locsec/ceios
1
Форкнуть 0
зеркало из https://github.com/ceios/ceios.git synced 2025-10-29 12:06:04 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
ceios/builder/docs/_static/notpetya-excerpt.afb
Jim Andrew Morris 9f997913c0 Pushed builder to wrong folder 
changing the folder the disarm-attackflow builder was pushed to
2024-09-13 15:29:20 +09:30

1 строка
56 KiB
Plaintext
Исходник Постоянная ссылка Ответственный История

{"version":"0.1.0","id":"68e498a1-8968-408a-8bbd-5703458bba57","schema":{"page_template":"attack_flow_page","templates":[{"id":"@__builtin__page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"@__builtin__anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"@__builtin__line_handle","type":4,"role":0,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_source","type":3,"role":12288,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_target","type":3,"role":16384,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_horizontal_elbow","namespace":"horizontal_elbow","type":5,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"@__builtin__line_vertical_elbow","namespace":"vertical_elbow","type":6,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"attack_flow_page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true},"description":{"type":2},"scope":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["incident","Incident"],["campaign","Campaign"],["threat-actor","Threat Actor"],["malware","Malware"],["other","Other"]]},"value":"incident"},"author":{"type":6,"form":{"name":{"type":2,"is_primary":true},"identity_class":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["individual","Individual"],["group","Group"],["system","System"],["organization","Organization"],["class","Class"],["unknown","Unknown"]]}},"contact_information":{"type":2}}},"external_references":{"type":5,"form":{"type":6,"form":{"source_name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"url":{"type":2}}}}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"true_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"false_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"action","namespace":"attack_flow.action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"tactic_id":{"type":2},"tactic_ref":{"type":2},"technique_id":{"type":2},"technique_ref":{"type":2},"description":{"type":2},"confidence":{"type":4,"options":{"type":5,"form":{"type":6,"form":{"text":{"type":2,"is_primary":true},"value":{"type":0}}},"value":[["speculative",{"text":"Speculative","value":0}],["very-doubtful",{"text":"Very Doubtful","value":10}],["doubtful",{"text":"Doubtful","value":30}],["even-odds",{"text":"Even Odds","value":50}],["probable",{"text":"Probable","value":70}],["very-probable",{"text":"Very Probable","value":90}],["certain",{"text":"Certain","value":100}]]},"value":null},"execution_start":{"type":3},"execution_end":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#637bc9","stroke_color":"#708ce6","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"asset","namespace":"attack_flow.asset","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#c26130","stroke_color":"#e57339","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"condition","namespace":"attack_flow.condition","type":1,"role":4096,"properties":{"description":{"type":2,"is_primary":true,"is_required":true},"pattern":{"type":2},"pattern_type":{"type":2},"pattern_version":{"type":2}},"branches":[{"text":"True","anchor_template":"true_anchor"},{"text":"False","anchor_template":"false_anchor"}],"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#2a9642","stroke_color":"#32b34e","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"branch":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","vertical_padding":12,"horizontal_padding":30},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"or","namespace":"attack_flow.OR_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"OR","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"and","namespace":"attack_flow.AND_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"AND","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"attack-pattern","namespace":"stix_object.attack_pattern","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"campaign","namespace":"stix_object.campaign","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"objective":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"course-of-action","namespace":"stix_object.course_of_action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"action_type":{"type":2},"os_execution_envs":{"type":5,"form":{"type":2}},"action_bin":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"grouping","namespace":"stix_object.grouping","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"context":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"identity","namespace":"stix_object.identity","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true,"is_primary":true},"description":{"type":2},"roles":{"type":5,"form":{"type":2}},"identity_class":{"type":2,"is_required":true},"sectors":{"type":5,"form":{"type":2}},"contact_information":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"indicator","namespace":"stix_object.indicator","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"indicator_types":{"type":5,"form":{"type":2,"is_required":true}},"pattern":{"type":2,"is_required":true},"pattern_type":{"type":2,"is_required":true},"patter_version":{"type":2},"valid_from":{"type":3,"is_required":true},"valid_until":{"type":3},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"infrastructure","namespace":"stix_object.infrastructure","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"infrastructure_types":{"type":5,"form":{"type":2,"is_required":true}},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"intrusion-set","namespace":"stix_object.intrusion_set","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2},"is_required":true},"first_seen":{"type":3},"last_seen":{"type":3},"goals":{"type":5,"form":{"type":2}},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"location","namespace":"stix_object.location","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"latitude":{"type":1,"min":-90,"max":90},"longitude":{"type":1,"min":-180,"max":180},"precision":{"type":1},"region":{"type":2},"country":{"type":2},"administrative_area":{"type":2},"city":{"type":2},"street_address":{"type":2},"postal_code":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware","namespace":"stix_object.malware","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"malware_types":{"type":5,"form":{"type":2},"is_required":true},"is_family":{"type":2,"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"os_execution_envs":{"type":5,"form":{"type":2}},"architecture_execution_envs":{"type":5,"form":{"type":2}},"implementation_languages":{"type":5,"form":{"type":2}},"capabilities":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware_analysis","namespace":"stix_object.malware_analysis","type":2,"role":4096,"properties":{"product":{"type":2,"is_primary":true,"is_required":true},"version":{"type":2},"configuration_version":{"type":2},"modules":{"type":5,"form":{"type":2}},"analysis_engine_version":{"type":2},"analysis_definition_version":{"type":2},"submitted":{"type":3},"analysis_started":{"type":3},"analysis_ended":{"type":3},"av_result":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"note","namespace":"stix_object.note","type":2,"role":4096,"properties":{"abstract":{"type":2,"is_primary":true},"content":{"type":2,"is_required":true},"authors":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"observed-data","namespace":"stix_object.observed_data","type":2,"role":4096,"properties":{"first_observed":{"type":3,"is_required":true},"last_observed":{"type":3,"is_required":true},"number_observed":{"type":0,"min":0,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"opinion","namespace":"stix_object.opinion","type":2,"role":4096,"properties":{"explanation":{"type":2,"is_primary":true},"authors":{"type":5,"form":{"type":2}},"opinion":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"report","namespace":"stix_object.report","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"report_types":{"type":5,"form":{"type":2},"is_required":true},"published":{"type":3,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"threat-actor","namespace":"stix_object.threat_actor","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"threat_actor_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"roles":{"type":5,"form":{"type":2}},"goals":{"type":5,"form":{"type":2}},"sophistication":{"type":2},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}},"personal_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"tool","namespace":"stix_object.tool","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"tool_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"tool_version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"vulnerability","namespace":"stix_object.vulnerability","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"artifact","namespace":"stix_observable.artifact","type":2,"role":4096,"properties":{"mime_type":{"type":2},"payload_bin":{"type":2},"url":{"type":2},"hashes":{"type":2},"encryption_algorithm":{"type":2},"decryption_key":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"autonomous-system","namespace":"stix_observable.autonomous_system","type":2,"role":4096,"properties":{"number":{"type":2,"is_primary":true,"is_required":true},"name":{"type":2},"rir":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"directory","namespace":"stix_observable.directory","type":2,"role":4096,"properties":{"path":{"type":2,"is_primary":true,"is_required":true},"path_enc":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"domain-name","namespace":"stix_observable.domain_name","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email_address","namespace":"stix_observable.email_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true},"display_name":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email-message","namespace":"stix_observable.email_message","type":2,"role":4096,"properties":{"is_multipart":{"type":2,"is_required":true},"date":{"type":2},"content_type":{"type":2},"message_id":{"type":2},"subject":{"type":2,"is_primary":true},"received_lines":{"type":2},"additional_header_fields":{"type":2},"body":{"type":2},"body_multipart":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"file","namespace":"stix_observable.file","type":2,"role":4096,"properties":{"hashes":{"type":2},"size":{"type":2},"name":{"type":2,"is_primary":true},"name_enc":{"type":2},"magic_number_hex":{"type":2},"mime_type":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv4-address","namespace":"stix_observable.ipv4_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv6-address","namespace":"stix_observable.ipv6_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mac-address","namespace":"stix_observable.mac_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mutex","namespace":"stix_observable.mutex","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"network-traffic","namespace":"stix_observable.network_traffic","type":2,"role":4096,"properties":{"start":{"type":3},"end":{"type":3},"is_active":{"type":2},"src_port":{"type":0,"min":0,"max":65535},"dst_port":{"type":0,"min":0,"max":65535},"protocols":{"type":5,"form":{"type":2},"is_required":true},"src_byte_count":{"type":0,"min":0},"dst_byte_count":{"type":0,"min":0},"src_packets":{"type":0,"min":0},"dst_packets":{"type":0,"min":0},"ipfix":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"process","namespace":"stix_observable.process","type":2,"role":4096,"properties":{"is_hidden":{"type":2},"pid":{"type":0,"min":0},"created_time":{"type":3},"cwd":{"type":2},"command_line":{"type":2,"is_required":true},"environment_variables":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"software","namespace":"stix_observable.software","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"cpe":{"type":2},"languages":{"type":5,"form":{"type":2}},"vendor":{"type":2},"version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"url","namespace":"stix_observable.url","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"user-account","namespace":"stix_observable.user_account","type":2,"role":4096,"properties":{"user_id":{"type":2},"credential":{"type":2},"account_login":{"type":2},"account_type":{"type":2},"display_name":{"type":2,"is_primary":true,"is_required":true},"is_service_account":{"type":2},"is_privileged":{"type":2},"can_escalate_privs":{"type":2},"is_disabled":{"type":2},"account_created":{"type":3},"account_expires":{"type":3},"credential_last_changed":{"type":3},"account_first_login":{"type":3},"account_last_login":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"windows-registry-key","namespace":"stix_observable.windows_registry_key","type":2,"role":4096,"properties":{"key":{"type":2,"is_primary":true},"values":{"type":5,"form":{"type":2}},"modified_time":{"type":3},"number_of_subkeys":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"x509-certificate","namespace":"stix_observable.x509_certificate","type":2,"role":4096,"properties":{"subject":{"type":2,"is_primary":true,"is_required":true},"is_self_signed":{"type":2},"hashes":{"type":2},"version":{"type":2},"serial_number":{"type":2},"signature_algorithm":{"type":2},"issuer":{"type":2},"validity_not_before":{"type":3},"validity_not_after":{"type":3},"subject_public_key_algorithm":{"type":2},"subject_public_key_modulus":{"type":2},"subject_public_key_exponent":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}}]},"objects":[{"id":"68e498a1-8968-408a-8bbd-5703458bba57","x":-160,"y":-125,"attrs":0,"template":"attack_flow_page","children":["bfd22bbf-c196-4731-aca2-b137618137e7","837672e6-f8ec-4192-9f16-c4085f32523b","d9239ddc-d6b7-4489-a485-0dccb7aa6d4e"],"properties":[["name","notpetya-excerpt"],["description",null],["scope","3e072748feb6ecd1b1ba397704e009c0"],["author",[["name",null],["identity_class",null],["contact_information",null]]],["external_references",[]]]},{"id":"bfd22bbf-c196-4731-aca2-b137618137e7","x":-160,"y":-280,"attrs":256,"template":"action","children":["6d0ce6a2-e44c-40ff-aec0-12d99064d573","e4d5e9a4-865d-4072-aa95-6a0f005d96c3","f88b9622-4208-48c3-b347-757b33adfff5","739f49eb-e077-4357-b1d8-44a5692cc546","0b4df1a8-aa9b-4287-ba5b-4fce8f43eb27","551e55d7-468e-49e3-ad21-b5bafb93ee12","ce1ffa86-7c92-407d-bd12-724e2e297da5","0eef9a34-d4ba-4263-902e-b631b73c70b5","82f1f55b-9067-477c-92c4-974476b743b6","a71e8491-c80d-43e9-9b2c-0c8b2014307a","59fd1d6e-4851-4396-a52e-0b07cd5f26a6","884762aa-8a74-42a7-94b9-b472b825a4e4"],"properties":[["name","Scheduled Task/Job: Scheduled Task"],["tactic_id",null],["tactic_ref",null],["technique_id","T1053.005"],["technique_ref",null],["description","NotPetya creates a scheduled task that triggers a reboot 60 min after execution by default"],["confidence","aa2907df37d7e12aa35297140bf06abc"],["execution_start",null],["execution_end",null]]},{"id":"837672e6-f8ec-4192-9f16-c4085f32523b","x":-160,"y":40,"attrs":256,"template":"action","children":["e03c547c-e899-4136-b497-24ae4e9560ac","b67a900f-77d2-4b57-95a5-f4183d88b24d","f5cc3b1e-5214-490d-9d89-e05c307facf7","f16d9095-c804-4e35-b668-3d70774e2de9","6cdd9420-3adf-41a2-8be1-bd894de7532a","ca5e3d0b-0b06-49ad-8e8d-1f870563a42d","12fae2ff-d6bb-48a7-a5ee-2306c3226284","02b2a5de-f45f-4ff1-bc98-68fcf6d13b6f","225beef3-65b7-4c68-89c9-00578709a193","82159882-4a69-45dc-9a39-9fafe4b7c86a","6cfe3e69-f02b-4baf-aa44-185e927394ec","bb0a8a86-d232-4647-b1ab-da8ed6a40bae"],"properties":[["name","System Shutdown/Reboot"],["tactic_id",null],["tactic_ref",null],["technique_id","T1529"],["technique_ref",null],["description","System reboots and displays decoy message."],["confidence","aa2907df37d7e12aa35297140bf06abc"],["execution_start",null],["execution_end",null]]},{"id":"d9239ddc-d6b7-4489-a485-0dccb7aa6d4e","x":-160,"y":-115,"attrs":0,"template":"@__builtin__line_vertical_elbow","children":["22924772-2630-4626-b3e3-294e8b1d3c6e","e02777c1-d32c-4828-8ec7-7eb401f0441b","39a29f81-7a97-4d0b-b76c-77f95e0512e3"],"properties":[]},{"id":"6d0ce6a2-e44c-40ff-aec0-12d99064d573","x":-250.5,"y":-406,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"e4d5e9a4-865d-4072-aa95-6a0f005d96c3","x":-160,"y":-406,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"f88b9622-4208-48c3-b347-757b33adfff5","x":-69.5,"y":-406,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"739f49eb-e077-4357-b1d8-44a5692cc546","x":21,"y":-343,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"0b4df1a8-aa9b-4287-ba5b-4fce8f43eb27","x":21,"y":-280,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"551e55d7-468e-49e3-ad21-b5bafb93ee12","x":21,"y":-217,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"ce1ffa86-7c92-407d-bd12-724e2e297da5","x":-69.5,"y":-154,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"0eef9a34-d4ba-4263-902e-b631b73c70b5","x":-160,"y":-154,"attrs":0,"template":"@__builtin__anchor","children":["22924772-2630-4626-b3e3-294e8b1d3c6e"],"properties":[],"angle":1},{"id":"82f1f55b-9067-477c-92c4-974476b743b6","x":-250.5,"y":-154,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"a71e8491-c80d-43e9-9b2c-0c8b2014307a","x":-341,"y":-217,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"59fd1d6e-4851-4396-a52e-0b07cd5f26a6","x":-341,"y":-280,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"884762aa-8a74-42a7-94b9-b472b825a4e4","x":-341,"y":-343,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"e03c547c-e899-4136-b497-24ae4e9560ac","x":-246,"y":-76,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"b67a900f-77d2-4b57-95a5-f4183d88b24d","x":-160,"y":-76,"attrs":0,"template":"@__builtin__anchor","children":["39a29f81-7a97-4d0b-b76c-77f95e0512e3"],"properties":[],"angle":1},{"id":"f5cc3b1e-5214-490d-9d89-e05c307facf7","x":-74,"y":-76,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"f16d9095-c804-4e35-b668-3d70774e2de9","x":12,"y":-18,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"6cdd9420-3adf-41a2-8be1-bd894de7532a","x":12,"y":40,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"ca5e3d0b-0b06-49ad-8e8d-1f870563a42d","x":12,"y":98,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"12fae2ff-d6bb-48a7-a5ee-2306c3226284","x":-74,"y":156,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"02b2a5de-f45f-4ff1-bc98-68fcf6d13b6f","x":-160,"y":156,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"225beef3-65b7-4c68-89c9-00578709a193","x":-246,"y":156,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"82159882-4a69-45dc-9a39-9fafe4b7c86a","x":-332,"y":98,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"6cfe3e69-f02b-4baf-aa44-185e927394ec","x":-332,"y":40,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"bb0a8a86-d232-4647-b1ab-da8ed6a40bae","x":-332,"y":-18,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"22924772-2630-4626-b3e3-294e8b1d3c6e","x":-160,"y":-154,"attrs":0,"template":"@__builtin__line_source","children":[],"properties":[]},{"id":"e02777c1-d32c-4828-8ec7-7eb401f0441b","x":-160,"y":-115,"attrs":0,"template":"@__builtin__line_handle","children":[],"properties":[]},{"id":"39a29f81-7a97-4d0b-b76c-77f95e0512e3","x":-160,"y":-76,"attrs":0,"template":"@__builtin__line_target","children":[],"properties":[]}],"location":{"x":-1,"y":-2,"k":1}}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку