зеркало из
https://github.com/ceios/ceios.git
synced 2025-10-30 04:26:04 +02:00
e255529523
Modified version of the AttackFlow Builder from MITRE. Includes DISARM framework components with full integration of QOL and STIX objects.
1 строка
56 KiB
Plaintext
1 строка
56 KiB
Plaintext
{"version":"0.1.0","id":"46af138f-b8c2-4432-9777-41eec8a53ca6","schema":{"page_template":"attack_flow_page","templates":[{"id":"@__builtin__page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"@__builtin__anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"@__builtin__line_handle","type":4,"role":0,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_source","type":3,"role":12288,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_target","type":3,"role":16384,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_horizontal_elbow","namespace":"horizontal_elbow","type":5,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"@__builtin__line_vertical_elbow","namespace":"vertical_elbow","type":6,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"attack_flow_page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true},"description":{"type":2},"scope":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["incident","Incident"],["campaign","Campaign"],["threat-actor","Threat Actor"],["malware","Malware"],["other","Other"]]},"value":"incident"},"author":{"type":6,"form":{"name":{"type":2,"is_primary":true},"identity_class":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["individual","Individual"],["group","Group"],["system","System"],["organization","Organization"],["class","Class"],["unknown","Unknown"]]}},"contact_information":{"type":2}}},"external_references":{"type":5,"form":{"type":6,"form":{"source_name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"url":{"type":2}}}}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"true_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"false_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"action","namespace":"attack_flow.action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"tactic_id":{"type":2},"tactic_ref":{"type":2},"technique_id":{"type":2},"technique_ref":{"type":2},"description":{"type":2},"confidence":{"type":4,"options":{"type":5,"form":{"type":6,"form":{"text":{"type":2,"is_primary":true},"value":{"type":0}}},"value":[["speculative",{"text":"Speculative","value":0}],["very-doubtful",{"text":"Very Doubtful","value":10}],["doubtful",{"text":"Doubtful","value":30}],["even-odds",{"text":"Even Odds","value":50}],["probable",{"text":"Probable","value":70}],["very-probable",{"text":"Very Probable","value":90}],["certain",{"text":"Certain","value":100}]]},"value":"probable"},"execution_start":{"type":3},"execution_end":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#637bc9","stroke_color":"#708ce6","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"asset","namespace":"attack_flow.asset","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#c26130","stroke_color":"#e57339","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"condition","namespace":"attack_flow.condition","type":1,"role":4096,"properties":{"description":{"type":2,"is_primary":true,"is_required":true},"pattern":{"type":2},"pattern_type":{"type":2},"pattern_version":{"type":2}},"branches":[{"text":"True","anchor_template":"true_anchor"},{"text":"False","anchor_template":"false_anchor"}],"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#2a9642","stroke_color":"#32b34e","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"branch":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","vertical_padding":12,"horizontal_padding":30},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"or","namespace":"attack_flow.OR_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"AND","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"and","namespace":"attack_flow.AND_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"AND","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"attack-pattern","namespace":"stix_object.attack_pattern","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"campaign","namespace":"stix_object.campaign","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"objective":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"course-of-action","namespace":"stix_object.course_of_action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"action_type":{"type":2},"os_execution_envs":{"type":5,"form":{"type":2}},"action_bin":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"grouping","namespace":"stix_object.grouping","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"context":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"identity","namespace":"stix_object.identity","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true,"is_primary":true},"description":{"type":2},"roles":{"type":5,"form":{"type":2}},"identity_class":{"type":2,"is_required":true},"sectors":{"type":5,"form":{"type":2}},"contact_information":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"indicator","namespace":"stix_object.indicator","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"indicator_types":{"type":5,"form":{"type":2,"is_required":true}},"pattern":{"type":2,"is_required":true},"pattern_type":{"type":2,"is_required":true},"patter_version":{"type":2},"valid_from":{"type":3,"is_required":true},"valid_until":{"type":3},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"infrastructure","namespace":"stix_object.infrastructure","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"infrastructure_types":{"type":5,"form":{"type":2,"is_required":true}},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"intrusion-set","namespace":"stix_object.intrusion_set","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2},"is_required":true},"first_seen":{"type":3},"last_seen":{"type":3},"goals":{"type":5,"form":{"type":2}},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"location","namespace":"stix_object.location","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"latitude":{"type":1,"min":-90,"max":90},"longitude":{"type":1,"min":-180,"max":180},"precision":{"type":1},"region":{"type":2},"country":{"type":2},"administrative_area":{"type":2},"city":{"type":2},"street_address":{"type":2},"postal_code":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware","namespace":"stix_object.malware","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"malware_types":{"type":5,"form":{"type":2},"is_required":true},"is_family":{"type":2,"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"os_execution_envs":{"type":5,"form":{"type":2}},"architecture_execution_envs":{"type":5,"form":{"type":2}},"implementation_languages":{"type":5,"form":{"type":2}},"capabilities":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware_analysis","namespace":"stix_object.malware_analysis","type":2,"role":4096,"properties":{"product":{"type":2,"is_primary":true,"is_required":true},"version":{"type":2},"configuration_version":{"type":2},"modules":{"type":5,"form":{"type":2}},"analysis_engine_version":{"type":2},"analysis_definition_version":{"type":2},"submitted":{"type":3},"analysis_started":{"type":3},"analysis_ended":{"type":3},"av_result":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"note","namespace":"stix_object.note","type":2,"role":4096,"properties":{"abstract":{"type":2,"is_primary":true},"content":{"type":2,"is_required":true},"authors":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"observed-data","namespace":"stix_object.observed_data","type":2,"role":4096,"properties":{"first_observed":{"type":3,"is_required":true},"last_observed":{"type":3,"is_required":true},"number_observed":{"type":0,"min":0,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"opinion","namespace":"stix_object.opinion","type":2,"role":4096,"properties":{"explanation":{"type":2,"is_primary":true},"authors":{"type":5,"form":{"type":2}},"opinion":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"report","namespace":"stix_object.report","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"report_types":{"type":5,"form":{"type":2},"is_required":true},"published":{"type":3,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"threat-actor","namespace":"stix_object.threat_actor","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"threat_actor_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"roles":{"type":5,"form":{"type":2}},"goals":{"type":5,"form":{"type":2}},"sophistication":{"type":2},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}},"personal_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"tool","namespace":"stix_object.tool","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"tool_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"tool_version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"vulnerability","namespace":"stix_object.vulnerability","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"artifact","namespace":"stix_observable.artifact","type":2,"role":4096,"properties":{"mime_type":{"type":2},"payload_bin":{"type":2},"url":{"type":2},"hashes":{"type":2},"encryption_algorithm":{"type":2},"decryption_key":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"autonomous-system","namespace":"stix_observable.autonomous_system","type":2,"role":4096,"properties":{"number":{"type":2,"is_primary":true,"is_required":true},"name":{"type":2},"rir":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"directory","namespace":"stix_observable.directory","type":2,"role":4096,"properties":{"path":{"type":2,"is_primary":true,"is_required":true},"path_enc":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"domain-name","namespace":"stix_observable.domain_name","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email_address","namespace":"stix_observable.email_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true},"display_name":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email-message","namespace":"stix_observable.email_message","type":2,"role":4096,"properties":{"is_multipart":{"type":2,"is_required":true},"date":{"type":2},"content_type":{"type":2},"message_id":{"type":2},"subject":{"type":2,"is_primary":true},"received_lines":{"type":2},"additional_header_fields":{"type":2},"body":{"type":2},"body_multipart":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"file","namespace":"stix_observable.file","type":2,"role":4096,"properties":{"hashes":{"type":2},"size":{"type":2},"name":{"type":2,"is_primary":true},"name_enc":{"type":2},"magic_number_hex":{"type":2},"mime_type":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv4-address","namespace":"stix_observable.ipv4_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv6-address","namespace":"stix_observable.ipv6_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mac-address","namespace":"stix_observable.mac_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mutex","namespace":"stix_observable.mutex","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"network-traffic","namespace":"stix_observable.network_traffic","type":2,"role":4096,"properties":{"start":{"type":3},"end":{"type":3},"is_active":{"type":2},"src_port":{"type":0,"min":0,"max":65535},"dst_port":{"type":0,"min":0,"max":65535},"protocols":{"type":5,"form":{"type":2},"is_required":true},"src_byte_count":{"type":0,"min":0},"dst_byte_count":{"type":0,"min":0},"src_packets":{"type":0,"min":0},"dst_packets":{"type":0,"min":0},"ipfix":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"process","namespace":"stix_observable.process","type":2,"role":4096,"properties":{"is_hidden":{"type":2},"pid":{"type":0,"min":0},"created_time":{"type":3},"cwd":{"type":2},"command_line":{"type":2,"is_required":true},"environment_variables":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"software","namespace":"stix_observable.software","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"cpe":{"type":2},"languages":{"type":5,"form":{"type":2}},"vendor":{"type":2},"version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"url","namespace":"stix_observable.url","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"user-account","namespace":"stix_observable.user_account","type":2,"role":4096,"properties":{"user_id":{"type":2},"credential":{"type":2},"account_login":{"type":2},"account_type":{"type":2},"display_name":{"type":2,"is_primary":true,"is_required":true},"is_service_account":{"type":2},"is_privileged":{"type":2},"can_escalate_privs":{"type":2},"is_disabled":{"type":2},"account_created":{"type":3},"account_expires":{"type":3},"credential_last_changed":{"type":3},"account_first_login":{"type":3},"account_last_login":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"windows-registry-key","namespace":"stix_observable.windows_registry_key","type":2,"role":4096,"properties":{"key":{"type":2,"is_primary":true},"values":{"type":5,"form":{"type":2}},"modified_time":{"type":3},"number_of_subkeys":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"x509-certificate","namespace":"stix_observable.x509_certificate","type":2,"role":4096,"properties":{"subject":{"type":2,"is_primary":true,"is_required":true},"is_self_signed":{"type":2},"hashes":{"type":2},"version":{"type":2},"serial_number":{"type":2},"signature_algorithm":{"type":2},"issuer":{"type":2},"validity_not_before":{"type":3},"validity_not_after":{"type":3},"subject_public_key_algorithm":{"type":2},"subject_public_key_modulus":{"type":2},"subject_public_key_exponent":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}}]},"objects":[{"id":"46af138f-b8c2-4432-9777-41eec8a53ca6","x":-140,"y":-210,"attrs":0,"template":"attack_flow_page","children":["bce4a2c6-e445-4a7e-8f3f-0753dede64bd","d58ae960-0f2e-44a2-b614-a61a108effd7","196254f7-5e1a-4c30-a5ef-16d7289f6dca"],"properties":[["name","action"],["description",null],["scope","3e072748feb6ecd1b1ba397704e009c0"],["author",[["name",null],["identity_class",null],["contact_information",null]]],["external_references",[]]]},{"id":"bce4a2c6-e445-4a7e-8f3f-0753dede64bd","x":-140,"y":-350,"attrs":0,"template":"action","children":["4affb833-78d5-4fcc-a718-aaa1d712245f","5b91a661-55f2-4e03-9aa4-151ad8cfee15","17cb875b-87d2-4e71-9e21-ae06b6e7287c","3bf1f5ac-944a-4794-9dda-97fc2f77dd09","ee20692e-797e-49f8-929c-cdbbf9799658","2bc945f8-71c7-4409-bcdb-f9a5973cb74b","69ecddf8-e9cd-4079-b323-cdcd3dc1943b","af086697-6d8d-498d-9889-1c9b34e9497c","95604952-2c9a-43b9-b140-c59f10d88ff7","e68e45fe-387f-48c3-a52e-3b29cb37bbf1","d2231cb5-6166-437f-b9b3-5e26db24a267","e91b2bd6-b88c-41f1-83ff-cf38a682803d"],"properties":[["name","Phishing: Spearphishing Attachment"],["tactic_id","T1566.001"],["tactic_ref",null],["technique_id",null],["technique_ref",null],["description","The adversary sends the victim a spearphishing email with a malicious attachment."],["confidence",null],["execution_start",null],["execution_end",null]]},{"id":"d58ae960-0f2e-44a2-b614-a61a108effd7","x":-140,"y":-70,"attrs":256,"template":"action","children":["a78cc12b-7bb9-4ccf-b4df-073eeedba14e","2cd6834a-cbac-4d31-90cb-48036a7d8ee0","b17c10c1-0d4b-4ac5-92f4-b96a5b6007fd","d1aa571c-30ad-4145-9fe1-399d91a0f1eb","bd32e077-b4a6-4a24-88c3-680d82577e20","715ce38a-346a-47c9-8f7e-7e6da8914c8a","da9b4eaa-2a7a-470e-8b33-867c1fdf02ce","4ed8865e-da0f-46db-889f-4f64d66df7ad","a34327de-7bf0-43a9-90aa-5f60a82e593b","e784666b-a5f5-49c4-9f4a-fc8a2b438e95","b44b3fcf-fc83-40e9-9db8-7cc5798758e2","9387ae0a-6031-4187-bb48-3f4713e31937"],"properties":[["name","User Execution: Malicious File"],["tactic_id","T1204.002"],["tactic_ref",null],["technique_id",null],["technique_ref",null],["description","The user opens the malicious attachment and the payload executes."],["confidence",null],["execution_start",null],["execution_end",null]]},{"id":"196254f7-5e1a-4c30-a5ef-16d7289f6dca","x":-140,"y":-210,"attrs":0,"template":"@__builtin__line_vertical_elbow","children":["06b6b4f5-4ab7-48c5-92da-bf92129bd18c","334345fd-0d45-497b-831a-04c400a39288","e8122e12-9f10-4e73-84d1-5cb7ea813b6c"],"properties":[]},{"id":"4affb833-78d5-4fcc-a718-aaa1d712245f","x":-229.5,"y":-450,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"5b91a661-55f2-4e03-9aa4-151ad8cfee15","x":-140,"y":-450,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"17cb875b-87d2-4e71-9e21-ae06b6e7287c","x":-50.5,"y":-450,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"3bf1f5ac-944a-4794-9dda-97fc2f77dd09","x":40,"y":-400,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"ee20692e-797e-49f8-929c-cdbbf9799658","x":40,"y":-350,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"2bc945f8-71c7-4409-bcdb-f9a5973cb74b","x":40,"y":-300,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"69ecddf8-e9cd-4079-b323-cdcd3dc1943b","x":-50.5,"y":-250,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"af086697-6d8d-498d-9889-1c9b34e9497c","x":-140,"y":-250,"attrs":0,"template":"@__builtin__anchor","children":["06b6b4f5-4ab7-48c5-92da-bf92129bd18c"],"properties":[],"angle":1},{"id":"95604952-2c9a-43b9-b140-c59f10d88ff7","x":-229.5,"y":-250,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"e68e45fe-387f-48c3-a52e-3b29cb37bbf1","x":-319,"y":-300,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"d2231cb5-6166-437f-b9b3-5e26db24a267","x":-319,"y":-350,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"e91b2bd6-b88c-41f1-83ff-cf38a682803d","x":-319,"y":-400,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"a78cc12b-7bb9-4ccf-b4df-073eeedba14e","x":-226,"y":-170,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"2cd6834a-cbac-4d31-90cb-48036a7d8ee0","x":-140,"y":-170,"attrs":0,"template":"@__builtin__anchor","children":["e8122e12-9f10-4e73-84d1-5cb7ea813b6c"],"properties":[],"angle":1},{"id":"b17c10c1-0d4b-4ac5-92f4-b96a5b6007fd","x":-54,"y":-170,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"d1aa571c-30ad-4145-9fe1-399d91a0f1eb","x":32,"y":-120,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"bd32e077-b4a6-4a24-88c3-680d82577e20","x":32,"y":-70,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"715ce38a-346a-47c9-8f7e-7e6da8914c8a","x":32,"y":-20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"da9b4eaa-2a7a-470e-8b33-867c1fdf02ce","x":-54,"y":30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"4ed8865e-da0f-46db-889f-4f64d66df7ad","x":-140,"y":30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"a34327de-7bf0-43a9-90aa-5f60a82e593b","x":-226,"y":30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"e784666b-a5f5-49c4-9f4a-fc8a2b438e95","x":-312,"y":-20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"b44b3fcf-fc83-40e9-9db8-7cc5798758e2","x":-312,"y":-70,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"9387ae0a-6031-4187-bb48-3f4713e31937","x":-312,"y":-120,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"06b6b4f5-4ab7-48c5-92da-bf92129bd18c","x":-140,"y":-250,"attrs":0,"template":"@__builtin__line_source","children":[],"properties":[]},{"id":"334345fd-0d45-497b-831a-04c400a39288","x":-140,"y":-210,"attrs":0,"template":"@__builtin__line_handle","children":[],"properties":[]},{"id":"e8122e12-9f10-4e73-84d1-5cb7ea813b6c","x":-140,"y":-170,"attrs":0,"template":"@__builtin__line_target","children":[],"properties":[]}],"location":{"x":0,"y":0,"k":1}} |