2" ] } }, "labels": [ "misp:name=\"http-request\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '8.8.8.8') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.13.33.14') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu') AND network-traffic:extensions.'http-request-ext'.request_value = '/projects/internships/' AND network-traffic:extensions.'http-request-ext'.request_value = 'http://circl.lu/projects/internships/']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"http-request\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--3071c6a2-fdb1-453c-b603-e4d6b9017ccc", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9", "target_ref": "observed-data--cfdb71ed-889f-4646-a388-43d936e1e3b9" } ] - MISP
{ "name": "http-request", "meta-category": "network", "template_uuid": "b4a8d163-8110-4239-bfcf-e08f3a9fdf7b", "description": "A single HTTP request header", "template_version": "4", "uuid": "cfdb71ed-889f-4646-a388-43d936e1e3b9", "Attribute": [ { "uuid": "461bafec-57df-5f11-8bf4-5faafc7a93d7", "object_relation": "url", "value": "http://circl.lu/projects/internships/", "type": "url", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9" }, { "uuid": "a2e52578-d2fe-50ec-9687-fa2c6d57dcd6", "object_relation": "ip-src", "value": "8.8.8.8", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9" }, { "uuid": "62dd8cd3-3374-5a18-b041-4e0d3e06d568", "object_relation": "ip-dst", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9" }, { "uuid": "57c294c0-6d10-5982-b2bd-b42c768556b3", "object_relation": "method", "value": "POST", "type": "http-method", "category": "Network activity", "disable_correlation": true, "to_ids": false }, { "uuid": "320bb5be-3126-55a4-b896-ceb8db51cbae", "object_relation": "uri", "value": "/projects/internships/", "type": "uri", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9" }, { "uuid": "7263a7a5-d088-58d4-9469-a561c9b3ef55", "object_relation": "content-type", "value": "JSON", "type": "other", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "264cf2d8-6e45-59e1-b3e3-55e420f72dd4", "object_relation": "user-agent", "value": "Mozilla Firefox", "type": "text", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "d13bc10d-70a9-50ba-bfc1-21e02a0a8c46", "object_relation": "host", "value": "circl.lu", "type": "hostname", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--cfdb71ed-889f-4646-a388-43d936e1e3b9" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- identity
- STIX - Identity
{ "type": "identity", "id": "identity--a54e32af-5569-4949-b1fe-ad75054cde45", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "John Doe", "description": "Unknown person", "identity_class": "individual", "contact_information": "email-address: jdoe@email.com / phone-number: 0123456789", "labels": [ "misp:name=\"identity\"", "misp:meta-category=\"misc\"" ], "x_misp_roles": "Placeholder name" } - MISP
{ "name": "identity", "meta-category": "misc", "template_uuid": "ae85b960-b507-4de2-a32c-9cfb8f25f990", "description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector). The Identity SDO can capture basic identifying information, contact information, and the sectors that the Identity belongs to. Identity is used in STIX to represent, among other things, targets of attacks, information sources, object creators, and threat actor identities. (ref. STIX 2.1 - 4.5)", "template_version": "1", "uuid": "a54e32af-5569-4949-b1fe-ad75054cde45", "Attribute": [ { "uuid": "eaa3fe67-77e8-58ec-90f0-8f40b31b4a05", "object_relation": "name", "value": "John Doe", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "03f24069-b2ff-5828-ba0f-c795bcbe7ef9", "object_relation": "description", "value": "Unknown person", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "a334b10a-1159-5e5c-83fc-e3b00a67171c", "object_relation": "contact_information", "value": "email-address: jdoe@email.com / phone-number: 0123456789", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "3000cd84-c0fd-5e59-8a27-a841494114f0", "object_relation": "identity_class", "value": "individual", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "8775cf24-eb87-56b2-8d1c-5043ed889887", "object_relation": "roles", "value": "Placeholder name", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- image
- STIX - Indicator
{ "type": "indicator", "id": "indicator--939b2f03-c487-4f62-a90e-cab7acfee294", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'STIX.png' AND file:content_ref.payload_bin = 'iVBORw0KGgoAAAANSUhEUgA[...]gEefQAAAABJRU5ErkJggg==' AND file:content_ref.mime_type = 'image/png' AND file:content_ref.x_misp_filename = 'STIX.png' AND file:content_ref.url = 'https://oasis-open.github.io/cti-documentation/img/STIX.png' AND file:x_misp_image_text = 'STIX']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"image\"", "misp:meta-category=\"file\"" ] } - MISP
{ "name": "image", "meta-category": "file", "template_uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82", "description": "Object describing an image file.", "template_version": "1", "uuid": "939b2f03-c487-4f62-a90e-cab7acfee294", "Attribute": [ { "uuid": "53e828f6-5bdd-59fe-bca3-a2c571329038", "object_relation": "filename", "value": "STIX.png", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "4dc1120a-3c5e-58ba-bab7-ea6ec292e3d6", "object_relation": "url", "value": "https://oasis-open.github.io/cti-documentation/img/STIX.png", "type": "url", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "e7d51bc2-dcdc-55e4-9c53-60570afa5285", "object_relation": "image-text", "value": "STIX", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]gEefQAAAABJRU5ErkJggg==", "uuid": "74072606-0509-568b-9f1d-b5ece084d18b", "object_relation": "attachment", "value": "STIX.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--939b2f03-c487-4f62-a90e-cab7acfee294", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "name": "STIX.png", "content_ref": "1", "x_misp_image_text": "STIX" }, "1": { "type": "artifact", "mime_type": "image/png", "payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAFoAAAAkCAYAAAAJgC2zAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAv8SURBVGiB7ZtrcJRVmsd/5+17dxI6IZGRZCEJsGasEAZBAsECNIoFFHgpyNSohUGlYJgECMLiyN0BRDKMMkFdhQK5RAvFVFAHFze6Sml5QWGDoYiELSWEAUkg6XQunb68z35IpiV0OibBjGDNv+r90H3Oc57n/N9znss53UpEBEB0Hb3ZgyD8C1cPhUKzWVGaBoARwPvVUZr+8lc8JysQXf9ZDfylQDMYsAwZjH3RfMwjhqO8pV+L+7cPYRz+G8xTJ6Pstp/bxl8EpKkZ79sH8B/9XyL37kG55+aKfvESkXu2o8zmn9u+XxTE68X90CNofWPQ/GXHMU3M/BfJvQBlNmOamIn/WBlGAjrKZOpUQERwuVycOHGCkydPcu7cOdxuN0opoqKiiI+P56abbiIlJQWHw4FSKmQMn8+Hz+f7ySZhtVrRNI1AIEBLS0tIu6ZpWCwWlFKISGsfXcco7YO9TykMRiMmk6lDu6F1/h6PByXSTl7a5I1GI0op/H4/ZrMZEcFoNAK0cuv1tgbDcBARSktLeemllzhw4ABnzpxBpOOsRNM0kpOTueeee5g7dy6DBw8OtrW0tDB16lROnTrVmbpuYc6cOSxZsoTHHnuMjz76KKTdaDSye/du0tPTqaurY/LkyTReuMB25w0kmVp3r44wv66GUg2efvpppk2bFkK21+tl4cKF/PfBgyyLjGaq1RFs291Yz18bXdx3333k5uby4YcfEhMTg8lkYtKkSe0Nqh0zQZpf2S1Xwuv1yqZNmyQyMlJofXldfmJiYqSwsFB0XRcRkYaGBomNje32OJ09s2bNEp/PJ7fcckvYPm+++aaIiOi6Lps2bRKllEyy2uV8/CC5mDBYLiYMlkM3/JvYlZJ+/frJ2bNn23Gg67rs3LlTABlltsrf45ODckd+NVD6aQZxOp1y7Ngxcblc8u6778rLL78sBw8eDI7R/MpuqR05Vjok2u/3y5o1a8RgMPSYCJPJJDt27LgmiBYRcbvdkp6eLhrI9ph+UtNGdk38IPljVIwAkpWVFVwcIiJVVVWSkJAgDqWk5IaEIMnn4wfJNJtDlFKyceNG0XVdAoGAeDweaWpqEo/HE0K0FrLngC+//JK1a9cSCAQ6au4SfD4fOTk5VFRU9HiMnxIREREUFBRgj4hgeV0N5/XWuSmlmBfhJNVo5o033uCdd94BIBAIsHjxYqqqqlgQGc1vTJbgWPua3LzT3Mj48ePJyclBKRWMCTabDYvFEqI/hGgRoaCgoNPAFRkZyeDBgxk4cCCmTgJpY2Mj27Zt6zobvYyRI0eSl5fH3/UAf3JdJNAWb+yaxsboOIwi5ObmUltbS3FxMa+//jrDTBZ+H+EM+u4LAT8b6i9hczhYv349NlvX6o4Qopuamvj444/DCtx5552Ul5dTWlpKWVkZR44cYcSIEWH77927F13XMRgMXTKoq+jJeEopli5dyrBhw3ijyc1/NTcG20aZrfwhwsnp06eZMWMGCxYswKQL652x2NvK6IAIq+suUhXws3jxYkaPHt1l3SFZh8fjobq6OqzAHXfcQf/+/YOfU1NTyc/PZ+bMmR3uAqfTidFo5NVXX6WysjKkvbi4mP3794fVt3r1agYOHBjy/dixY8PKdAaHw8Fzzz3H3XffzWrXRTIsNqINBpRSPB4VQ1FzA++//z4A8yL6kG62BmXfa25kX7ObESNG8Pjjj4dNBzvElcGwpqZGbDZb2AAzYMAAKSoqEq/X2y46NzQ0iNvtDnmam5tDMprLUVhYGFaX0WiUCxcuhJXtTjC8MpvIy8sTQB5xREn1ZVlIUWx/0UB+bTTLd/2Tgt9/c2OiDDAYxWKxyKFDhzqd0+UIGwwtFguxsbFhX0xlZSXTp0/n5ptvZt68eezfv59z585ht9uJiIgIeaxWa9ixfi4opVi1ahUpKSnsbKznUEtzsG2cxcYsRxTrnLFEaq3uSRfhz/W1VAb8zJ07t0e7KYRoh8NBRkZGp0K6rnPq1ClefPFF7r33XpKTk0lPT2fNmjV89tlnV5Wt/LPQp08f8vPzUUYjy+pqaGo7tVRKsdYZxzjLD0Hu45ZmXml0kZKSwsqVK9G0DpO1ThEioZRi0aJFnWYTV6KlpYXDhw+zevVqxo4dS2pqKq+99lrYKvJawZQpU3j44Ycp93vJr78UtNesVND/uvQAS+qqUWYzBQUFxMTE9EhXh69m5MiRLFu2rEcD6rpOeXk5DzzwANnZ2R2eQ1wrUEqxYcMG4uPjeaGhjlJfe1tFhC3uOk75fWRlZZGZmdljXR0SrWkaK1asYMeOHcTFxfV48F27drFgwYJremX37duX22+/HT9Q2FjfzlaPCPua3ADcf//93csyrkBYZ6NpGtnZ2XzzzTcUFBQwZsyY4IlUd7Bt2za++uqrHhvY2ygrK2Pfvn3EahpLomLakWnTNP4Y1eoqnnnmmavanT/q1aOjo8nJyeGTTz7h5MmT7Ny5k+zsbBISErpEfCAQYNeuXT02sDfh8XiYPXs2LR4PG5xxxGmhRdB99kgmWe188cUXbNmypce7s8vhUylFUlISM2fOZMeOHXz77bccPXqUp556ql0B0xGOHz/eI+N6G5s3b+bzzz/nbqude2wRwdV8xu/D20aoSSnWOeOIVoq1a9dy4sSJHukKWZIVFRVs3bq1wxTN6XSSl5dHREQERqOR1NRUUlNTyc7OZty4cXz33XcdKmlqauqRcb2J8vJyNm7cSLTSWNsnFq2NZK8Iv7/0PdNsEcyOdKKAAQYjK6L6sqiumoULF/LWW291uz4IIfrw4cPk5+eHFYiLi2POnDntfFl8fDwJCQlhiY6KiuqWUb0Nr9dLbm4uly5d4i/OOBKNP6SyL7vr+NTr4bjPy51WO8kmM0opfuuIpKi5gZKSEvbs2cOjjz7areAYQvRtt92G1WrF4/F0KLB06VJcLheZmZk4nU6qq6spLCzk008/DaskNTW1ywb1NkSEbdu28cEHH3CHxcbvHFHtXMZG9yWUUtSLzhN11RTG9sekFBalsb5PLFOqz7JixQoyMzNJSkrqst4QHx0fH8/EiRPDCtTX1/PEE09w6623MmTIEDIyMnj++efDVoMGg4Hp06d32aDexunTp1m1ahUOEf7kjMXcRnJAhLzaCzSKsG7dOiZMmMAHLc3sbnQFZX9tMvMfUdF8f/48eXl53boDDSHaYDCwcuXKLp+z/hjuuusuRo0a9ZOMdbXw+1uPN2tqalgUGcNNxh9u/l9rrOd/WpqZMGECS5YsYfPmzdgdDv5cX8tZfyuhSilmOfow0mTh7bffZu/evV3W3WHWMXz4cJ599tkObwq6g6SkJF544YWf/Cy6pygsLKS4uJgMs5XZEX2CLuO038dq10Xsdjtbt27FaDQydOhQVq1axfd6gGV1NfjbshCrprHeGYdNhOXLl1NVVdUl3WErw9mzZ7Nr1y5uvPHGHk1q/PjxlJSUdMuP9SbOnDnDk08+iVnXWeeMxXbZYf5TrhpqRWfZsmUMGjQIaF29OTk5ZGRkcMDTSHFbhQgw3GxhXtslwfLly/H7/T+qP2zFoWkaWVlZpKens337doqKiigvL+90UKfTyejRo3nwwQeZMWNGl3ZEYmIiaWlpHfr4fv36derCNE1j9OjRHVZsJpOJxMTE4OeSkhKio6N55FfxpEY6gdbVfMTXwv85rcwcMYK8vLz2laHNRkFBAfPnz6fI3cBk5w3YlUIBf9CTKKu7wLFjx6isrCQ5ObnTearaMRPEOudRrA8/1GnH5uZmKioqKC8v5+zZs7hcLnRdx263ExcXR2JiIikpKfTv379baY+IoIf5YeU/Lj17Kn+5y/pHPyXC5dbpbbZqmhbWbl3XEZEeyXp27sGz5T8xYtAQ749HT5vNRlpaGmlpaT/atztQSl2VD++qfLh+XdEc7mV3RVa8PjCb0YxDU/G9V4Jcw8eZ1yukpQXfeyUYhw1Feb8uE3fWQxjThmKeMgl1DV49XY8Qjwfv397Ff+xrIl/fgxIR8R4tpenZAlpOViDXwTXU9QBlMGD59yHY83IxDx/WSjS0/bXC0wLX8CH9dQWl0KyW4F8r/h8rVFb3pgEefQAAAABJRU5ErkJggg==", "x_misp_filename": "STIX.png", "x_misp_url": "https://oasis-open.github.io/cti-documentation/img/STIX.png" } }, "labels": [ "misp:name=\"image\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--939b2f03-c487-4f62-a90e-cab7acfee294", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'STIX.png' AND file:content_ref.payload_bin = 'iVBORw0KGgoAAAANSUhEUgAAAFoAAAAkCAYAAAAJgC2zAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAv8SURBVGiB7ZtrcJRVmsd/5+17dxI6IZGRZCEJsGasEAZBAsECNIoFFHgpyNSohUGlYJgECMLiyN0BRDKMMkFdhQK5RAvFVFAHFze6Sml5QWGDoYiELSWEAUkg6XQunb68z35IpiV0OibBjGDNv+r90H3Oc57n/N9znss53UpEBEB0Hb3ZgyD8C1cPhUKzWVGaBoARwPvVUZr+8lc8JysQXf9ZDfylQDMYsAwZjH3RfMwjhqO8pV+L+7cPYRz+G8xTJ6Pstp/bxl8EpKkZ79sH8B/9XyL37kG55+aKfvESkXu2o8zmn9u+XxTE68X90CNofWPQ/GXHMU3M/BfJvQBlNmOamIn/WBlGAjrKZOpUQERwuVycOHGCkydPcu7cOdxuN0opoqKiiI+P56abbiIlJQWHw4FSKmQMn8+Hz+f7ySZhtVrRNI1AIEBLS0tIu6ZpWCwWlFKISGsfXcco7YO9TykMRiMmk6lDu6F1/h6PByXSTl7a5I1GI0op/H4/ZrMZEcFoNAK0cuv1tgbDcBARSktLeemllzhw4ABnzpxBpOOsRNM0kpOTueeee5g7dy6DBw8OtrW0tDB16lROnTrVmbpuYc6cOSxZsoTHHnuMjz76KKTdaDSye/du0tPTqaurY/LkyTReuMB25w0kmVp3r44wv66GUg2efvpppk2bFkK21+tl4cKF/PfBgyyLjGaq1RFs291Yz18bXdx3333k5uby4YcfEhMTg8lkYtKkSe0Nqh0zQZpf2S1Xwuv1yqZNmyQyMlJofXldfmJiYqSwsFB0XRcRkYaGBomNje32OJ09s2bNEp/PJ7fcckvYPm+++aaIiOi6Lps2bRKllEyy2uV8/CC5mDBYLiYMlkM3/JvYlZJ+/frJ2bNn23Gg67rs3LlTABlltsrf45ODckd+NVD6aQZxOp1y7Ngxcblc8u6778rLL78sBw8eDI7R/MpuqR05Vjok2u/3y5o1a8RgMPSYCJPJJDt27LgmiBYRcbvdkp6eLhrI9ph+UtNGdk38IPljVIwAkpWVFVwcIiJVVVWSkJAgDqWk5IaEIMnn4wfJNJtDlFKyceNG0XVdAoGAeDweaWpqEo/HE0K0FrLngC+//JK1a9cSCAQ6au4SfD4fOTk5VFRU9HiMnxIREREUFBRgj4hgeV0N5/XWuSmlmBfhJNVo5o033uCdd94BIBAIsHjxYqqqqlgQGc1vTJbgWPua3LzT3Mj48ePJyclBKRWMCTabDYvFEqI/hGgRoaCgoNPAFRkZyeDBgxk4cCCmTgJpY2Mj27Zt6zobvYyRI0eSl5fH3/UAf3JdJNAWb+yaxsboOIwi5ObmUltbS3FxMa+//jrDTBZ+H+EM+u4LAT8b6i9hczhYv349NlvX6o4Qopuamvj444/DCtx5552Ul5dTWlpKWVkZR44cYcSIEWH77927F13XMRgMXTKoq+jJeEopli5dyrBhw3ijyc1/NTcG20aZrfwhwsnp06eZMWMGCxYswKQL652x2NvK6IAIq+suUhXws3jxYkaPHt1l3SFZh8fjobq6OqzAHXfcQf/+/YOfU1NTyc/PZ+bMmR3uAqfTidFo5NVXX6WysjKkvbi4mP3794fVt3r1agYOHBjy/dixY8PKdAaHw8Fzzz3H3XffzWrXRTIsNqINBpRSPB4VQ1FzA++//z4A8yL6kG62BmXfa25kX7ObESNG8Pjjj4dNBzvElcGwpqZGbDZb2AAzYMAAKSoqEq/X2y46NzQ0iNvtDnmam5tDMprLUVhYGFaX0WiUCxcuhJXtTjC8MpvIy8sTQB5xREn1ZVlIUWx/0UB+bTTLd/2Tgt9/c2OiDDAYxWKxyKFDhzqd0+UIGwwtFguxsbFhX0xlZSXTp0/n5ptvZt68eezfv59z585ht9uJiIgIeaxWa9ixfi4opVi1ahUpKSnsbKznUEtzsG2cxcYsRxTrnLFEaq3uSRfhz/W1VAb8zJ07t0e7KYRoh8NBRkZGp0K6rnPq1ClefPFF7r33XpKTk0lPT2fNmjV89tlnV5Wt/LPQp08f8vPzUUYjy+pqaGo7tVRKsdYZxzjLD0Hu45ZmXml0kZKSwsqVK9G0DpO1ThEioZRi0aJFnWYTV6KlpYXDhw+zevVqxo4dS2pqKq+99lrYKvJawZQpU3j44Ycp93vJr78UtNesVND/uvQAS+qqUWYzBQUFxMTE9EhXh69m5MiRLFu2rEcD6rpOeXk5DzzwANnZ2R2eQ1wrUEqxYcMG4uPjeaGhjlJfe1tFhC3uOk75fWRlZZGZmdljXR0SrWkaK1asYMeOHcTFxfV48F27drFgwYJremX37duX22+/HT9Q2FjfzlaPCPua3ADcf//93csyrkBYZ6NpGtnZ2XzzzTcUFBQwZsyY4IlUd7Bt2za++uqrHhvY2ygrK2Pfvn3EahpLomLakWnTNP4Y1eoqnnnmmavanT/q1aOjo8nJyeGTTz7h5MmT7Ny5k+zsbBISErpEfCAQYNeuXT02sDfh8XiYPXs2LR4PG5xxxGmhRdB99kgmWe188cUXbNmypce7s8vhUylFUlISM2fOZMeOHXz77bccPXqUp556ql0B0xGOHz/eI+N6G5s3b+bzzz/nbqude2wRwdV8xu/D20aoSSnWOeOIVoq1a9dy4sSJHukKWZIVFRVs3bq1wxTN6XSSl5dHREQERqOR1NRUUlNTyc7OZty4cXz33XcdKmlqauqRcb2J8vJyNm7cSLTSWNsnFq2NZK8Iv7/0PdNsEcyOdKKAAQYjK6L6sqiumoULF/LWW291uz4IIfrw4cPk5+eHFYiLi2POnDntfFl8fDwJCQlhiY6KiuqWUb0Nr9dLbm4uly5d4i/OOBKNP6SyL7vr+NTr4bjPy51WO8kmM0opfuuIpKi5gZKSEvbs2cOjjz7areAYQvRtt92G1WrF4/F0KLB06VJcLheZmZk4nU6qq6spLCzk008/DaskNTW1ywb1NkSEbdu28cEHH3CHxcbvHFHtXMZG9yWUUtSLzhN11RTG9sekFBalsb5PLFOqz7JixQoyMzNJSkrqst4QHx0fH8/EiRPDCtTX1/PEE09w6623MmTIEDIyMnj++efDVoMGg4Hp06d32aDexunTp1m1ahUOEf7kjMXcRnJAhLzaCzSKsG7dOiZMmMAHLc3sbnQFZX9tMvMfUdF8f/48eXl53boDDSHaYDCwcuXKLp+z/hjuuusuRo0a9ZOMdbXw+1uPN2tqalgUGcNNxh9u/l9rrOd/WpqZMGECS5YsYfPmzdgdDv5cX8tZfyuhSilmOfow0mTh7bffZu/evV3W3WHWMXz4cJ599tkObwq6g6SkJF544YWf/Cy6pygsLKS4uJgMs5XZEX2CLuO038dq10Xsdjtbt27FaDQydOhQVq1axfd6gGV1NfjbshCrprHeGYdNhOXLl1NVVdUl3WErw9mzZ7Nr1y5uvPHGHk1q/PjxlJSUdMuP9SbOnDnDk08+iVnXWeeMxXbZYf5TrhpqRWfZsmUMGjQIaF29OTk5ZGRkcMDTSHFbhQgw3GxhXtslwfLly/H7/T+qP2zFoWkaWVlZpKens337doqKiigvL+90UKfTyejRo3nwwQeZMWNGl3ZEYmIiaWlpHfr4fv36derCNE1j9OjRHVZsJpOJxMTE4OeSkhKio6N55FfxpEY6gdbVfMTXwv85rcwcMYK8vLz2laHNRkFBAfPnz6fI3cBk5w3YlUIBf9CTKKu7wLFjx6isrCQ5ObnTearaMRPEOudRrA8/1GnH5uZmKioqKC8v5+zZs7hcLnRdx263ExcXR2JiIikpKfTv379baY+IoIf5YeU/Lj17Kn+5y/pHPyXC5dbpbbZqmhbWbl3XEZEeyXp27sGz5T8xYtAQ749HT5vNRlpaGmlpaT/atztQSl2VD++qfLh+XdEc7mV3RVa8PjCb0YxDU/G9V4Jcw8eZ1yukpQXfeyUYhw1Feb8uE3fWQxjThmKeMgl1DV49XY8Qjwfv397Ff+xrIl/fgxIR8R4tpenZAlpOViDXwTXU9QBlMGD59yHY83IxDx/WSjS0/bXC0wLX8CH9dQWl0KyW4F8r/h8rVFb3pgEefQAAAABJRU5ErkJggg==' AND file:content_ref.mime_type = 'image/png' AND file:content_ref.x_misp_filename = 'STIX.png' AND file:content_ref.url = 'https://oasis-open.github.io/cti-documentation/img/STIX.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"image\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--d90dbb2f-9511-43c1-86e4-80d4cf7c5b57", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--939b2f03-c487-4f62-a90e-cab7acfee294", "target_ref": "observed-data--939b2f03-c487-4f62-a90e-cab7acfee294" } ] - MISP
{ "name": "image", "meta-category": "file", "template_uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82", "description": "Object describing an image file.", "template_version": "1", "uuid": "939b2f03-c487-4f62-a90e-cab7acfee294", "Attribute": [ { "uuid": "2a46c89d-bbf8-5627-aa2e-466733701e17", "object_relation": "filename", "value": "STIX.png", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--939b2f03-c487-4f62-a90e-cab7acfee294" }, { "uuid": "fc33fd27-a5ca-5d06-8ba6-cd9f1f91631d", "object_relation": "image-text", "value": "STIX", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]gEefQAAAABJRU5ErkJggg==", "uuid": "d6a4b040-dbcc-5166-a451-187759b95da9", "object_relation": "attachment", "value": "STIX.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis", "comment": "Indicator ID: indicator--939b2f03-c487-4f62-a90e-cab7acfee294" }, { "uuid": "958e2620-a436-505b-acb3-76cdf6cb1745", "object_relation": "url", "value": "https://oasis-open.github.io/cti-documentation/img/STIX.png", "type": "url", "disable_correlation": false, "to_ids": true, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- ip-port
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5ac47edc-31e4-4402-a7b6-040d0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.13.33.14') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu') AND network-traffic:dst_port = '443' AND network-traffic:start = '2020-10-25T16:22:00Z']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "ip-port", "meta-category": "network", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "template_version": "10", "uuid": "5ac47edc-31e4-4402-a7b6-040d0a00020f", "Attribute": [ { "uuid": "01c6d806-f7d1-5823-8362-82f5ca495d51", "object_relation": "ip-dst", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "a0205f6c-f3e3-5057-87ea-ef7126fe830c", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "8ebf6fe5-67dd-539c-8e61-09a1f9114da3", "object_relation": "dst-port", "value": "443", "type": "port", "category": "Network activity", "disable_correlation": true, "to_ids": true }, { "uuid": "fd060659-5bc9-5900-a33f-373a11aeb707", "object_relation": "first-seen", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5ac47edc-31e4-4402-a7b6-040d0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "start": "2020-10-25T16:22:00Z", "dst_ref": "1", "dst_port": 443, "protocols": [ "ipv4" ], "x_misp_domain": "circl.lu" }, "1": { "type": "ipv4-addr", "value": "149.13.33.14" } }, "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5ac47edc-31e4-4402-a7b6-040d0a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.13.33.14') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"ip-port\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--37dd31ee-24a7-4a7c-9704-aecef00e7082", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5ac47edc-31e4-4402-a7b6-040d0a00020f", "target_ref": "observed-data--5ac47edc-31e4-4402-a7b6-040d0a00020f" } ] - MISP
{ "name": "ip-port", "meta-category": "network", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "template_version": "10", "uuid": "5ac47edc-31e4-4402-a7b6-040d0a00020f", "Attribute": [ { "uuid": "e2a52a59-cfe8-50d2-af4d-6bde193f1237", "object_relation": "ip-dst", "value": "149.13.33.14", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "8094ef2a-e5bd-5cab-b5fa-0b1473e57025", "object_relation": "dst-port", "value": "443", "type": "port", "category": "Network activity", "disable_correlation": true, "to_ids": false }, { "uuid": "99f8b118-1813-5bf9-a019-fbf3e0b272ad", "object_relation": "first-seen", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "0f8d8de8-9520-577e-a814-d32276d72986", "object_relation": "domain", "value": "circl.lu", "type": "domain", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5ac47edc-31e4-4402-a7b6-040d0a00020f" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- legal-entity
- STIX - Identity
{ "type": "identity", "id": "identity--0d55ba1f-c3ff-4b91-8a09-8713576e178b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "Umbrella Corporation", "description": "The Umbrella Corporation is an international pharmaceutical company.", "identity_class": "organization", "sectors": [ "Pharmaceutical" ], "contact_information": "phone-number: 1234567890 / website: https://umbrella.org", "labels": [ "misp:name=\"legal-entity\"", "misp:meta-category=\"misc\"" ], "x_misp_logo": { "value": "umbrella_logo", "data": "iVBORw0KGgoAAAANSUhEUgA[...]DAbmag+AAAAAElFTkSuQmCC" }, "x_misp_registration_number": "11223344556677889900" } - MISP
{ "name": "legal-entity", "meta-category": "misc", "template_uuid": "14f5688f-d89c-469f-9878-c48bf6c41c65", "description": "An object to describe a legal entity.", "template_version": "2", "uuid": "0d55ba1f-c3ff-4b91-8a09-8713576e178b", "Attribute": [ { "uuid": "a2d8819a-cea1-59c8-b0db-0ebe3a532a36", "object_relation": "name", "value": "Umbrella Corporation", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "ab12682f-43ba-5d88-a58c-fb83c989e09a", "object_relation": "text", "value": "The Umbrella Corporation is an international pharmaceutical company.", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "9dbfd009-3a94-5db7-b8fe-325025db83ec", "object_relation": "business", "value": "Pharmaceutical", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "2db7e411-e40e-5ada-86b1-0477446cebb8", "object_relation": "registration-number", "value": "11223344556677889900", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "0697eb7d-e314-5047-970b-d36ed2061aaa", "object_relation": "phone-number", "value": "1234567890", "type": "phone-number", "disable_correlation": false, "to_ids": false, "category": "Person" }, { "uuid": "e8869a1f-7a8d-572b-9539-e9fa1c5639cf", "object_relation": "website", "value": "https://umbrella.org", "type": "link", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]DAbmag+AAAAAElFTkSuQmCC", "uuid": "df270bb6-d3e2-5f65-ad02-2003d642a03b", "object_relation": "logo", "value": "umbrella_logo", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- lnk
- STIX - Indicator
{ "type": "indicator", "id": "indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'oui' AND file:parent_directory_ref.path = '/var/www/MISP/app/files/scripts/tmp' AND file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:hashes.'SHA-1' = '46aba99aa7158e4609aaa72b50990842fd22ae86' AND file:hashes.'SHA-256' = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.x_misp_filename = 'oui' AND file:content_ref.hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.mime_type = 'application/zip') AND file:size = '35' AND file:created = '2017-10-01T08:00:00Z' AND file:modified = '2020-10-25T16:22:00Z' AND file:accessed = '2021-01-01T00:00:00Z']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"lnk\"", "misp:meta-category=\"file\"" ] } - MISP
{ "name": "lnk", "meta-category": "file", "template_uuid": "ad13533e-1853-4da0-a111-33a7ce7e6c09", "description": "LNK object describing a Windows LNK binary file (aka Windows shortcut)", "template_version": "2", "uuid": "153ef8d5-9182-45ec-bf1c-5819932b9ab7", "Attribute": [ { "uuid": "acd16f25-8e6f-5997-ada1-03d4519f61fc", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true }, { "uuid": "d8bbe57e-61a2-59bb-bb66-e43bdba0afb5", "object_relation": "path", "value": "/var/www/MISP/app/files/scripts/tmp", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "5fae2a7f-21c9-5edd-9524-0f4154ca3008", "object_relation": "md5", "value": "8764605c6f388c89096b534d33565802", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "063dfd50-bf74-592e-8c6a-db33d1e2e275", "object_relation": "sha1", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "baba05b4-db02-5768-84d3-59fa67811dd3", "object_relation": "sha256", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "5e52c808-5968-5f55-83a7-e2463a8ed3eb", "object_relation": "size-in-bytes", "value": "35", "type": "size-in-bytes", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "1a67972c-279b-5ab4-b47d-3af31b99123e", "object_relation": "lnk-creation-time", "value": "2017-10-01T08:00:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": true }, { "uuid": "853523d9-5471-5af6-99dc-0c41948aacc7", "object_relation": "lnk-modification-time", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": true }, { "uuid": "d506ddf9-a270-5520-90b2-891c71b0834b", "object_relation": "lnk-access-time", "value": "2021-01-01T00:00:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": true }, { "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "uuid": "e515028c-3c56-5753-83ae-4205e67900a7", "object_relation": "malware-sample", "value": "oui|8764605c6f388c89096b534d33565802", "type": "malware-sample", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "malware_filename": "oui" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--153ef8d5-9182-45ec-bf1c-5819932b9ab7", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "file", "hashes": { "MD5": "8764605c6f388c89096b534d33565802", "SHA-1": "46aba99aa7158e4609aaa72b50990842fd22ae86", "SHA-256": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b" }, "size": 35, "name": "oui", "created": "2017-10-01T08:00:00Z", "modified": "2020-10-25T16:22:00Z", "accessed": "2021-01-01T00:00:00Z", "parent_directory_ref": "1", "content_ref": "2" }, "1": { "type": "directory", "path": "/var/www/MISP/app/files/scripts/tmp" }, "2": { "type": "artifact", "mime_type": "application/zip", "payload_bin": "UEsDBAoACQAAAAaOU1EvUbiwLwAAACMAAAAgABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAkAAzu1jV87tY1fdXgLAAEEIQAAAAQhAAAAUxIrDdj2V8dHuHoKPVDwAeOqqY3shFf5CKvJ/TZg7iNXlXSgxTaWwMnb6fESF/RQSwcIL1G4sC8AAAAjAAAAUEsDBAoACQAAAAaOU1FAAezaDwAAAAMAAAAtABwAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQJAAM7tY1fO7WNX3V4CwABBCEAAAAEIQAAAI7lFn9K1EsuznCkFF9PRFBLBwhAAezaDwAAAAMAAABQSwECHgMKAAkAAAAGjlNRL1G4sC8AAAAjAAAAIAAYAAAAAAABAAAApIEAAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDJVVAUAAzu1jV91eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAGjlNRQAHs2g8AAAADAAAALQAYAAAAAAABAAAApIGZAAAAODc2NDYwNWM2ZjM4OGM4OTA5NmI1MzRkMzM1NjU4MDIuZmlsZW5hbWUudHh0VVQFAAM7tY1fdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAB8BAAAAAA==", "hashes": { "MD5": "8764605c6f388c89096b534d33565802" }, "x_misp_filename": "oui" } }, "labels": [ "misp:name=\"lnk\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[file:name = 'oui' AND file:hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:hashes.'SHA-1' = '46aba99aa7158e4609aaa72b50990842fd22ae86' AND file:hashes.'SHA-256' = 'ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==' AND file:content_ref.x_misp_filename = 'oui' AND file:content_ref.hashes.MD5 = '8764605c6f388c89096b534d33565802' AND file:content_ref.mime_type = 'application/zip')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"lnk\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--464aa205-829e-4b75-9758-c6ebaea487c6", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7", "target_ref": "observed-data--153ef8d5-9182-45ec-bf1c-5819932b9ab7" } ] - MISP
{ "name": "lnk", "meta-category": "file", "template_uuid": "ad13533e-1853-4da0-a111-33a7ce7e6c09", "description": "LNK object describing a Windows LNK binary file (aka Windows shortcut)", "template_version": "2", "uuid": "153ef8d5-9182-45ec-bf1c-5819932b9ab7", "Attribute": [ { "uuid": "a402e926-251d-5fdf-b1b9-f52de978f71f", "object_relation": "md5", "value": "8764605c6f388c89096b534d33565802", "type": "md5", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7" }, { "uuid": "b84655a3-4c6c-5117-aa3f-8f4923717605", "object_relation": "sha1", "value": "46aba99aa7158e4609aaa72b50990842fd22ae86", "type": "sha1", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7" }, { "uuid": "9037f2f1-b76c-5868-be7c-5404352158a2", "object_relation": "sha256", "value": "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b", "type": "sha256", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7" }, { "uuid": "a50f1eb2-c080-5f6c-93b7-a3ac470d8d04", "object_relation": "filename", "value": "oui", "type": "filename", "category": "Payload delivery", "disable_correlation": true, "to_ids": true, "comment": "Indicator ID: indicator--153ef8d5-9182-45ec-bf1c-5819932b9ab7" }, { "uuid": "e71ca7b5-d8d7-59b5-981f-0e9fd90a8868", "object_relation": "lnk-access-time", "value": "2021-01-01T00:00:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": false }, { "uuid": "b51e1a32-d75c-5cb3-9791-fdc78d77c61d", "object_relation": "lnk-creation-time", "value": "2017-10-01T08:00:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": false }, { "uuid": "272870bb-7235-59f3-a7bb-f42f285aede8", "object_relation": "lnk-modification-time", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": true, "to_ids": false }, { "uuid": "3cc7eeda-83e3-5a2a-b0ba-a2465756f126", "object_relation": "size-in-bytes", "value": "35", "type": "size-in-bytes", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "088aa25f-e38c-55d8-953e-f1bdf56d2d3e", "object_relation": "path", "value": "/var/www/MISP/app/files/scripts/tmp", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "UEsDBAoACQAAAAaOU1EvUbi[...]AACAAIA2QAAAB8BAAAAAA==", "uuid": "529a0000-d017-530b-adf0-0cbced67e315", "object_relation": "malware-sample", "value": "oui|8764605c6f388c89096b534d33565802", "type": "malware-sample", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "malware_filename": "oui" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- mutex
- STIX - Indicator
{ "type": "indicator", "id": "indicator--b0f55591-6a63-4fbd-a169-064e64738d95", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[mutex:name = 'MutexTest' AND mutex:x_misp_description = 'Test mutex on unix' AND mutex:x_misp_operating_system = 'Unix']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"mutex\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "mutex", "meta-category": "misc", "template_uuid": "9f5c1a68-2021-4faa-b409-61c899c86466", "description": "Object to describe mutual exclusion locks (mutex) as seen in memory or computer program", "template_version": "1", "uuid": "b0f55591-6a63-4fbd-a169-064e64738d95", "Attribute": [ { "uuid": "be26e004-c24b-5442-b5cc-60ab727a793c", "object_relation": "name", "value": "MutexTest", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "e9782429-79aa-54b0-b916-cb6aa4b461b7", "object_relation": "description", "value": "Test mutex on unix", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "727f5d18-9b97-5ac6-9923-d965b0b63652", "object_relation": "operating-system", "value": "Unix", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--b0f55591-6a63-4fbd-a169-064e64738d95", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "mutex", "name": "MutexTest", "x_misp_description": "Test mutex on unix", "x_misp_operating_system": "Unix" } }, "labels": [ "misp:name=\"mutex\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--b0f55591-6a63-4fbd-a169-064e64738d95", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[mutex:name = 'MutexTest']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"mutex\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--20389086-0cc2-45d4-b7a9-f4d367e49dc5", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--b0f55591-6a63-4fbd-a169-064e64738d95", "target_ref": "observed-data--b0f55591-6a63-4fbd-a169-064e64738d95" } ] - MISP
{ "name": "mutex", "meta-category": "misc", "template_uuid": "9f5c1a68-2021-4faa-b409-61c899c86466", "description": "Object to describe mutual exclusion locks (mutex) as seen in memory or computer program", "template_version": "1", "uuid": "b0f55591-6a63-4fbd-a169-064e64738d95", "Attribute": [ { "uuid": "7655fb29-3eba-54d7-9ac7-da4839a0dea8", "object_relation": "name", "value": "MutexTest", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--b0f55591-6a63-4fbd-a169-064e64738d95" }, { "uuid": "42bd750f-662b-5847-bf7d-db7a8e6f31c7", "object_relation": "description", "value": "Test mutex on unix", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "3b366798-6249-5027-b08a-182b8df27969", "object_relation": "operating-system", "value": "Unix", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- netflow
- STIX - Indicator
{ "type": "indicator", "id": "indicator--419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4' AND network-traffic:src_ref.belongs_to_refs[0].number = '1234') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8' AND network-traffic:dst_ref.belongs_to_refs[0].number = '5678') AND network-traffic:protocols[0] = 'ip' AND network-traffic:src_port = '80' AND network-traffic:dst_port = '8080' AND network-traffic:start = '2020-10-25T16:22:00Z' AND network-traffic:extensions.'tcp-ext'.src_flags_hex = '00000002']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"netflow\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "netflow", "meta-category": "network", "template_uuid": "bf148c58-3e7e-414e-8de8-5d96379ca77e", "description": "Netflow object describes an network object based on the Netflowv5/v9 minimal definition", "template_version": "2", "uuid": "419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "Attribute": [ { "uuid": "672091c0-f03e-5fb3-a597-560ef83b2586", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "62e173c3-3018-5ed5-bb4e-61297bbb4d76", "object_relation": "src-as", "value": "1234", "type": "AS", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "f3b80e48-d91d-59bd-beed-f924bf9c39b7", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "342ecfc5-2805-5b1d-a543-589bff2850b5", "object_relation": "dst-as", "value": "5678", "type": "AS", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "c2a3a4f3-1866-5cd3-94f9-66239716d1e3", "object_relation": "protocol", "value": "IP", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "807a874d-25e5-5ecd-909a-55016211cedf", "object_relation": "src-port", "value": "80", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "437e3b02-9606-5bb8-b863-cf42eb15d7ba", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "f840a285-6e8b-555a-af64-bdd63ead0576", "object_relation": "first-packet-seen", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "0c44150a-7095-5bde-ab10-0fbd35ad064f", "object_relation": "tcp-flags", "value": "00000002", "type": "text", "category": "Network activity", "disable_correlation": true, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "start": "2020-10-25T16:22:00Z", "src_ref": "1", "dst_ref": "3", "src_port": 80, "dst_port": 8080, "protocols": [ "ip", "tcp" ], "extensions": { "tcp-ext": { "src_flags_hex": "00000002" } } }, "1": { "type": "ipv4-addr", "value": "1.2.3.4", "belongs_to_refs": [ "2" ] }, "2": { "type": "autonomous-system", "number": 1234 }, "3": { "type": "ipv4-addr", "value": "5.6.7.8", "belongs_to_refs": [ "4" ] }, "4": { "type": "autonomous-system", "number": 5678 } }, "labels": [ "misp:name=\"netflow\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"netflow\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--b0d20387-14e3-40ae-a170-58db0dd99bc6", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "target_ref": "observed-data--419eb5a9-d232-4aa1-864e-2f4d7270a8f9" } ] - MISP
{ "name": "netflow", "meta-category": "network", "template_uuid": "bf148c58-3e7e-414e-8de8-5d96379ca77e", "description": "Netflow object describes an network object based on the Netflowv5/v9 minimal definition", "template_version": "2", "uuid": "419eb5a9-d232-4aa1-864e-2f4d7270a8f9", "Attribute": [ { "uuid": "436c8d77-3184-5b5f-868c-56a4e7be014b", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--419eb5a9-d232-4aa1-864e-2f4d7270a8f9" }, { "uuid": "1f50c403-3692-5931-8718-4637cf1cb51d", "object_relation": "src-as", "value": "AS1234", "type": "AS", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "64616439-4dc3-5f23-a3ea-cda54c9b8cb6", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--419eb5a9-d232-4aa1-864e-2f4d7270a8f9" }, { "uuid": "cdf4d7fe-e639-5651-947a-698a838515e4", "object_relation": "dst-as", "value": "AS5678", "type": "AS", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "15cd696b-1370-5f93-87d7-7c9434a1b138", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "7d952b54-1cca-5329-a889-77f07fcc8484", "object_relation": "src-port", "value": "80", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "c6d90467-82e9-50e5-a209-a3fe884ce9dd", "object_relation": "first-packet-seen", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "edb19c5b-7b18-53c1-b0f9-d2479d24f843", "object_relation": "tcp-flags", "value": "00000002", "type": "text", "category": "Network activity", "disable_correlation": true, "to_ids": false }, { "uuid": "8df2ce3d-57ec-54e1-aaf8-42512782b133", "object_relation": "protocol", "value": "IP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- network-connection
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu') AND network-traffic:dst_port = '8080' AND network-traffic:src_port = '8080' AND network-traffic:protocols[0] = 'ip' AND network-traffic:protocols[1] = 'tcp' AND network-traffic:protocols[2] = 'http']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"network-connection\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "network-connection", "meta-category": "network", "template_uuid": "af16764b-f8e5-4603-9de1-de34d272f80b", "description": "A local or remote network connection.", "template_version": "7", "uuid": "5afacc53-c0b0-4825-a6ee-03c80a00020f", "Attribute": [ { "uuid": "1037a4a6-fc8e-4937-8afb-157c4e4d180f", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "3f4d3417-528e-41fd-b45f-14482ffa41e9", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "dbfbd4c4-6cdf-4c61-a579-bcac0a5a5372", "object_relation": "hostname-dst", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "409fcaa7-ae60-5fe8-b19a-69aecee39024", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "571d7bad-0bc0-5f92-b21d-145c371e5875", "object_relation": "src-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "9447adfe-3619-4ca0-8932-1cdce628935c", "object_relation": "layer3-protocol", "value": "IP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "012d97a6-367a-4b31-9c61-15aa2aec4764", "object_relation": "layer4-protocol", "value": "TCP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "554d0613-7a4f-49cb-a4f8-2942b100b999", "object_relation": "layer7-protocol", "value": "HTTP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5afacc53-c0b0-4825-a6ee-03c80a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "dst_ref": "2", "src_port": 8080, "dst_port": 8080, "protocols": [ "ip", "tcp", "http" ], "x_misp_hostname_dst": "circl.lu" }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" }, "2": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:name=\"network-connection\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"network-connection\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--7a706d93-4c0b-4084-bbee-552515ffac59", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f", "target_ref": "observed-data--5afacc53-c0b0-4825-a6ee-03c80a00020f" } ] - MISP
{ "name": "network-connection", "meta-category": "network", "template_uuid": "af16764b-f8e5-4603-9de1-de34d272f80b", "description": "A local or remote network connection.", "template_version": "7", "uuid": "5afacc53-c0b0-4825-a6ee-03c80a00020f", "Attribute": [ { "uuid": "d30b9cd3-9a8b-5020-8352-33de1ba81c4f", "object_relation": "src-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "0967b620-4ae0-5592-9e82-4acbb15da747", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "5fede62e-2b56-501b-823e-9d49cf258019", "object_relation": "hostname-dst", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f" }, { "uuid": "c7d0df69-b6f2-531c-9a73-7da09f116783", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f" }, { "uuid": "14b51f05-62a2-5e35-911d-4351c0967d36", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5afacc53-c0b0-4825-a6ee-03c80a00020f" }, { "uuid": "2d05d7cb-e53a-55c3-96df-beb18a0b89b8", "object_relation": "layer3-protocol", "value": "IP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "87c1c088-69c7-5a1b-b11a-692e5cb98e0f", "object_relation": "layer4-protocol", "value": "TCP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "a3f11d6c-afd5-5f45-8769-e7b23f3061a5", "object_relation": "layer7-protocol", "value": "HTTP", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- network-socket
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5afb3223-0988-4ef1-a920-02070a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu') AND network-traffic:dst_port = '8080' AND network-traffic:src_port = '8080' AND network-traffic:protocols[0] = 'tcp' AND network-traffic:extensions.'socket-ext'.address_family = 'AF_INET' AND network-traffic:extensions.'socket-ext'.protocol_family = 'PF_INET' AND network-traffic:extensions.'socket-ext'.socket_type = 'SOCK_RAW' AND network-traffic:extensions.'socket-ext'.is_listening = true]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"network-socket\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "network-socket", "meta-category": "network", "template_uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2", "description": "Network socket object describes a local or remote network connections based on the socket data structure.", "template_version": "4", "uuid": "5afb3223-0988-4ef1-a920-02070a00020f", "Attribute": [ { "uuid": "1d1c3986-c183-43bc-8826-f57088229b03", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "d79497b7-205c-4a03-abf1-b265a0b9e0a5", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "e753ad60-7e92-4bc5-90e8-54acc7dad2e7", "object_relation": "hostname-dst", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "924b5a77-fef5-5212-b72e-ca4f1bc499b4", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "860b4d8f-a159-537d-aa78-fd4ce69c8648", "object_relation": "src-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": true }, { "uuid": "823b0604-a800-5d20-910d-01377aca2994", "object_relation": "protocol", "value": "TCP", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "a594c074-f54f-583d-aa9f-cb621336bd23", "object_relation": "address-family", "value": "AF_INET", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "7ca3eeed-899d-5bde-8392-4b2e3851c608", "object_relation": "domain-family", "value": "PF_INET", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "861d4ede-721b-54bb-ab65-a47fb552b744", "object_relation": "socket-type", "value": "SOCK_RAW", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "c17d2582-7c65-58a8-874c-c4ad6e906257", "object_relation": "state", "value": "listening", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5afb3223-0988-4ef1-a920-02070a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "network-traffic", "src_ref": "1", "dst_ref": "2", "src_port": 8080, "dst_port": 8080, "protocols": [ "tcp" ], "extensions": { "socket-ext": { "address_family": "AF_INET", "is_listening": true, "protocol_family": "PF_INET", "socket_type": "SOCK_RAW" } }, "x_misp_hostname_dst": "circl.lu" }, "1": { "type": "ipv4-addr", "value": "1.2.3.4" }, "2": { "type": "ipv4-addr", "value": "5.6.7.8" } }, "labels": [ "misp:name=\"network-socket\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5afb3223-0988-4ef1-a920-02070a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[(network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.2.3.4') AND (network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.6.7.8') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'circl.lu')]", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"network-socket\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--bc5e3b34-b274-4ef7-b082-ee286c87ce84", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5afb3223-0988-4ef1-a920-02070a00020f", "target_ref": "observed-data--5afb3223-0988-4ef1-a920-02070a00020f" } ] - MISP
{ "name": "network-socket", "meta-category": "network", "template_uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2", "description": "Network socket object describes a local or remote network connections based on the socket data structure.", "template_version": "4", "uuid": "5afb3223-0988-4ef1-a920-02070a00020f", "Attribute": [ { "uuid": "f1e18240-2274-5717-a7f2-5f01e76fdff1", "object_relation": "src-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "26605071-f1b7-55c1-849f-8980bb7ec304", "object_relation": "dst-port", "value": "8080", "type": "port", "category": "Network activity", "disable_correlation": false, "to_ids": false }, { "uuid": "2a939220-e444-5cf5-8bc8-b84dc2c4376e", "object_relation": "hostname-dst", "value": "circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5afb3223-0988-4ef1-a920-02070a00020f" }, { "uuid": "d3c4732b-8538-527d-981d-d898c3d57b87", "object_relation": "ip-src", "value": "1.2.3.4", "type": "ip-src", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5afb3223-0988-4ef1-a920-02070a00020f" }, { "uuid": "6639d3d1-5342-5ccb-b18d-3beac729a954", "object_relation": "ip-dst", "value": "5.6.7.8", "type": "ip-dst", "category": "Network activity", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5afb3223-0988-4ef1-a920-02070a00020f" }, { "uuid": "3b1ada76-385d-5c06-a7f4-796e35fecd20", "object_relation": "protocol", "value": "TCP", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "1fa51a8f-bc28-51bf-b59d-979697d8f76b", "object_relation": "address-family", "value": "AF_INET", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "ba4ddbef-d17f-5872-b63f-4c5f4e989311", "object_relation": "domain-family", "value": "PF_INET", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "1891ef6d-22e5-5879-9749-2e62c8d0c788", "object_relation": "socket-type", "value": "SOCK_RAW", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "262cb017-fc8c-59a4-b9fc-0a3a3f1e1472", "object_relation": "state", "value": "listening", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- news-agency
- STIX - Identity
{ "type": "identity", "id": "identity--d17e31ce-5a7a-4713-bdff-49d89548c259", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "Agence France-Presse", "identity_class": "organization", "contact_information": "address: 13 place de la Bourse, 75002 Paris; Southern Railway Building, 1500 K Street, NW, Suite 600 / e-mail: contact@afp.fr; contact@afp.us / phone-number: (33)0140414646; (1)2024140600", "labels": [ "misp:name=\"news-agency\"", "misp:meta-category=\"misc\"" ], "x_misp_attachment": { "value": "AFP_logo.png", "data": "iVBORw0KGgoAAAANSUhEUgA[...]OkjUAAAAABJRU5ErkJggg==" }, "x_misp_link": "https://www.afp.com/" } - MISP
{ "name": "news-agency", "meta-category": "misc", "template_uuid": "92b3f7fd-c4bc-42af-a73b-033ace439622", "description": "News agencies compile news and disseminate news in bulk.", "template_version": "2", "uuid": "d17e31ce-5a7a-4713-bdff-49d89548c259", "Attribute": [ { "uuid": "877aeaee-a0c0-54ad-8fdc-f4ec659af913", "object_relation": "name", "value": "Agence France-Presse", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "771c5a1c-043c-52dc-8101-1a284408aa66", "object_relation": "address", "value": "13 place de la Bourse, 75002 Paris; Southern Railway Building, 1500 K Street, NW, Suite 600", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "73feac85-c3d6-5c05-948f-70ba81d646c8", "object_relation": "e-mail", "value": "contact@afp.fr; contact@afp.us", "type": "email-src", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "2718f5a7-d8fc-5e4f-9ad2-48fd78e65ca4", "object_relation": "phone-number", "value": "(33)0140414646; (1)2024140600", "type": "phone-number", "disable_correlation": false, "to_ids": false, "category": "Person" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]OkjUAAAAABJRU5ErkJggg==", "uuid": "33f4e49c-5c88-5cbc-8e99-d8f2c77ad16a", "object_relation": "attachment", "value": "AFP_logo.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- organization
- STIX - Identity
{ "type": "identity", "id": "identity--fe85995c-189d-4c20-9d0e-dfc03e72000b", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "Computer Incident Response Center of Luxembourg", "description": "The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents.", "identity_class": "organization", "contact_information": "address: 16, bd d'Avranches, L-1160 Luxembourg / e-mail: info@circl.lu / phone-number: (+352) 247 88444", "labels": [ "misp:name=\"organization\"", "misp:meta-category=\"misc\"" ], "x_misp_alias": "CIRCL", "x_misp_role": "national CERT" } - MISP
{ "name": "organization", "meta-category": "misc", "template_uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a", "description": "An object which describes an organization.", "template_version": "9", "uuid": "fe85995c-189d-4c20-9d0e-dfc03e72000b", "Attribute": [ { "uuid": "15e74a74-f9b1-5cc9-a24f-9a8dde5c7703", "object_relation": "name", "value": "Computer Incident Response Center of Luxembourg", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "5ac6a21d-528f-5043-aa1e-54fdc9cedd6a", "object_relation": "description", "value": "The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents.", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "0b673754-be52-5391-ba34-9eeb4dd3bffb", "object_relation": "role", "value": "national CERT", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "53455556-07ea-5057-9526-9ed8299ff1e5", "object_relation": "alias", "value": "CIRCL", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "0d3f7bc4-9e03-5ef5-a22b-203c3b1da987", "object_relation": "address", "value": "16, bd d'Avranches, L-1160 Luxembourg", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "18992415-7d7e-5e24-a30f-77e13bf9b74f", "object_relation": "e-mail", "value": "info@circl.lu", "type": "email-src", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "9ad94399-9690-54fb-bce8-5211457a6ad3", "object_relation": "phone-number", "value": "(+352) 247 88444", "type": "phone-number", "disable_correlation": false, "to_ids": false, "category": "Person" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- parler-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'parler' AND user-account:user_id = '42' AND user-account:account_login = 'ParlerOctocat' AND user-account:x_misp_human = 'False' AND user-account:x_misp_profile_photo.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_profile_photo.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"parler-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "parler-account", "meta-category": "misc", "template_uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9", "description": "Parler account.", "template_version": "2", "uuid": "7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "Attribute": [ { "uuid": "fe759da1-f1cd-5ff6-9c91-d7a11ecd2039", "object_relation": "account-id", "value": "42", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "1d55a742-ca6e-5212-a755-cd9d864592ab", "object_relation": "account-name", "value": "ParlerOctocat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "4de31cee-bb94-583c-b5aa-b447f0051987", "object_relation": "human", "value": "False", "type": "boolean", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "67b6f79b-e0c4-5207-85cd-c31799df4593", "object_relation": "profile-photo", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "42", "account_login": "ParlerOctocat", "account_type": "parler", "x_misp_human": false, "x_misp_profile_photo": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" } } }, "labels": [ "misp:name=\"parler-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'parler' AND user-account:user_id = '42']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"parler-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--2bb5818f-2e44-43a2-b0de-1d69516b48cb", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "target_ref": "observed-data--7b0698a0-209a-4da0-a5c5-cfc4734f3af2" } ] - MISP
{ "name": "parler-account", "meta-category": "misc", "template_uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9", "description": "Parler account.", "template_version": "2", "uuid": "7b0698a0-209a-4da0-a5c5-cfc4734f3af2", "Attribute": [ { "uuid": "d3e6dcb1-ef03-59cc-8944-b64367958342", "object_relation": "account-id", "value": "42", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--7b0698a0-209a-4da0-a5c5-cfc4734f3af2" }, { "uuid": "963b3808-3db1-5435-8778-c05b810581e1", "object_relation": "account-name", "value": "ParlerOctocat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "1e9f4cbb-707f-59e8-91c3-142a6384f6f6", "object_relation": "human", "value": false, "type": "boolean", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "190f8bee-fc2c-593d-b5f9-6cc8564cc5a4", "object_relation": "profile-photo", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- person
- STIX - Identity
{ "type": "identity", "id": "identity--868037d5-d804-4f1d-8016-f296361f9c68", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "John Smith", "identity_class": "individual", "contact_information": "phone-number: 0123456789", "labels": [ "misp:name=\"person\"", "misp:meta-category=\"misc\"" ], "x_misp_nationality": "USA", "x_misp_passport_number": "ABA9875413", "x_misp_role": "Guru" } - MISP
{ "name": "person", "meta-category": "misc", "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", "description": "An object which describes a person or an identity.", "template_version": "21", "uuid": "868037d5-d804-4f1d-8016-f296361f9c68", "Attribute": [ { "uuid": "195846df-429c-58a7-8cc6-3fcbbfea1830", "object_relation": "full-name", "value": "John Smith", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "225788e5-7344-5f07-8418-438ea2821138", "object_relation": "role", "value": "Guru", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "509f364c-fb73-5de2-8048-25b0f594a2a2", "object_relation": "nationality", "value": "USA", "type": "nationality", "disable_correlation": true, "to_ids": false, "category": "Person" }, { "uuid": "57418b1b-6e31-585f-9a15-5d09d5508d67", "object_relation": "passport-number", "value": "ABA9875413", "type": "passport-number", "disable_correlation": false, "to_ids": false, "category": "Person" }, { "uuid": "a8220475-f947-5a31-9acd-d7494c4a401a", "object_relation": "phone-number", "value": "0123456789", "type": "phone-number", "disable_correlation": false, "to_ids": false, "category": "Person" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Identity
- process
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5e39776a-b284-40b3-8079-22fea964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[process:name = 'TestProcess' AND process:pid = '2510' AND process:binary_ref.name = 'test_process.exe' AND process:parent_ref.command_line = 'grep -nrG iglocska /home/viktor/friends.txt' AND process:parent_ref.binary_ref.name = 'parent_process.exe' AND process:parent_ref.pid = '2107' AND process:parent_ref.name = 'Friends_From_H' AND process:child_refs[0].pid = '1401' AND process:is_hidden = 'True' AND process:x_misp_port = '1234']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"process\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "process", "meta-category": "misc", "template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "description": "Object describing a system process.", "template_version": "10", "uuid": "5e39776a-b284-40b3-8079-22fea964451a", "Attribute": [ { "uuid": "fb726ad3-a8f8-59e7-a106-836231f648ae", "object_relation": "name", "value": "TestProcess", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "764805d9-84a6-522e-a27e-28ff0c4946f1", "object_relation": "pid", "value": "2510", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "84f6ce85-3cc4-592b-93df-9d9b0fc2616f", "object_relation": "image", "value": "test_process.exe", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "0d92f4b4-d3b1-5734-8484-771f8d09138b", "object_relation": "parent-command-line", "value": "grep -nrG iglocska /home/viktor/friends.txt", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "0c44df0f-fd4c-503f-a4fd-0976c8ac27ec", "object_relation": "parent-image", "value": "parent_process.exe", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery" }, { "uuid": "909b2421-b741-5258-96d5-24a28ac5dadf", "object_relation": "parent-pid", "value": "2107", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "bd6b3b82-593e-51b1-94b6-b112d999ba5b", "object_relation": "parent-process-name", "value": "Friends_From_H", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "33ccf6db-454b-5ae6-bac0-cf41c26b9413", "object_relation": "child-pid", "value": "1401", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "b2d0a46d-9990-5126-9cf7-122f247675f2", "object_relation": "hidden", "value": "True", "type": "boolean", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "3a246f02-19c1-5964-bc6e-8090723757e2", "object_relation": "port", "value": "1234", "type": "port", "disable_correlation": true, "to_ids": true, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5e39776a-b284-40b3-8079-22fea964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "process", "is_hidden": true, "pid": 2510, "name": "TestProcess", "binary_ref": "4", "parent_ref": "1", "child_refs": [ "3" ], "x_misp_port": "1234" }, "1": { "type": "process", "pid": 2107, "name": "Friends_From_H", "command_line": "grep -nrG iglocska /home/viktor/friends.txt", "binary_ref": "2" }, "2": { "type": "file", "name": "parent_process.exe" }, "3": { "type": "process", "pid": 1401 }, "4": { "type": "file", "name": "test_process.exe" } }, "labels": [ "misp:name=\"process\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--5e39776a-b284-40b3-8079-22fea964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[process:pid = '2510' AND process:binary_ref.name = 'test_process.exe' AND process:parent_ref.binary_ref.name = 'parent_process.exe']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"process\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--74004798-7758-4553-90fe-60cbb722dc62", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5e39776a-b284-40b3-8079-22fea964451a", "target_ref": "observed-data--5e39776a-b284-40b3-8079-22fea964451a" } ] - MISP
{ "name": "process", "meta-category": "misc", "template_uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "description": "Object describing a system process.", "template_version": "10", "uuid": "5e39776a-b284-40b3-8079-22fea964451a", "Attribute": [ { "uuid": "14a78b04-1e9d-5aa8-875c-3ca6621a083d", "object_relation": "hidden", "value": true, "type": "boolean", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "25c4433d-e161-5b43-8e45-994e20698b30", "object_relation": "name", "value": "TestProcess", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "1b84bb78-f73d-57ed-9438-558a7d06ec55", "object_relation": "pid", "value": "2510", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5e39776a-b284-40b3-8079-22fea964451a" }, { "uuid": "2ebdde3b-2224-5836-b848-930eab48ab72", "object_relation": "port", "value": "1234", "type": "port", "disable_correlation": true, "to_ids": false, "category": "Network activity" }, { "uuid": "8642267a-6d8f-59da-acf8-08af434d53c7", "object_relation": "image", "value": "test_process.exe", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5e39776a-b284-40b3-8079-22fea964451a" }, { "uuid": "3d4dd4e0-672b-51c0-9358-8d281f12b9e4", "object_relation": "child-pid", "value": "1401", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "2bd208a4-fc87-5f26-b721-ffbb87e7d227", "object_relation": "parent-command-line", "value": "grep -nrG iglocska /home/viktor/friends.txt", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "0a0dad9c-a9b0-50b3-aaf0-7595cbe0ed8d", "object_relation": "parent-process-name", "value": "Friends_From_H", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "a85a6946-0c58-52af-bbda-76047f64a025", "object_relation": "parent-pid", "value": "2107", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "9ae15cee-1abf-58ff-b4c2-724d7d8eb9b7", "object_relation": "parent-image", "value": "parent_process.exe", "type": "filename", "disable_correlation": false, "to_ids": true, "category": "Payload delivery", "comment": "Indicator ID: indicator--5e39776a-b284-40b3-8079-22fea964451a" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- reddit-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--43d3eff0-fabc-4663-9493-fad3a1eed0d5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'reddit' AND user-account:user_id = '666' AND user-account:account_login = 'RedditOctocat' AND user-account:x_misp_description = 'Reddit account of the OctoCat' AND user-account:x_misp_account_avatar.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_account_avatar.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"reddit-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "reddit-account", "meta-category": "misc", "template_uuid": "6802f885-2003-494a-b234-61aadce62731", "description": "Reddit account.", "template_version": "2", "uuid": "43d3eff0-fabc-4663-9493-fad3a1eed0d5", "Attribute": [ { "uuid": "668789cc-cb72-546a-9c5d-5f5151a0fe1f", "object_relation": "account-id", "value": "666", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "0d13fa0d-08fa-5dc9-bd02-9ac360f16a07", "object_relation": "account-name", "value": "RedditOctocat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "97308060-b7fa-5920-b4cd-35a99623db7e", "object_relation": "description", "value": "Reddit account of the OctoCat", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "f2cc2a2d-cd2c-5bea-8109-e7edc25f7fa8", "object_relation": "account-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--43d3eff0-fabc-4663-9493-fad3a1eed0d5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "666", "account_login": "RedditOctocat", "account_type": "reddit", "x_misp_account_avatar": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" }, "x_misp_description": "Reddit account of the OctoCat" } }, "labels": [ "misp:name=\"reddit-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--43d3eff0-fabc-4663-9493-fad3a1eed0d5", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'reddit' AND user-account:user_id = '666']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"reddit-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--601caace-838b-470d-b5b7-9e0bf59782e8", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--43d3eff0-fabc-4663-9493-fad3a1eed0d5", "target_ref": "observed-data--43d3eff0-fabc-4663-9493-fad3a1eed0d5" } ] - MISP
{ "name": "reddit-account", "meta-category": "misc", "template_uuid": "6802f885-2003-494a-b234-61aadce62731", "description": "Reddit account.", "template_version": "2", "uuid": "43d3eff0-fabc-4663-9493-fad3a1eed0d5", "Attribute": [ { "uuid": "c31adc40-137c-5cdd-a0c2-d950cc184648", "object_relation": "account-id", "value": "666", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--43d3eff0-fabc-4663-9493-fad3a1eed0d5" }, { "uuid": "433600aa-ddd8-5731-94bc-20b055c83ae7", "object_relation": "account-name", "value": "RedditOctocat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "60881006-d536-5938-877e-618e39d31705", "object_relation": "account-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "e0610aa5-da35-5d58-9255-1b7913d1c3c7", "object_relation": "description", "value": "Reddit account of the OctoCat", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- registry-key
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5ac3379c-3e74-44ba-9160-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[windows-registry-key:key = 'hkey_local_machine\\\\system\\\\bar\\\\foo' AND windows-registry-key:values[0].data = '\\\\%DATA\\\\%\\\\qwertyuiop' AND windows-registry-key:values[0].data_type = 'REG_SZ' AND windows-registry-key:values[0].name = 'RegistryName' AND windows-registry-key:x_misp_hive = 'hklm' AND windows-registry-key:modified = '2020-10-25T16:22:00Z']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"" ] } - MISP
{ "name": "registry-key", "meta-category": "file", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "5", "uuid": "5ac3379c-3e74-44ba-9160-04120a00020f", "Attribute": [ { "uuid": "14e53210-3f72-5b1c-b831-5a6793fa4feb", "object_relation": "key", "value": "hkey_local_machine\\\\system\\\\bar\\\\foo", "type": "regkey", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": true }, { "uuid": "bfb7a5b5-51e9-5756-a413-912f5c319385", "object_relation": "data", "value": "\\\\%DATA\\\\%\\\\qwertyuiop", "type": "text", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": true }, { "uuid": "0a5a8893-f80a-5a33-a333-df79e215cf7b", "object_relation": "data-type", "value": "REG_SZ", "type": "text", "category": "Persistence mechanism", "disable_correlation": true, "to_ids": true }, { "uuid": "3e1d80ef-9c78-51e3-8c70-37bddd5f4d6c", "object_relation": "name", "value": "RegistryName", "type": "text", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": true }, { "uuid": "d8f5f46d-2018-534d-8369-277509b14272", "object_relation": "hive", "value": "hklm", "type": "text", "category": "Persistence mechanism", "disable_correlation": true, "to_ids": true }, { "uuid": "1866ec4c-def4-523b-924f-090bbd5091f9", "object_relation": "last-modified", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": false, "to_ids": true } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5ac3379c-3e74-44ba-9160-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "windows-registry-key", "key": "hkey_local_machine\\system\\bar\\foo", "values": [ { "name": "RegistryName", "data": "%DATA%\\qwertyuiop", "data_type": "REG_SZ" } ], "modified": "2020-10-25T16:22:00Z", "x_misp_hive": "hklm" } }, "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"" ] }, { "type": "indicator", "id": "indicator--5ac3379c-3e74-44ba-9160-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[windows-registry-key:key = 'hkey_local_machine\\\\system\\\\bar\\\\foo']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"registry-key\"", "misp:meta-category=\"file\"" ] }, { "type": "relationship", "id": "relationship--0ec23b58-fbd1-4dbb-be28-6a48d4677410", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5ac3379c-3e74-44ba-9160-04120a00020f", "target_ref": "observed-data--5ac3379c-3e74-44ba-9160-04120a00020f" } ] - MISP
{ "name": "registry-key", "meta-category": "file", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "5", "uuid": "5ac3379c-3e74-44ba-9160-04120a00020f", "Attribute": [ { "uuid": "8f7a03ce-8999-5ebd-985f-8938c6ae6d64", "object_relation": "key", "value": "hkey_local_machine\\system\\bar\\foo", "type": "regkey", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": true, "comment": "Indicator ID: indicator--5ac3379c-3e74-44ba-9160-04120a00020f" }, { "uuid": "f96dced0-7c80-58bd-9c34-e593170105b8", "object_relation": "last-modified", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "category": "Other", "disable_correlation": false, "to_ids": false }, { "uuid": "516de4d9-ed24-5b7b-90a7-7c279bffd216", "object_relation": "hive", "value": "hklm", "type": "text", "category": "Persistence mechanism", "disable_correlation": true, "to_ids": false }, { "uuid": "67e29c33-37f2-5638-bdf2-5d671bbb2aa3", "object_relation": "data", "value": "%DATA%\\qwertyuiop", "type": "text", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": false }, { "uuid": "b5ff10ca-6411-5211-9b76-46cf7cceb7b9", "object_relation": "data-type", "value": "REG_SZ", "type": "text", "category": "Persistence mechanism", "disable_correlation": true, "to_ids": false }, { "uuid": "155edd0b-fe6f-5886-b648-c84a121afc6f", "object_relation": "name", "value": "RegistryName", "type": "text", "category": "Persistence mechanism", "disable_correlation": false, "to_ids": false } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- telegram-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--7ecc4537-89cd-4f17-8027-6e0f70710c53", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'telegram' AND user-account:user_id = '1234567890' AND user-account:account_login = 'T3l3gr4mUs3r' AND user-account:x_misp_phone = '0112233445' AND user-account:x_misp_phone = '0556677889']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"telegram-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "telegram-account", "meta-category": "misc", "template_uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c", "description": "Information related to a telegram account", "template_version": "2", "uuid": "7ecc4537-89cd-4f17-8027-6e0f70710c53", "Attribute": [ { "uuid": "32cd8708-10b8-5ba7-8884-e3f5b765dc92", "object_relation": "id", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "99852d63-4a35-547e-9fbb-aaa238d7a780", "object_relation": "username", "value": "T3l3gr4mUs3r", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "d6d8765f-fda8-5b95-8c67-6049c3f60d79", "object_relation": "phone", "value": "0112233445", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "cef52c1b-88ba-58a4-91e8-b295e6157c50", "object_relation": "phone", "value": "0556677889", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--7ecc4537-89cd-4f17-8027-6e0f70710c53", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "1234567890", "account_login": "T3l3gr4mUs3r", "account_type": "telegram", "x_misp_phone": [ "0112233445", "0556677889" ] } }, "labels": [ "misp:name=\"telegram-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--7ecc4537-89cd-4f17-8027-6e0f70710c53", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'telegram' AND user-account:user_id = '1234567890']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"telegram-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--f8117c4c-1a27-48e2-9df4-bbce247b3783", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--7ecc4537-89cd-4f17-8027-6e0f70710c53", "target_ref": "observed-data--7ecc4537-89cd-4f17-8027-6e0f70710c53" } ] - MISP
{ "name": "telegram-account", "meta-category": "misc", "template_uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c", "description": "Information related to a telegram account", "template_version": "2", "uuid": "7ecc4537-89cd-4f17-8027-6e0f70710c53", "Attribute": [ { "uuid": "a6ec3443-ffff-5a83-b73c-9ef3efe89dc7", "object_relation": "id", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--7ecc4537-89cd-4f17-8027-6e0f70710c53" }, { "uuid": "b4436251-5495-5dca-b95b-97ea1eb0150a", "object_relation": "username", "value": "T3l3gr4mUs3r", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "2bb8cbf7-ff06-5f73-8e49-fcc214d88b3b", "object_relation": "phone", "value": "0112233445", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "32b0746e-0ebc-5759-ad8c-a4eae7dd9656", "object_relation": "phone", "value": "0556677889", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- twitter-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'twitter' AND user-account:display_name = 'Octo Cat' AND user-account:user_id = '1357111317' AND user-account:account_login = 'octocat' AND user-account:x_misp_followers = '666' AND user-account:x_misp_profile_image.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_profile_image.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"twitter-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "twitter-account", "meta-category": "misc", "template_uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb", "description": "Twitter account.", "template_version": "7", "uuid": "6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "Attribute": [ { "uuid": "b436d36a-7801-5a91-b870-0bc6628e0b37", "object_relation": "displayed-name", "value": "Octo Cat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "37a8073d-0951-5b6d-b7d3-bbf99f3d0171", "object_relation": "id", "value": "1357111317", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "cfcc8051-3206-5eca-b5f3-bd6960c1befb", "object_relation": "name", "value": "octocat", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "ea9b35f2-5c1a-5ba9-b70f-5c4d26bd218f", "object_relation": "followers", "value": "666", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "6fc7846e-01b0-587f-bbea-7be00a41d0cf", "object_relation": "profile-image", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "1357111317", "account_login": "octocat", "account_type": "twitter", "display_name": "Octo Cat", "x_misp_followers": "666", "x_misp_profile_image": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" } } }, "labels": [ "misp:name=\"twitter-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'twitter' AND user-account:user_id = '1357111317']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"twitter-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--c24d40c6-edda-4cb4-9afe-75b63789b974", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "target_ref": "observed-data--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb" } ] - MISP
{ "name": "twitter-account", "meta-category": "misc", "template_uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb", "description": "Twitter account.", "template_version": "7", "uuid": "6baef273-d2c3-4ef1-8a93-d2cf552e7bfb", "Attribute": [ { "uuid": "9e2a32fa-2783-5440-862a-06160e1758fc", "object_relation": "id", "value": "1357111317", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--6baef273-d2c3-4ef1-8a93-d2cf552e7bfb" }, { "uuid": "d82a242d-4bbb-5515-92c1-c78b8f726b8b", "object_relation": "name", "value": "octocat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "76f01515-696c-5894-9e12-24c719b0e5fe", "object_relation": "displayed-name", "value": "Octo Cat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "8d0f5944-4fe0-55cb-8c24-b8bba044f180", "object_relation": "followers", "value": "666", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "407ed536-c7b2-5483-ad24-239052015d50", "object_relation": "profile-image", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- url
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5ac347ca-dac4-4562-9775-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[url:value = 'https://www.circl.lu/team' AND url:x_misp_domain = 'circl.lu' AND url:x_misp_host = 'www.circl.lu' AND url:x_misp_ip = '149.13.33.14' AND url:x_misp_port = '443']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "url", "meta-category": "network", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "template_version": "10", "uuid": "5ac347ca-dac4-4562-9775-04120a00020f", "Attribute": [ { "uuid": "d602fb65-ee6d-5050-a42f-39ea66ec6d42", "object_relation": "url", "value": "https://www.circl.lu/team", "type": "url", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "d0556d25-cca8-5d06-9ed6-415318626da5", "object_relation": "domain", "value": "circl.lu", "type": "domain", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "9e389126-197e-5ca6-9a14-ebea8266b4d3", "object_relation": "host", "value": "www.circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "94924d05-a8e1-50e7-a80e-8006acbe76d1", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "864ff81c-e4e1-5ce3-a4cb-32478e5b5ec4", "object_relation": "port", "value": "443", "type": "port", "disable_correlation": true, "to_ids": true, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5ac347ca-dac4-4562-9775-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "url", "value": "https://www.circl.lu/team", "x_misp_domain": "circl.lu", "x_misp_host": "www.circl.lu", "x_misp_ip": "149.13.33.14", "x_misp_port": "443" } }, "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5ac347ca-dac4-4562-9775-04120a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[url:value = 'https://www.circl.lu/team' AND url:x_misp_domain = 'circl.lu' AND url:x_misp_host = 'www.circl.lu' AND url:x_misp_ip = '149.13.33.14']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"url\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--9c435f8e-5d9c-4f84-9650-6bb3355ae28a", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5ac347ca-dac4-4562-9775-04120a00020f", "target_ref": "observed-data--5ac347ca-dac4-4562-9775-04120a00020f" } ] - MISP
{ "name": "url", "meta-category": "network", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.", "template_version": "10", "uuid": "5ac347ca-dac4-4562-9775-04120a00020f", "Attribute": [ { "uuid": "4818dd13-0d1c-549f-ae46-63b8c20a7259", "object_relation": "url", "value": "https://www.circl.lu/team", "type": "url", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac347ca-dac4-4562-9775-04120a00020f" }, { "uuid": "54214174-0ab9-591a-a366-99b0ed640ade", "object_relation": "domain", "value": "circl.lu", "type": "domain", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac347ca-dac4-4562-9775-04120a00020f" }, { "uuid": "f823cbdb-2fba-57e3-a543-eab786769996", "object_relation": "host", "value": "www.circl.lu", "type": "hostname", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac347ca-dac4-4562-9775-04120a00020f" }, { "uuid": "f77fb93e-345f-5a27-82e3-97ebe854f88d", "object_relation": "ip", "value": "149.13.33.14", "type": "ip-dst", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac347ca-dac4-4562-9775-04120a00020f" }, { "uuid": "90459245-40c9-5645-b505-fec3efb14ed3", "object_relation": "port", "value": "443", "type": "port", "disable_correlation": true, "to_ids": false, "category": "Network activity" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- user-account
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5d234f25-539c-4d12-bf93-2c46a964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_type = 'unix' AND user-account:display_name = 'Code Monkey' AND user-account:user_id = 'iglocska' AND user-account:account_login = 'iglocska' AND user-account:password_last_changed = '2020-10-25T16:22:00Z' AND user-account:extensions.'unix-account-ext'.groups = 'viktor-fan' AND user-account:extensions.'unix-account-ext'.groups = 'donald-fan' AND user-account:extensions.'unix-account-ext'.gid = '2004' AND user-account:extensions.'unix-account-ext'.home_dir = '/home/iglocska' AND user-account:x_misp_password = 'P4ssw0rd1234!' AND user-account:x_misp_user_avatar.data = 'iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC' AND user-account:x_misp_user_avatar.value = 'octocat.png']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"user-account\"", "misp:meta-category=\"misc\"" ] } - MISP
{ "name": "user-account", "meta-category": "misc", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "template_version": "6", "uuid": "5d234f25-539c-4d12-bf93-2c46a964451a", "Attribute": [ { "uuid": "f9fdd24e-eb6e-5256-9412-913ea6b7c03a", "object_relation": "account-type", "value": "unix", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "ed08fdff-3bd0-59ef-9510-4c416255df0f", "object_relation": "display-name", "value": "Code Monkey", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "c7756d14-7166-5722-96bc-9ec1e13358c8", "object_relation": "user-id", "value": "iglocska", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "5bc4a822-4df3-5f52-8e7f-a1ffdff67999", "object_relation": "username", "value": "iglocska", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "uuid": "971ce27a-b1e3-55d7-b880-ae55b50a3a3a", "object_relation": "password_last_changed", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "18fac178-2031-52ff-966b-af8c560f41fd", "object_relation": "group", "value": "viktor-fan", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "b0474a39-cc09-518e-93b7-00b2092ef2da", "object_relation": "group", "value": "donald-fan", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "6d410558-299e-599c-92f9-a7c18a18c23d", "object_relation": "group-id", "value": "2004", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "00821411-5889-56b6-89d9-5fd8f2040a96", "object_relation": "home_dir", "value": "/home/iglocska", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other" }, { "uuid": "ea76463c-b9ec-5ab4-a3d3-ae7ffb3cdcc5", "object_relation": "password", "value": "P4ssw0rd1234!", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "38b03f0e-4b15-5a55-a2e5-190c496dca42", "object_relation": "user-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": true, "category": "External analysis" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5d234f25-539c-4d12-bf93-2c46a964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "user-account", "user_id": "iglocska", "account_login": "iglocska", "account_type": "unix", "display_name": "Code Monkey", "password_last_changed": "2020-10-25T16:22:00Z", "extensions": { "unix-account-ext": { "gid": 2004, "groups": [ "viktor-fan", "donald-fan" ], "home_dir": "/home/iglocska" } }, "x_misp_password": "P4ssw0rd1234!", "x_misp_user_avatar": { "value": "octocat.png", "data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAIAAADTED8xAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAL+RJREFUeNrtXYlbTdv7P//E19ScSqRJAypTg7poNGYKESEN5gwZCokylWQqKhq4EjLl3gplKFSoRDSnNGpU/N7r+HW7qbX3OWefdfY+rfd5n/vcJ/ucs/be72e9w3oH3uD//Y8w4QHLPPIICBMAECZMAECYIR5naDjTwcF52TJPDw+fnTsDDh4MO3Xq8qVLN27cSE1Nffnixfv376urq3/8PzU2NlZVVRUVFb158yYzM/NhWtq9u3evJyTEXL58/vz54ODgg/7+q11dzc3M5GVlyeMlAGARg0SaTp680sXlUEBAwrVrIMHt7e0/xEZdXV0fP34EeAAq3Netm2ZlpaKsTN4CAQA+/sPScr2X18mQkOT794uLi3+wgCorK9NSU0+Hha1xddXR1ibviACASR4yaBDs8Tt37Lh75w7YKj9YT6AioqOi1q5ePUZXl7w+AgAhefzYsRs3bACrpqam5gdn6dOnT5eio93WrCFgIACgZm1NTdg4wfUsKy39IXUEBhs44m5r1+oRMBAA9GRlRUVPD4+nT5/+GDCUm5u7zdt7hJoaefsDGgA21tawKTY3N/8YkNTR3p6YmLhg/vxhQ4YQAAwg1tTQ8N279/379z8I/aSqqqoTx48bjR9PACDlvGTx4uT794nE90eZmZlenp4KcnIEAFLFWqNHBwcH19bW4gy/pKWm3rhxIyoyMiQ4+MD+/Vu3bFnj6rpwwQLr6dMnmpjoaGkpKSjwlwe2uK6OjrGRkYW5ua2NjeO8ec7LloG3unnTpt27dh0KCLgSH5+Vmdna2opn8fV1dQf9/dVUVQkAOM862trnz58X6+ks4AocaPAlwKxa6uQEwi07bJj4kOxgb79pw4ZToaHJyckAs66uLjHdV1NTU/CJE6NHjSIA4CSP0dW9eOGCmEIoIT8zEWAvVx0+XOJ3am5q6uHuHhcXV15eLo77jQgPl+JjBCkEgIGe3qXo6G/fvjEoBEVFRSAHy52dWR46HGtgAEY8mEyVlZUM3n5nZycAbIKJCQEA29MwY2Nj4W0xFRsBSYLNlaMJNkbjx2/6eZjdM/NUFPr+/XtSUtJUCwsCADa+7KtXrjBiEDc2NkZHRYEzKk3pTDYzZoAGq2MoDJB4/bq2piYBAFvOcc+eOSO66MM3/PXXX6tdXaU45x68c6dFi64nJLS1tYn4uJqbm/fs3i0zdCgBgCR5xfLlFRUVIr7Lgvz8vXv2aGpoDJzg93AlJXDiU1NTRdw4Ct+947qq5CoAdHV00lJTRQxfnjt71nLq1IGcDAKw3+Xjk5OTI8qTvPbnn9y1iDgJAD9fX1Fe2P1795Y6OZE8sJ4MG8HdO3eEfqStra27d+0iABA7W1lagtoV2sqHvWpgZrzQ5AkmJvFxcUKH0bhoEXEGAGoqKlGRkd+/fxcujA3vdZyhIRFxmmeI4eHhQh+fnzl9Wnxn4QMUADOmTauqqhLiZXz79i3m8mUDPT0i1oLy6FGjgoODv379Ktxh+VgDAwIAZmLY+/z8hFDKHR0dkRcvklJA0RXvQX9/IfIIW1paVixfTgAgEo9QU0tJSRH00YPuBg1O+iMwyCrKyqfDwoTYhmJiYhTl5QkAhDR7hMjuSn/8WH/MGCKy4uApkyZlZWYKkUZlOnkyAYBgvGf3bkGz2Wpqata4uhIxFbdF6uHu/uXLF0F1svfWrQQAdM0eQYu2vn//Hh0VBdYqEVBsjkFEeLigp8j37t5lYZENuwBgZWkpqNkDGhaMJSKUEqhDMDPLfvVK0CZ206ysCAD6Zp+dOzs6OgRSrAEHD8rKyBBZlKBFtHnjxvr6eoEC06vZZKnyWPIcwYYRaC95+vQpVyLNUs86WloCdVUCkxVgQwDwi2WGDr2ekCDQFsLRtBMp5mFDhhw/dkygc/oD+/cTAPxPTkZGIJe3pqaGWPysZcd58wSquTkVGgrKf+ACQElBIT09XSCzZ0Bl7XPUHBLorCA+Lm7o4MEDEQBqKiqvXr6k/6SCg4MHcgc/DjHYtPCy6JtDSUlJcpKLZEgGAOpqavl5efQb1CxetIgIFufMoYaGBrrn9+np3W3CpB8A2pqa9PtyFuTnk1xO7qZV0zeHwBxQl0TLGdwAGGdoSL/7fkxMzIDqUymVnHj9Os3XDUYBfgzwMEs//YErLAmTERadIy9epPnSX2RlYbaFeDjt/tKSEpq1i6tJWpt08ZGgIJoYSEtNxdltBRMAANbZ2dk0ExzAfyISI328dcsWmqGh6wkJ2M4HcABg2JAhNFuYNDU1Tf/jDyIr0sorXVxo5pCeO3tWegAQFxdH85R3ojS2XyXckxcuWECz3B6PEyh2AAQFBtK525KSEjK9cICw9fTpoOrpSIWnhwe3AbDey4tmEwGNkSOJZAyoWgKa/SbE3cJMjABYtHAhTelXUVYmMjHQ2M7WlmZcyN7OjnsAsLK0pNOCuKKiQuqH8BDujxcvWkTHJ66vrxdfowOxAGCsgQGdKiG4hjQqHOAMVj5NM0FM3eaYB4CivDydVJ+O9nbQEkQCCB/096fZcZEbAKBT3AiKjyR4Eu7mqMhIOhhwEoPMMAwA8NlZEt4izCEeOngwnbLYpqYmxp0BJgGgo61NJ7579MgR8so5zUMGDZKXlVUdPlxj1ChtLa0xOjrAWpqaqiK0ZpIZOpROugDjzgCPQRDTSf4GoDPyc8OVlEKCg/Py8srKyiorKoo/fXr58uXtpCSwFLds3jzTwUGd3fNMOccg8aPU1adaWLivWwcP+f69e69evSotKamrrW1uboaN7/Pnz/BHUcbI0kwYiwgPZyMA6Jz4MpXoBzuQ2ZQpJSUl3/9L4Fp0dnbCy/j48eOjhw9DT55c5eIyZfJkBTk5iRdfc3Snh0enNXr0nFmzfPfuTbh2DXYcEPT+2jc11Nf/YWUlSo2vpoYGnb6LDPadZgYANjNmUCb6lZeVwbbNyM/BWwEvgvIXAQ8tLS0F+fmHAgLs7eyUFRWJTNMXfTkZGaNx4zzWrYuNiQEFS7M19DZvbxGf8ywHB8o3C6+VqXEnDABATUWFcnoFyCKDQU89Xd2kW7cE6sQEmxaohe3bto01MODQ/BKJ+KNgPTrY2x8JCoLNWNCRPMnJyePGjhVxDceOHqVTPsbIQFsGAACWH+Vy9+/bx+BLmjVzZkFBgXADYwoLCyMiIvT19IhR9Puur6KsDBtwUlJSRUWFcJPCioqKFjg64vEnwQmUPAC2btlCudCMjAwGpQ2ezu5du1pbWoQeaQi7Wn19/bVr18BXJnYR/5GCg+u2di3oVfBoRZnA2d7e7n/ggOg6VkdbmzKZACAqeiaBSAAA94gytxtug9luVlqamlevXPnBBIFCAF8Z1L0UT4enrFXSGDlynZvb0ydPhBtA+DvdvHlTj4lo/XxHRzq90iQJADqHF/NFVoi/Z9K+ePHiB0P0jzaoq4uOijIzNR1o0q8oL79w/nzY9YWbhNcfvX79ehpDZX1g5FD+nIe7u2QAYD19OuXizp45w/hrW7VyJVioP5gmcPjiYmMN9PQY79QHXwgbrczQoXIyMqBqFOTkQPKUFBSUFBWVlZRUVVTA/Bihqgr293BgJSVg+Ce4AC6D68GcgI8z67HAl1tZWsbHxdHvXUWfPn/+7OXpycg64aFROgNgYogyG4UntOp8R+WG5uXliaN5f1BQUGNj4w8x0D8W0aNHG7y8dLS0hPAg+YIOUqs5evT4sWMtzM3tbW2dFi/2WLdu5/bthwICYDsAVfPn1at37txJSUl5/OjRs6dPnz9/npWVlfn8+bNnz9LT09PS0pKTkxMSEmIuX44IDz9+7Jjvnj2bNm50WbECdKn1jBmTJ04EDx5gA0ASAhtw/UQTk7179rzIyhJoGgN9An1yKjSUwfQCSmcgKjISNwC8t25Fr6mtrW28yOGwPjkpKUnoUeZ0CFb+6tWr2bNmUZ7ZgeSBPMG+DoCZPXPmnt27L1+6BFZpfn5+SUlJbW1ta2srU4Y1378EUSgvK3v//j0YgWBqBx4+vMLZ2XTyZHDGVIcPp3Q9Qck4zp2b9/at0EOwaXa1efDgAYOK1H3dOsofnWphgQ8AoHEoc35gjxGH9IN58JI5BwB91HL27NleRfp8iVdXU7O1tt7m7X3+3Dl408XFxd/Es5XSV1zVnz+DJgGTBvTMEicnEyMjsKnAfOpWDoANG2vrmJgYgaa5iOIGaGlqMvjeQV+hf/HNmzfC9U4WBgAXIiLQq/n48aOYDpt0tbU/fPiAR7AAA2CiOC9bpjFypP6YMWDPgClyKToaDBW4webmZgZ3d6Yc+taWlrKystzc3BuJifv37YPFm02ZMn7cOE8Pj1cvX4JGwrMSUIDMBhWmTJpEqfZ9du7EAQBYCuWLn+XgIKbABext4GPhlCpwjsEiT01Nhb2TbRJPxxwHJzLl77+FGPUuCsHPzZk1i9lXH3bqFPpHAd5CBNx5jCujO7dviy9yZ2lhgW0bIySKu+K6ahXj1i9lnlxiYqJ4AbDa1ZXyznV1dMR3YEknU4oQG8h7yxbGA8oAKsa9YZ5AQdkSqu62QYGB4tv+YQGLFy0issUJ8vP1FYcf+OTJE/Tv3r1zR1wAcFuzBv3blZWVivLyYq3JWLN6NZEtTtCxo0fFMdvB2MiI8vhi0oQJzANgyKBBlL0eGCxT6LcMwN2dyBYnKCQ4WFE8nf5PHD9O4Qlcv848AJyXLkX/KugmceeuEABwiE6GhIhp1AVYGWBroMPBRuPGMQyAPORMu87OTtBNGADgQeNQkBAbKPjECfHZw16enuhfj42NZRIAjnPnon8vJiYGT132ahpxAEJsoKDAQPElmcvKyKATIru6umg2UKEFAPQ4a4E0DokCDRDau2ePWCcd+ezciV7AhYgIZgAwY9o0ZgNPotTs2dnaknMA9hNswJs2bhRr0SnYw/V1dYg1dLS3a9PIR6IGQHJyMvpubWbMwFbDMdXcnE7TaUKSpdbW1lUrV4pbGAIOHkQvI+zUKVEBMNHEBP0bL1+8wFnEBLYW5lwgQkJQdXX1THt7cQuDmqoqOi8G/nWUurpIAEhMTETfKuYet5oaGgX5+UTCWE4f3r8XUzVILz4ZEoJeif+BA8IDwEBPD/3tIIuYy1jB8svIyCASxmYCJy0rKwtPuw2w8tGLKSoqEh4AlI3b17m54S/lvnzpklgLmgiJSOCkxcfHY5MHyjH06MG7KAB8/PgR8b0VFRU4J3p38y4fH8zZ7YQEorq6Ot+9e7HJg/6YMeg5S+HIZrr9AmCqhQX6PoUrwBGd7Wxs3r17R+SMtVRYWMh4NYwovQnr6+oQean9AuBUaCj6PiU12hE8kzu3bxM5Yy3dvXNnrIEBTpFY7uyMXpLz0qWCAWDYkCHV1dWIbxQo4Y7hY/Bhw/x8fb99+0ZEjZ0nAP4HDghXny5Kjgy6txeiSrFvAIAKQ9/nksWLJdjSzM7W9u3bt0TaWEjFxcUSmf528cIFxKo6OzvVVFUFAEDM5ctCG1UYIqHrvbzQCbGEJEVNTU0hISFCdBYTfUIFemHbt22jCwBKhQJok+D27zh37qtXr4iosZbKy8t99+6VE0NTQDSjg5bZr17RBcCK5cvRdwgWiKQa2I/R0cnLyyP5cCyn2i9fXFeuxIwBytSgCf9tc9YvAG4nJaHwXVYmqdES4wwNoyIjifRzggoKCpY4OeH0hg319dFLOnH8ODUAwFdAFx0fP3ZMItKvpKAAilVMbXEJMU5dXV2PHj400NPDKSToNJn3799TA2Djhg3oG5s8caJEAOC6ahVlUxZCrCLQ1WGhoTjjJeu9vNBL+r11XG8A3L1zB/H5/Lw8iUi/rrb28+fP0SfehNjpEM+eOZPxDln9sbKiIrpcxG3tWhQAYKHo+I+Yej5T3lVIcDAx/TlKqSkpYJ1jk5bk+/cRi/m9WP4/ADCdPFkIP1rckR/HefOKi4uJJHGUGhoa9vn5YTOEdvn4IBZTVVWFAgB67EVdbS3+7X+UuvpfDx6Q7Z/T9OnTJwszMzzBQ3NTU/Rieg2W/A8AEq9fR3xSIvk/7m5uxPSXAnf47JkzzA4LRXRQrkNmy2/etKlfAKA/uWXzZszSP0JV9T7SpCPEFSp8927hggV4xAZdx9urhfq/AADVgL6HiXgdAIDynFmzxDHGkBB+6ujoOB0WhudsePPGjWhLvmdUikczhorfAVBXU6Mzh5gQV6ggP9/E2BhH6xCqrdy8x/imfwEQFxdHX3Fg4IXz55MOKNJEzc3N/vv34zkTqKqqQqxkt49PHwBAf2brli04pR905elTp7rEOQ6VEHZP+PuTjAzKRj2McExMDGIlycnJvQEwRlcXvXrMGRDjDA0/FhURoZEyampqcpw7F4MScFu7FrGMr1+/9gbAGuTwL8wOAGz/y5ctI7F/qaSgwEA1FRUMDdTQy+hWRL8AEHryJOLqGzdu4ASAxsiRF6mavRDiKD19+lSgEUZCM3qgka2NzX8AgO6zsM3bGycAplpYZD5/TmRFKqm8vHy5szMGKboSH49Yxob16/8DAHTDTZz9n/nT+BpJ+F9KqaOj4+iRIxgKZdB9DU+Fhv4HAOg59HgOsbsdgOATJ4igSDHdTkoaI7Zh0t3ssmIFYg0PHjz4FwB6yBBQe3s7zu1fRVk56dYtIiVSTDnZ2TOmTRO3IJlNmYJYQ2lJyb8AmOXggLg0NzcXJwC0Ro/OzckhUiLFVFlRAdszBlMCvQx+XgaPsgwS8xnwtD/+KCsrI1IixdTY2HgoIACDLJWVliKWYW5m9gsAwcHBiOswV8GvcnGpr68nUiLF1NbWdvXKFQyylJqailjGalfXXwBIQvZB8fL0xNr9fOdO0v5fuqmrq+tJRgaG+pjz584hlhF4+PAvAKCHYNvb2WGT/mFDhoQg1REh6aCCggIFOTlxi9M2b29K2/4fAKB3XB1tbZzNf2KRaUyEpIOKP30aPWqUuMVp3pw5iDXwW5zwQL7ZEwNVV1N7QDWVlZAUUFVl5ThDQwzDYxBraGho+AcADvb2iIvy8DYCgl3hyZMnRD6knr7U1GDILx46eDDaFfkHACtdXBAXgX+MuQEWafw/EAh2XytLSwwShe6TpayoyPNwd0dccSEiAicAxujqopP4CEkHNTU1zZg+HYNEoYsKdbS0eOheQN05Q9gm/n369InIh9TT169fba2tMUhUYWEhYhkmxsa8vXv2IK44euQIZgAUEwAMAGpubsYzZeJFVhZiGX9YWvIOBQQgrjiwfz9OAOjp6n5CzvkgJDUmkDUWEwh9GDxn1iwe+uAJ8zBgcILJDOCBQI2NjegB7kzxjRs3EMtwXrqUd/78ecQVmzZswAkAHW3tfOSxNCGpiQL9gSUKdCk6GrEMD3d3HnogpNuaNZhzobPJALwBQPX19Rbm5hgkKuzUKcQydmzfzkM3xHVetgzzQdhTchA2AOjLly94SuPRLu5Bf3/e/Xv3EFfMd3TE2g1XTS2ZpEIMAKqqqhprYIBBosCJRSwDHGDeo4cPEVfgTAXl10NeR2okQtJB5eXl2liGaXt5eiKWcfHCBV5WZibiCjzn1d2sKC8fFRlJ5EPqqbi4WE1VFYNErUZ2fIuJieG9efMGcQXmjogyQ4ceO3qUyIfU07t37+BdS3xuZER4OA99VGY5dSrmptC7d+3qJD1xpZq6uroyMzPxiNPOHTsQKwk9eZKHPiqb5eCAGQBgtLW2tBApkWLq6Oi4f+8eHnHav28fYiWBhw/zbt68ibhiqZMTZgAscXKqq6sjUiLF1NraGh0VhUecjh45gliJn68v1UHYb4OFxc3Tp00rJ21RpJqampoO+vvjEafTYWGIlWzz9uadPXMGcYX31q2YAWCor49OYSXEdaqtrfX08MAjTpHINuOwDN6RoCDEFWBCYQaAmorKs2fPiJRIMRUVFTnOm4dHnK5euYJYyUoXF4p6gBPHj2MGgLKi4k1kBh8hrlNWVtZULIlAwLeRPa8WL1rEQ8+UDA8PxwwAORkZQB2REikm2OA0Ro7EI04pKSnoICcPfVR2JT4eMwCGDBoEmPz27RsRFKkkeLNnTp/GcwoGjDanp1lZ8RYtXIi44u6dO5gBADzf0ZH0x5VWamhowBlZef36NWIxkydO5NnZ2iKuSH/8GD8AJk2Y8PjRIyIrUkmlJSWzZ83CJkvorhCG+vo8c1NTxBU5OTn4ATByxIgLERFEVqSS0tPTjcePx+ZPohcDF/DGGRoirqipqcEPAEV5+c2bNhFZkUo6e+YMbHB4BMl08mTESqqqqv7pDEeJEmVFRcwAGDp4sLmZGUmJk0oPeM3q1Rgm5PHZeelSxGIyMjJ+dYcuKSlBXIenfUVvK0hdnRyHSR+VlZVNNDHBJkXoM66Yy5d/AeDBgweI67CdWvdk2WHDjgQFkWHx0kRdXV2PHj3CMBagmy9euIBYD7/nFY+ycj44OBg/AIAd58378uULkRupoZaWFsxtph6mpSHWs9LFhdaQPIkcBQBra2rmZGcTuZEm+8fc1BSnCKGH5E21sPgFAPRRwIcPHyQCAPDOd/n4ELmRDgJr9vbt28OVlHCO20IvSUVZ+RcARo8ahbius7MTm9veKyfCdMoUYgVJB339+nWfnx+GwXjdbGJsjFhPXW3tv4OygWF9iKvx9DD6ncFhupGYSKRHCig3J8fyp8mBjdE5Pln/X5TMo5MzhLk/3H8qJBcvJrEgrhMYEX6+vpgPlNDl8N1Znjw6PUQxN0nv7Qrn5BAZ4jSVl5eDx4nT/gGOjY1FLKl7VP0vAOzZvRtx9W28k8J6dQravWsXGZ3NXfr27Rtst/Kyspglp6qqCrGqtatX/wcAaIMJPIShgwdLCgN6urpZyOZFhNhMRUVF+LtLoQek9nRrfwFAU0MD/QELXDVsfSqBFc7OLaRZEAepra0NjA2cp798dlu7lk4I6F8AAL8rKEB8ZrePj6QAwK+UT01J6erqIiLFLcrPyzPQ08MvMNFRUYhV3bp1qw8AoEfFJN+/L0EAAM+ZPZtMT+Lc9r950yaJSAvYXYiF7di+vQ8ALHd2Zq0bAKykoHAkMJAoAa4QvKmMjIzRo0bhFxVKe75nRgav53AK9MemWVlJVgkY6utfu3aNyBYnqLCw0MbGRiJy4rpqFf2tnNfzk+hW6X6+vpIFAHjDNjNmgAdDxIvl1NjYuMvHR0FeXiJygq6nvXf3bs+LefQbKaakpEgWAPwMp4CAgIaGBiJkrCXYYqOjo/FHfv6dDo/0FXfv2tUvAJYsXoz2abC1c0Gw6vDhJ0NCOjo6iKixkDra2+Pj4vR0dSUlHpSWfK+hR7xebQnRXqaNtbXEATBk0KAJJiZX4uNJjhDbCN7Ig+RkMFMlGC/xcHdHb+K91sbr9Xn0mF5sXa0pq+YnGBvn5uYSDLBK+isqKuxtbWWHDZOgbKB7If7111+9ru8NgJDgYMTnJdImqD+ePHFiTnY2wQBLpD8/Lw//NIlerDFyJFoe9vn5UQBgwfz56FudgLGqn1IP2NvZgc4lhwOSpc7OzkePHi1xcsKf8daLvbduRS91yqRJFACgdAPAAWWPEhg2ZAjc0rNnzwgGJCj9r16+tLO1lZORkbg8oMtaQEf9/hHe73/6+++/Ed9SXV0tkQpJdM1AXFwcSZnGT62trcn377PEKNDR1kavts+DLJ6gs4WBFi5YwCoADBk0SE1V9XRYGImN4iTYcSIvXgQNjLnSpT/23bsXvWBACC0AgCWHLhFOvH6dVQDo7iKx3svr/fv3xC0WN4HBmZeXt83bm99YgSWcm5uLWPPTp0/7/BSvz79evnQJddjR0YFnzr0QRfT2traglBvq64mYiolgc4QnPH/ePJw9TujkiaGXvWXzZgEAYG9nh/66zRs3shAAv84CVVU9PTzKy8qIKmA81llYWAiWtERyPNF8+NAhtKfe35bN68+qRg/rzcI16l5or2CsgcHZM2dKS0tJl2lGbB4Q/bBTpyaamLAtBMLnjx8/ItaPqGbh9fcPgYcPox+KsZERmzEArD5ixOJFi2JjYr7U1BAYCEdg7lZUVFyJj3davBjbZDtBeaqFBfouVru6CgwASqPq2NGjLAcAXxWAo7Z506aHaWlgvBKjSCD6/Pnz3bt3vTw9tTQ1WRLq6ZPj4uIQd9HW1oY4oeMhvvf58+eI762pqRE05RUeourw4ROMjW2srefNmbNg/nz4n8mTJmmNHg2KVayPmO8fJyYmVlZWkmgpmlpaWoo+fIiLjQVXEP94FCFOgdAzRa/9+Sfi4ygAoEcIA+3csUOgwUe7fHxevXwJKrW1tRXMStiP4VlXVVXl5+dfv34d/tXWxgYQIj4kKCooWE2dut3bG4zCT58+wd5AjpC7rfyGhoZ3795dvXJlg5eXuampmooK+zU8MHh66FtbtHChkAAAxxn91SDK9PN2pllZgdyj30FlRcXpsDALc3OxZhQCwEapqy9csACeXU5OTlNj40D2EGD7LCsre/rkCXh9jvPmsTDCg56nCLsY4u5qe3RAERgAwIlUvWk3bdhAEwA2M2ZQ2B7fvwMGQBZhKwL9azx+PIb6GzkZmRnTp4cEB//9998fP34EiIJASLerAHcHt1lXV5eXl3f50qUd27ZNNTeXeB6bOKKfP2gk8FMAwHr6dPQPFBcX0xRTsCb/+usvxFeVlpb67t27ysUlIyMDYFBYWOjp4YEnuRzwOUJVFSDn4e5+OTr67Zs31dXVICXShATYXOpqawsKCm7fvh0UGLh0yRJDfX0wOCXb7ENEv66+rg5xy/AGKU9seZQ/k/74MfrJ0s8CNxo//uWLF/1JFcCDH2gDQUxLTeVrZ9ii4I+YQxCgFkyMjZ0WLwYnJzIy8tHDh6UlJaBMv379CkqM/aiA7aOpqamqsvLDhw+ZmZkJCQmHAgJgZwElPNbAQLIFKwyyz86d6OdwKjSU8kuoATB39mz0z8BWTXMXgcumT5t27969Pm2hysrKgICAiSYm9nZ2Dx8+7I5hXY2Pl1TGFcjKqJEjxxoa/mFpuXzZMrAWToaExMbE3Lt799mzZ+AyopOmMJvyOdnZSbduRUVGBp84sWvnTteVKx3s7EyMjHS1tWGnZ+cBligtQsAFRT8QbU1NBgAADNs2+umvWL5coKr2o0eO1PbV3QTUNNzV58+fewZn+NVGppMns0RZwzKUFBQ0NTRcV6368P49e06sQk+eBFmXmg0eze7r1qEfCNgOdL6HFgCcFi1C/9jbt28FLWSxsbb+68EDRPgF/un5s2eRFy+WlJQABl6/fj1v7lyWYADU0ZxZs15Q7QuYCfza0NBQCfYjwfn8we5AO/pG48YxBgD4PRBxUaKtfe6j4ISBlVZeXt6nVQ1u6JzZs8E3ne/omJubCzoBHAOwoFiSaPT40SO2HajBY6ypqfF0d+doSIc+r3NzQz+KJNoTLXg0r1vp4oL+yXcFBUJYmWBLeG/dChjo8xzewsyMb+1t+nkkBwKXnJws8R1uuJIS4Ja1rnBBQUGv1jdSxvD8KUcnTqU9j4xHf8NGKx0g4cYgwzebGBvDl/cSKf5gcf0xY0DiFy1Y0P1H8B9GSK4aAdDo5eGBPnyRuB7IzcnR0dKSVgCAq4N+AumPH9P/Nh6DbkdTU5PW6NHCYWDZ0qXZr171wgA48g8fPgw7daqnF15WVrZq5UpJOQPGRkYpyJppNlB7e7tAWSocYnj+lMf2jvPmiQUAsPkVFxejf/vPq1eF3lldV63q0xb6fYd78OCBRMYuAOr8/PwaGxvZf+yVk52tMny49AHgyZMnzMZjeAJdvXnTJspHbz19upAYGDbMeelSRL4Q+ACgZGADgGvOnT2LXwmMHjXqPWvinpRKYMf27dw95e2TQTwob9zB3l6MAJAdNgxdesP3hoUORcvLygafONGnjmtvazsTFvaHldWFiIj6+vovNTVWU6fiPB0DF3+1qyuHskcfP348Sl1daqRfTkamrLQUfctCjDPlCfqBWQ4OlI++VwdqgRjeWZ8pQxUVFfxR4/Jycgf27wf3IPP5c5xdiEeOGJGRns6h5B8w1QSNTbOZDwUEUCo9XR0dsQMA+Nqff1JWVAjnDfN5pr3973qmoaGhux+RhZnZ69evuzo7wT/G1pljpoMDOvWKhdlvt27dYnMlF30GyaZsfNY9+1rsAADhphxaej0hQei7VVJQ2OXj0ysiBHZRfFycupoaXDBl8uQXPycH19TU+OzcicHSBftnn58f55JDKysruZXf3x/fvHkTfadgHQnXm5En3IIoE/GAwFgS+obVVFWfPn3a6wvb2trArt20cWNMTEz3ftDU2LjOzU3cjSmVFRVfsizxgQ7BE2NbGz8heKmTE+WdwjXCfTlP6B0RPVcYqLy8XOiyOtjUVzg7/97fCvZg8IB7aUOwl9zWrhXr+b/+mDHocjbWHor5+fqyoW2tKE++qakJfZsP09KE/n6e0J+krJUBSk5OFr6piZpa8v37lC8YTCP4b1VV1RInJ/Fl/FLmhLOWwG7krhUkM3RoTk4OZRqsob6+BAAADKYI5QsQLj+Cn3M2wdi4vv8mh9++fYu8eHGli8s+X9/8vDzYoU+Fho7R1RWH2wf7KEcBUFBQMHniRI4C4PixY5Q3eOL4cVF+gidiZJBSPYGYWk6dKnToN6H/wcDV1dX8rC8wfuxsbMAka25uvnfv3qyZM1VVVJiCAXwPOOXRUVEcBUBdba2DnR0XpR98SMqoA2h+EZMjeSKucsvmzZTvQBRnYPmyZf09hZqaGvOf6aJ8n2H/vn38v3/48OHA/v3ampoiWkR80TceP36bt/enT584CgDYFFatXMk56Ye9lTLlU8RACzMAACl5/fq1+JwBZSWld/2MfQXr/0hQUHePYse5c3v6BhXl5WB9WZiZqSgr00cC3I7ssGHKioomRkbr3NxiL19mT9Gj0IEgoa1QCXLqz6JwNNEp+RU7AIAnmJjQSQ8WOll6544d/SUggBIAExCcPNgwAAy/W1+lpaX3791zXrp0nKEhXAPq8vdDAxB6MKLAagKlYTV16tYtW64nJBQVFVGedXCCwEcMCgzklvTv8vGhvK+8vDxZJqJbPEZWjB7OKqIzAEYIiCMiElRTXQ1mT88Mon9agPzse1NcXMzfwhsbG9+8eXP79u2LFy4AZg7s2wd+7UF/f3Czws+fv3njRkZ6OvxK95fAasG9AfuB6wCAOzp39iyHpN9syhR0q0O+Whs/diwjP8djat0Ib1VEZ0Bm6FB/f3+BTmHfvn076WfoQ1Feft6cOWDB//5xAAnsjp2/PWuQmPeFhYcPHVq2dKnb2rX3++lhwaGEiJjLl7ki/aDM0b0e+OTp4cHULzIGABA12IYpl56RkSGE5tLU0KDMQu3pAFyJj++OAsH/bFy/HoylntfA7p6eng5b459Xr5b+N8cwPz8fMNNtKcFO856qFI7lZ2Hx8fFcqXWkLD0HunnzJoM/ymPwu8AZoGM3305KEjRGCddvWL++urqa5lvPe/t2oolJtxDPnT27ZxgHDJtlS5bwc7b5pw15PZ570q1b3Uen8K9ggH3gSA1AfwBIECEvC+eZF2yO1EZEWRmzo5l4zN7GiuXL6bwVIazSkerqEeHh3+hZI2C0pKWmggEza+ZM2M5v3bzZncgAAgGWmFKPrt8g7uADdH+28N07+KD+mDF6urrW06dHR0ezuQKYDrFzqGEvvp6QQMecY7zen8f4nVyKjqbzVnz37hVUCZibmf2eIYeg9ra2ivLyz1VVvf4ObvHC+fNhIwElAJbb5IkTe9b7A0I+f/58584d8JjBb5aCQFBiYiLLpf/okSN0boSy0y0rACAvK5ufl0fnftb0P7imPwwY6OmBpyF6WnJ7e/vLly9BMzx8+JDrkX5KE0joQm08DB4tnRvJyswUR947Txy3NM7QkI4z0NnZOVPAkzzAwCoXl5zsbDLYQqCQAGul33HuXDqvEqxWMaX08cR0YzSdAfBHzU1NBc3EXr5sWX5+PhFuugC4coWd0g+vno5/1djYKL6JjDzx3V5QYCCdN/TlyxfQGILqARMjo2fPnpFpX3QAcJWVAABrlk62D5Cdra34lsET601GhIfTucPi4mJNDQ1BMaA/Zsy1a9e4WKdCAGBibFxZWUln/eLO5BMvAMBroRyy1I0BQfUAsIqyMthaubm5lBXTAxoALHOCwfJBlHmIEipkHQD4BxzoyUjdVFtbK6g/0A2D7d7eb968ARiQScAsjwI52NvTzLDCk8HBw/Ab8rKy/CYOdHxiQTt7/Rsh1dff7+eXl5fX0tJCYMBOACxcsICm25aSkoJnpA0Pz52rqajk0TscgAe0bMkS4VuqKCrOd3QMCgrKzMwElQJgEC5gCnLT1tYGmrqsrIzTUdd/AICcFI2N3daupfkYQZkrKSjgWRUP2/1rjBxJM6EN3tnWLVtETKsyNjJasnixn69vdFRUWlpaTk5O8adP/EF3oGdaehD8pampCWS9qqqqoKAAkPMgOTk2JiYoMHC9l5e9nZ2FuTl3syFYAgB4oTQXLL6Qv4QBwG9xUfVbYkJ/xFQZBzji8Lt/WFqC/oVNaMf27fv37TsSFBR84gTw8WPH/A8cgD96eXqCPw0GmJmpqa62tkyP9qawG3H3tJgNAKCZ6QAE25CJsTHOtfEwP4sJJiZ1fY3H65OiIiPZoLsV5eU50RK9PwDExsZK8OnRDIX/+FnhPtHEBPPyePifCBgnlG1+u+nxo0eCHhEQAPQCgKQKYkaoqYEvS3OdxcXFoKjxL5InkUejNXo0ZWO5bqqpqRHrWSAlK8jJcRsAMTH4H9qMadPojDvhEwgDf0b6QAEAPy6UlZlJ8wF1dXUFHDwoqXEPAICGhgYOm0DYAbBn927Kut5uys7OFrprDocBwBcsmmdk3eaQRCY+yMvJ0cxaIQBQHT6csqFlT3qYloYt4sk6APDPicFCpf+8wE/Cbw7Jy8p+/vyZOMGUbGVpWVpSQn9td+/ckfhcex4bwix0WkB2U2dnp/+BAzjnPsjJyHAaAHFYALB92zaBknNh42PDCDNWAIB/UCJQ/kJKSgo2c4gAAM2G+vpgyQi0qrNnzrBE8NgCgME/h9HT95z40aF1bm4YVAGoaQKA/p6Mn6+vQBnpbW1tG9avZ4/UsQgAgsbO+JSVmTlBzKcn8JrpdGsaaD7ANCurAgHr8sBDYFuvdnYBgH96IlAYge8VnAoNVe7R6YRxAJQI4tuxDQDR0dGMh3rCw8MFTbmF16rKvtndrAMAn3127hS03LGyshKMKDGFqjgNAGYzSpY7O9Ms5uq5Q4GlxE5JYykAhIip8Sn98WOj8eMJAMQBAB1t7Xt37wq6AIkf5HMVAHxVezspSdAnDqrj2NGjivLyTC1j2JAhJcXFAxkAIPpnz5wRIif86dOnEk/l4jAA+Oy9dWuH4CW/VVVVu318GDllBAB8ot2al4UUHRUlSu8G+Lhw3TdOhoTgqeqScgDwy6iFG1JUV1t70N9fxFSToYMHF3K5QbRwAJhgYnL1ypWeUxfoU1NT0+JFizghWtwAAD8nOfjECYEOCnq+DzCKhD44AwD0N6aJExQRESHodpOUlCR0XfWtW7e0NTW5IlecAUD3tiRQf9ye1NraejosDMzZgQaA8+fP07xTWxsbgdITe1FZaem8OXO4JVEcAwCf17m50S8r+53AKQTTlgCgZ82nl6dnJu3s9D4pKDBQXlaWc7LESQDwywnCw8OFbtYAH0xLTQUg0Tk+GzJoUAHt8h0WUng/AID7mungEBsbK+IoNNDJjIeeCQDoWatmZnSGtKLtoj+vXp3v6IiIV9AcBcshAOjp6h4+dEj0w42amhq3tWs5LULcBgDfPtmyebPoFVvV1dXgIfQ3x/J1bi6HneDw8G5Tx8PdPT09nZHjhQsRERKs5CIA+A+PUlePi4tjRFwK3707sH+/ro5OTw0gaIoeqwj82j27d6ekpDDSQbWzs/PqlSsTsLdvIACgFb+7desWU30R8/Pyzp0967xsmemUKaT5Lv+IPToqSqD4AQGAZEKlYNaTETIMUltb2/lz54SIIBMASIzHGRrGXL4s3MEZoW5qbm4OCQ7G2auQAIBJHqOrCy5gBzFgBKeGhobAw4elwM0d0AD4lcyopXU6LIzINE0qKiravWsXs/OoCQAkzxojR+7ds+cdl4+0xG3tXIiIsJkxY+CIxMACQDdPmTQpODiYu2W+zNL3799TU1PXuLpyMZGBAECkE7TZM2fGxMRI96BsBH348OHA/v0cytwkABBXh0bXVauSk5OFy33nHDU1NUVFRtpYW5NXTwDQ20nYsX17dna29Ak9YDszM/NIUJCDvb2sjAx51938f9J47hIu9Wl1AAAAAElFTkSuQmCC" } } }, "labels": [ "misp:name=\"user-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "indicator", "id": "indicator--5d234f25-539c-4d12-bf93-2c46a964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[user-account:account_login = 'iglocska']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "misc" } ], "labels": [ "misp:name=\"user-account\"", "misp:meta-category=\"misc\"" ] }, { "type": "relationship", "id": "relationship--127637c9-7a83-4e0c-8d1f-666ad1cc3fa2", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5d234f25-539c-4d12-bf93-2c46a964451a", "target_ref": "observed-data--5d234f25-539c-4d12-bf93-2c46a964451a" } ] - MISP
{ "name": "user-account", "meta-category": "misc", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "template_version": "6", "uuid": "5d234f25-539c-4d12-bf93-2c46a964451a", "Attribute": [ { "uuid": "6bb8e693-170a-51c2-8165-d23e962d4298", "object_relation": "username", "value": "iglocska", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5d234f25-539c-4d12-bf93-2c46a964451a" }, { "uuid": "96f44142-2d9e-5b26-b0b9-f779657a837f", "object_relation": "account-type", "value": "unix", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "6b09fb5c-8846-5aaf-b0e9-27ceedafb6e9", "object_relation": "display-name", "value": "Code Monkey", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "c2ff4301-0776-54a3-bf62-6926ccdfe1d7", "object_relation": "user-id", "value": "iglocska", "type": "text", "disable_correlation": false, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5d234f25-539c-4d12-bf93-2c46a964451a" }, { "uuid": "0f3e4d05-0e6c-5514-ba4a-cb6ea24568bc", "object_relation": "password_last_changed", "value": "2020-10-25T16:22:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "98966fe6-bc5c-5cba-83d8-cf5ac353ce6f", "object_relation": "password", "value": "P4ssw0rd1234!", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "data": "iVBORw0KGgoAAAANSUhEUgA[...]hIu9Wl1AAAAAElFTkSuQmCC", "uuid": "479adb09-ad3e-537f-96cb-6d6b81fc403c", "object_relation": "user-avatar", "value": "octocat.png", "type": "attachment", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "9847ea1d-5143-5ba8-807c-d3feee1fa204", "object_relation": "group-id", "value": "2004", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "57976d29-a2f4-5d41-973d-f2802236d1c5", "object_relation": "group", "value": "viktor-fan", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "fd8cf903-93a2-5c69-b46d-6e2e65bbc5ce", "object_relation": "group", "value": "donald-fan", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "2ae9c0f6-b55f-523d-a9ee-343b45021bfa", "object_relation": "home_dir", "value": "/home/iglocska", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator
- vulnerability
- STIX - Vulnerability
{ "type": "vulnerability", "id": "vulnerability--5e579975-e9cc-46c6-a6ad-1611a964451a", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "name": "CVE-2017-11774", "description": "Microsoft Outlook allow an attacker to execute arbitrary commands", "labels": [ "misp:name=\"vulnerability\"", "misp:meta-category=\"vulnerability\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2017-11774" }, { "source_name": "url", "url": "http://www.securityfocus.com/bid/101098" }, { "source_name": "url", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774" } ], "x_misp_created": "2017-10-13T07:29:00Z", "x_misp_cvss_score": "6.8", "x_misp_published": "2017-10-13T07:29:00Z" } - MISP
{ "name": "vulnerability", "meta-category": "vulnerability", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.", "template_version": "12", "uuid": "5e579975-e9cc-46c6-a6ad-1611a964451a", "Attribute": [ { "uuid": "daba13d3-912b-4dd4-b7aa-0eede4641a3a", "object_relation": "id", "value": "CVE-2017-11774", "type": "vulnerability", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "74058a03-2dae-40df-a8d8-c4c976cd42ef", "object_relation": "references", "value": "http://www.securityfocus.com/bid/101098", "type": "link", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "37023130-93c2-4194-b77f-0e157371615f", "object_relation": "references", "value": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774", "type": "link", "disable_correlation": false, "to_ids": false, "category": "External analysis" }, { "uuid": "c4c7d1ae-0172-5667-a5d0-ec281d0244db", "object_relation": "description", "value": "Microsoft Outlook allow an attacker to execute arbitrary commands", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "a09df98f-0cd5-5fbf-8b57-56fb76c47703", "object_relation": "created", "value": "2017-10-13T07:29:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "60e44300-7654-5821-b687-92e278e29669", "object_relation": "cvss-score", "value": "6.8", "type": "float", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "c9478a72-b17c-5b11-a0a1-b741b28d4e94", "object_relation": "published", "value": "2017-10-13T07:29:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Vulnerability
- x509
- STIX - Indicator
{ "type": "indicator", "id": "indicator--5ac3444e-145c-4749-8467-02550a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[x509-certificate:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97' AND x509-certificate:hashes.'SHA-1' = '5898fc860300e228dcd54c0b1045b5fa0dcda502' AND x509-certificate:issuer = 'Issuer Name' AND x509-certificate:subject_public_key_algorithm = 'PublicKeyAlgorithm' AND x509-certificate:subject_public_key_exponent = '2' AND x509-certificate:subject_public_key_modulus = 'C5' AND x509-certificate:serial_number = '1234567890' AND x509-certificate:signature_algorithm = 'SHA1_WITH_RSA_ENCRYPTION' AND x509-certificate:subject = 'CertificateSubject' AND x509-certificate:version = '1' AND x509-certificate:validity_not_after = '2021-01-01T00:00:00Z' AND x509-certificate:validity_not_before = '2020-01-01T00:00:00Z' AND x509-certificate:x_misp_pem = 'RawCertificateInPEMFormat']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"x509\"", "misp:meta-category=\"network\"" ] } - MISP
{ "name": "x509", "meta-category": "network", "template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c", "description": "x509 object describing a X.509 certificate", "template_version": "14", "uuid": "5ac3444e-145c-4749-8467-02550a00020f", "Attribute": [ { "uuid": "dc9af2f9-69b2-4d9c-91d5-6ac64a86b2bb", "object_relation": "x509-fingerprint-md5", "value": "b2a5abfeef9e36964281a31e17b57c97", "type": "x509-fingerprint-md5", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "4d880c10-6189-4a31-8dd8-9ef252bffe3b", "object_relation": "x509-fingerprint-sha1", "value": "5898fc860300e228dcd54c0b1045b5fa0dcda502", "type": "x509-fingerprint-sha1", "disable_correlation": false, "to_ids": true, "category": "Network activity" }, { "uuid": "bef5bfee-964b-4e64-873d-bcecc900b8d1", "object_relation": "issuer", "value": "Issuer Name", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "21b3cf25-63b1-4968-baf9-35b22a1ea84a", "object_relation": "pubkey-info-algorithm", "value": "PublicKeyAlgorithm", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "b61b656d-fb19-424b-b05c-ad4fca550ef8", "object_relation": "pubkey-info-exponent", "value": "2", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "7aaf66ce-8722-4b7c-b78e-ea317ee9e4bd", "object_relation": "pubkey-info-modulus", "value": "C5", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "235bd723-be4f-408e-8b22-91c6d5d69957", "object_relation": "serial-number", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "b3c8e132-ecc2-4725-86be-ec1aa0d07068", "object_relation": "signature_algorithm", "value": "SHA1_WITH_RSA_ENCRYPTION", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "73f5a215-943a-42a1-a214-8cb08ccb0dd1", "object_relation": "subject", "value": "CertificateSubject", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "b38173c7-766b-4674-9635-74db86043b08", "object_relation": "version", "value": "1", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "edeb568b-9909-48bd-8eeb-07f269146f2d", "object_relation": "validity-not-after", "value": "2021-01-01T00:00:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "a6f5824e-993a-424d-b78e-8e682fa68261", "object_relation": "validity-not-before", "value": "2020-01-01T00:00:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "1ad2b58d-0f84-4ca7-964b-565e1830d6a1", "object_relation": "pem", "value": "RawCertificateInPEMFormat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" } - STIX - Observed Data
[ { "type": "observed-data", "id": "observed-data--5ac3444e-145c-4749-8467-02550a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "first_observed": "2020-10-25T16:22:00Z", "last_observed": "2020-10-25T16:22:00Z", "number_observed": 1, "objects": { "0": { "type": "x509-certificate", "hashes": { "MD5": "b2a5abfeef9e36964281a31e17b57c97", "SHA-1": "5898fc860300e228dcd54c0b1045b5fa0dcda502" }, "version": "1", "serial_number": "1234567890", "signature_algorithm": "SHA1_WITH_RSA_ENCRYPTION", "issuer": "Issuer Name", "validity_not_before": "2020-01-01T00:00:00Z", "validity_not_after": "2021-01-01T00:00:00Z", "subject": "CertificateSubject", "subject_public_key_algorithm": "PublicKeyAlgorithm", "subject_public_key_modulus": "C5", "subject_public_key_exponent": 2, "x_misp_pem": "RawCertificateInPEMFormat" } }, "labels": [ "misp:name=\"x509\"", "misp:meta-category=\"network\"" ] }, { "type": "indicator", "id": "indicator--5ac3444e-145c-4749-8467-02550a00020f", "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "pattern": "[x509-certificate:hashes.MD5 = 'b2a5abfeef9e36964281a31e17b57c97' AND x509-certificate:hashes.'SHA-1' = '5898fc860300e228dcd54c0b1045b5fa0dcda502' AND x509-certificate:issuer = 'Issuer Name']", "valid_from": "2020-10-25T16:22:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"x509\"", "misp:meta-category=\"network\"" ] }, { "type": "relationship", "id": "relationship--ef692888-dc5d-4f5c-85c2-b9a13f2ea85e", "created": "2020-10-25T16:22:00.000Z", "modified": "2020-10-25T16:22:00.000Z", "relationship_type": "based-on", "source_ref": "indicator--5ac3444e-145c-4749-8467-02550a00020f", "target_ref": "observed-data--5ac3444e-145c-4749-8467-02550a00020f" } ] - MISP
{ "name": "x509", "meta-category": "network", "template_uuid": "d1ab756a-26b5-4349-9f43-765630f0911c", "description": "x509 object describing a X.509 certificate", "template_version": "14", "uuid": "5ac3444e-145c-4749-8467-02550a00020f", "Attribute": [ { "uuid": "b06c5149-0eba-52a7-9596-c1fb78972e8b", "object_relation": "x509-fingerprint-md5", "value": "b2a5abfeef9e36964281a31e17b57c97", "type": "x509-fingerprint-md5", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac3444e-145c-4749-8467-02550a00020f" }, { "uuid": "2aef89be-a966-5a57-8fb3-df920a6b0ce1", "object_relation": "x509-fingerprint-sha1", "value": "5898fc860300e228dcd54c0b1045b5fa0dcda502", "type": "x509-fingerprint-sha1", "disable_correlation": false, "to_ids": true, "category": "Network activity", "comment": "Indicator ID: indicator--5ac3444e-145c-4749-8467-02550a00020f" }, { "uuid": "c474288b-9815-5386-8962-98cd0693356b", "object_relation": "issuer", "value": "Issuer Name", "type": "text", "disable_correlation": true, "to_ids": true, "category": "Other", "comment": "Indicator ID: indicator--5ac3444e-145c-4749-8467-02550a00020f" }, { "uuid": "eec944aa-e7c6-52fd-b5dd-088167885bc0", "object_relation": "serial-number", "value": "1234567890", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "376ff194-6879-5d02-b2e8-825c4c7135b3", "object_relation": "signature_algorithm", "value": "SHA1_WITH_RSA_ENCRYPTION", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "270e45ec-2122-5198-9c63-ab8b2e344e26", "object_relation": "subject", "value": "CertificateSubject", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "6dcff989-74ce-5023-b086-3a68bc9e9d17", "object_relation": "pubkey-info-algorithm", "value": "PublicKeyAlgorithm", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "627071bb-e5d0-59cf-b35e-9f66bea4c9ad", "object_relation": "pubkey-info-exponent", "value": "2", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "f1ffa85e-4b4d-5b28-84a9-a9f8bc072ca5", "object_relation": "pubkey-info-modulus", "value": "C5", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" }, { "uuid": "112442fe-a20d-5ccf-811c-68323fe93559", "object_relation": "validity-not-after", "value": "2021-01-01T00:00:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "c6a490f0-9e80-5d0f-aa58-2e8c15097ef8", "object_relation": "validity-not-before", "value": "2020-01-01T00:00:00+00:00", "type": "datetime", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "1cf6145b-54a5-54c9-b87f-27d21fe1ec7f", "object_relation": "version", "value": "1", "type": "text", "disable_correlation": true, "to_ids": false, "category": "Other" }, { "uuid": "87b91560-d6bd-5bd1-bd58-ef981db2469b", "object_relation": "pem", "value": "RawCertificateInPEMFormat", "type": "text", "disable_correlation": false, "to_ids": false, "category": "Other" } ], "distribution": "5", "sharing_group_id": "0", "timestamp": "1603642920" }
- STIX - Indicator