locsec/ceios
1
Форкнуть 0
зеркало из https://github.com/ceios/ceios.git synced 2025-10-29 20:16:05 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
ceios/database/docs/_static/attack-paths.afb
Jim Andrew Morris e255529523 Uploading the Disarm-AttackFlow Builder 
Modified version of the AttackFlow Builder from MITRE. Includes DISARM framework components with full integration of QOL and STIX objects.
2024-09-13 15:20:35 +09:30

1 строка
59 KiB
Plaintext
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{"version":"0.1.0","id":"feb4bba4-b246-45a1-b9c0-7e00c26a1fad","schema":{"page_template":"attack_flow_page","templates":[{"id":"@__builtin__page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"@__builtin__anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"@__builtin__line_handle","type":4,"role":0,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_source","type":3,"role":12288,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_target","type":3,"role":16384,"style":{"radius":6,"fill_color":"#fedb22","stroke_color":"#141414","stroke_width":1.5}},{"id":"@__builtin__line_horizontal_elbow","namespace":"horizontal_elbow","type":5,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"@__builtin__line_vertical_elbow","namespace":"vertical_elbow","type":6,"role":8192,"hitbox_width":20,"line_handle_template":"@__builtin__line_handle","line_ending_template":{"source":"@__builtin__line_source","target":"@__builtin__line_target"},"style":{"width":5,"cap_size":16,"color":"#646464","select_color":"#646464"}},{"id":"attack_flow_page","type":7,"role":0,"grid":[10,10],"properties":{"name":{"type":2,"value":"Untitled Document","is_primary":true},"description":{"type":2},"scope":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["incident","Incident"],["campaign","Campaign"],["threat-actor","Threat Actor"],["malware","Malware"],["other","Other"]]},"value":"incident"},"author":{"type":6,"form":{"name":{"type":2,"is_primary":true},"identity_class":{"type":4,"options":{"type":5,"form":{"type":2},"value":[["individual","Individual"],["group","Group"],["system","System"],["organization","Organization"],["class","Class"],["unknown","Unknown"]]}},"contact_information":{"type":2}}},"external_references":{"type":5,"form":{"type":6,"form":{"source_name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"url":{"type":2}}}}},"style":{"grid_color":"#1d1d1d","background_color":"#141414","drop_shadow":{"color":"rgba(0,0,0,.4)","offset":[3,3]}}},{"id":"true_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"false_anchor","type":0,"role":0,"radius":10,"line_templates":{"0":"@__builtin__line_horizontal_elbow","1":"@__builtin__line_vertical_elbow"},"style":{"color":"rgba(255, 255, 255, 0.25)"}},{"id":"action","namespace":"attack_flow.action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"tactic_id":{"type":2},"tactic_ref":{"type":2},"technique_id":{"type":2},"technique_ref":{"type":2},"description":{"type":2},"confidence":{"type":4,"options":{"type":5,"form":{"type":6,"form":{"text":{"type":2,"is_primary":true},"value":{"type":0}}},"value":[["speculative",{"text":"Speculative","value":0}],["very-doubtful",{"text":"Very Doubtful","value":10}],["doubtful",{"text":"Doubtful","value":30}],["even-odds",{"text":"Even Odds","value":50}],["probable",{"text":"Probable","value":70}],["very-probable",{"text":"Very Probable","value":90}],["certain",{"text":"Certain","value":100}]]},"value":"probable"},"execution_start":{"type":3},"execution_end":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#637bc9","stroke_color":"#708ce6","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"asset","namespace":"attack_flow.asset","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#c26130","stroke_color":"#e57339","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"condition","namespace":"attack_flow.condition","type":1,"role":4096,"properties":{"description":{"type":2,"is_primary":true,"is_required":true},"pattern":{"type":2},"pattern_type":{"type":2},"pattern_version":{"type":2}},"branches":[{"text":"True","anchor_template":"true_anchor"},{"text":"False","anchor_template":"false_anchor"}],"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#2a9642","stroke_color":"#32b34e","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"branch":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","vertical_padding":12,"horizontal_padding":30},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"or","namespace":"attack_flow.OR_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"AND","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"and","namespace":"attack_flow.AND_operator","type":8,"role":4096,"properties":{"text":{"type":2,"value":"AND","is_primary":true,"is_visible":false,"is_editable":false}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"fill_color":"#c94040","stroke_color":"#dd5050","text":{"font":{"family":"Inter","size":"14pt","weight":800},"color":"#d8d8d8","line_height":24},"border_radius":13,"select_outline":{"color":"#e6d845","padding":4,"border_radius":19},"anchor_markers":{"color":"#ffffff","size":3},"vertical_padding":18,"horizontal_padding":35}},{"id":"attack-pattern","namespace":"stix_object.attack_pattern","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"campaign","namespace":"stix_object.campaign","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"objective":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"course-of-action","namespace":"stix_object.course_of_action","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"action_type":{"type":2},"os_execution_envs":{"type":5,"form":{"type":2}},"action_bin":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"grouping","namespace":"stix_object.grouping","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"context":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"identity","namespace":"stix_object.identity","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true,"is_primary":true},"description":{"type":2},"roles":{"type":5,"form":{"type":2}},"identity_class":{"type":2,"is_required":true},"sectors":{"type":5,"form":{"type":2}},"contact_information":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"indicator","namespace":"stix_object.indicator","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"indicator_types":{"type":5,"form":{"type":2,"is_required":true}},"pattern":{"type":2,"is_required":true},"pattern_type":{"type":2,"is_required":true},"patter_version":{"type":2},"valid_from":{"type":3,"is_required":true},"valid_until":{"type":3},"kill_chain_phases":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"infrastructure","namespace":"stix_object.infrastructure","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"infrastructure_types":{"type":5,"form":{"type":2,"is_required":true}},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"intrusion-set","namespace":"stix_object.intrusion_set","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"aliases":{"type":5,"form":{"type":2},"is_required":true},"first_seen":{"type":3},"last_seen":{"type":3},"goals":{"type":5,"form":{"type":2}},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"location","namespace":"stix_object.location","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"latitude":{"type":1,"min":-90,"max":90},"longitude":{"type":1,"min":-180,"max":180},"precision":{"type":1},"region":{"type":2},"country":{"type":2},"administrative_area":{"type":2},"city":{"type":2},"street_address":{"type":2},"postal_code":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware","namespace":"stix_object.malware","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true},"description":{"type":2},"malware_types":{"type":5,"form":{"type":2},"is_required":true},"is_family":{"type":2,"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"os_execution_envs":{"type":5,"form":{"type":2}},"architecture_execution_envs":{"type":5,"form":{"type":2}},"implementation_languages":{"type":5,"form":{"type":2}},"capabilities":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"malware_analysis","namespace":"stix_object.malware_analysis","type":2,"role":4096,"properties":{"product":{"type":2,"is_primary":true,"is_required":true},"version":{"type":2},"configuration_version":{"type":2},"modules":{"type":5,"form":{"type":2}},"analysis_engine_version":{"type":2},"analysis_definition_version":{"type":2},"submitted":{"type":3},"analysis_started":{"type":3},"analysis_ended":{"type":3},"av_result":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"note","namespace":"stix_object.note","type":2,"role":4096,"properties":{"abstract":{"type":2,"is_primary":true},"content":{"type":2,"is_required":true},"authors":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"observed-data","namespace":"stix_object.observed_data","type":2,"role":4096,"properties":{"first_observed":{"type":3,"is_required":true},"last_observed":{"type":3,"is_required":true},"number_observed":{"type":0,"min":0,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"opinion","namespace":"stix_object.opinion","type":2,"role":4096,"properties":{"explanation":{"type":2,"is_primary":true},"authors":{"type":5,"form":{"type":2}},"opinion":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"report","namespace":"stix_object.report","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"report_types":{"type":5,"form":{"type":2},"is_required":true},"published":{"type":3,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"threat-actor","namespace":"stix_object.threat_actor","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"threat_actor_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"first_seen":{"type":3},"last_seen":{"type":3},"roles":{"type":5,"form":{"type":2}},"goals":{"type":5,"form":{"type":2}},"sophistication":{"type":2},"resource_level":{"type":2},"primary_motivation":{"type":2},"secondary_motivations":{"type":5,"form":{"type":2}},"personal_motivations":{"type":5,"form":{"type":2}}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"tool","namespace":"stix_object.tool","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2},"tool_types":{"type":5,"form":{"type":2},"is_required":true},"aliases":{"type":5,"form":{"type":2}},"kill_chain_phases":{"type":5,"form":{"type":2}},"tool_version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"vulnerability","namespace":"stix_object.vulnerability","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"description":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"artifact","namespace":"stix_observable.artifact","type":2,"role":4096,"properties":{"mime_type":{"type":2},"payload_bin":{"type":2},"url":{"type":2},"hashes":{"type":2},"encryption_algorithm":{"type":2},"decryption_key":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"autonomous-system","namespace":"stix_observable.autonomous_system","type":2,"role":4096,"properties":{"number":{"type":2,"is_primary":true,"is_required":true},"name":{"type":2},"rir":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"directory","namespace":"stix_observable.directory","type":2,"role":4096,"properties":{"path":{"type":2,"is_primary":true,"is_required":true},"path_enc":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"domain-name","namespace":"stix_observable.domain_name","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email_address","namespace":"stix_observable.email_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true},"display_name":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"email-message","namespace":"stix_observable.email_message","type":2,"role":4096,"properties":{"is_multipart":{"type":2,"is_required":true},"date":{"type":2},"content_type":{"type":2},"message_id":{"type":2},"subject":{"type":2,"is_primary":true},"received_lines":{"type":2},"additional_header_fields":{"type":2},"body":{"type":2},"body_multipart":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"file","namespace":"stix_observable.file","type":2,"role":4096,"properties":{"hashes":{"type":2},"size":{"type":2},"name":{"type":2,"is_primary":true},"name_enc":{"type":2},"magic_number_hex":{"type":2},"mime_type":{"type":2},"ctime":{"type":3},"mtime":{"type":3},"atime":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv4-address","namespace":"stix_observable.ipv4_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"ipv6-address","namespace":"stix_observable.ipv6_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mac-address","namespace":"stix_observable.mac_address","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"mutex","namespace":"stix_observable.mutex","type":2,"role":4096,"properties":{"name":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"network-traffic","namespace":"stix_observable.network_traffic","type":2,"role":4096,"properties":{"start":{"type":3},"end":{"type":3},"is_active":{"type":2},"src_port":{"type":0,"min":0,"max":65535},"dst_port":{"type":0,"min":0,"max":65535},"protocols":{"type":5,"form":{"type":2},"is_required":true},"src_byte_count":{"type":0,"min":0},"dst_byte_count":{"type":0,"min":0},"src_packets":{"type":0,"min":0},"dst_packets":{"type":0,"min":0},"ipfix":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"process","namespace":"stix_observable.process","type":2,"role":4096,"properties":{"is_hidden":{"type":2},"pid":{"type":0,"min":0},"created_time":{"type":3},"cwd":{"type":2},"command_line":{"type":2,"is_required":true},"environment_variables":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"software","namespace":"stix_observable.software","type":2,"role":4096,"properties":{"name":{"type":2,"is_primary":true,"is_required":true},"cpe":{"type":2},"languages":{"type":5,"form":{"type":2}},"vendor":{"type":2},"version":{"type":2}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"url","namespace":"stix_observable.url","type":2,"role":4096,"properties":{"value":{"type":2,"is_required":true}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"user-account","namespace":"stix_observable.user_account","type":2,"role":4096,"properties":{"user_id":{"type":2},"credential":{"type":2},"account_login":{"type":2},"account_type":{"type":2},"display_name":{"type":2,"is_primary":true,"is_required":true},"is_service_account":{"type":2},"is_privileged":{"type":2},"can_escalate_privs":{"type":2},"is_disabled":{"type":2},"account_created":{"type":3},"account_expires":{"type":3},"credential_last_changed":{"type":3},"account_first_login":{"type":3},"account_last_login":{"type":3}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"windows-registry-key","namespace":"stix_observable.windows_registry_key","type":2,"role":4096,"properties":{"key":{"type":2,"is_primary":true},"values":{"type":5,"form":{"type":2}},"modified_time":{"type":3},"number_of_subkeys":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}},{"id":"x509-certificate","namespace":"stix_observable.x509_certificate","type":2,"role":4096,"properties":{"subject":{"type":2,"is_primary":true,"is_required":true},"is_self_signed":{"type":2},"hashes":{"type":2},"version":{"type":2},"serial_number":{"type":2},"signature_algorithm":{"type":2},"issuer":{"type":2},"validity_not_before":{"type":3},"validity_not_after":{"type":3},"subject_public_key_algorithm":{"type":2},"subject_public_key_modulus":{"type":2},"subject_public_key_exponent":{"type":0,"min":0}},"anchor_template":"@__builtin__anchor","style":{"max_width":320,"head":{"fill_color":"#737373","stroke_color":"#8c8c8c","one_title":{"title":{"font":{"family":"Inter","size":"10.5pt","weight":800},"color":"#d8d8d8"}},"two_title":{"title":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#d8d8d8","padding":8},"subtitle":{"font":{"family":"Inter","size":"13pt","weight":800},"color":"#d8d8d8","line_height":23}},"vertical_padding":14},"body":{"fill_color":"#1f1f1f","stroke_color":"#383838","field_name":{"font":{"family":"Inter","size":"8pt","weight":600},"color":"#b3b3b3","padding":12},"field_value":{"font":{"family":"Inter","size":"10.5pt"},"color":"#bfbfbf","line_height":20,"padding":22},"vertical_padding":18},"select_outline":{"color":"#e6d845","padding":4,"border_radius":9},"anchor_markers":{"color":"#ffffff","size":3},"border_radius":5,"horizontal_padding":20}}]},"objects":[{"id":"feb4bba4-b246-45a1-b9c0-7e00c26a1fad","x":-20,"y":-220,"attrs":0,"template":"attack_flow_page","children":["573a127e-4ad6-4d00-a276-9d3a4e094b97","6b5f92ae-21fd-4e9b-8334-9459b3784701","31f79cd3-ae27-44a1-9824-373683cd0ced","fa8f9660-3a81-4e19-b25c-5a554d736e6e","0761e3ae-392d-45a0-b96e-bb84d74bf63c"],"properties":[["name","attack-paths"],["description",null],["scope","3e072748feb6ecd1b1ba397704e009c0"],["author",[["name",null],["identity_class",null],["contact_information",null]]],["external_references",[]]]},{"id":"573a127e-4ad6-4d00-a276-9d3a4e094b97","x":-40,"y":-370,"attrs":256,"template":"action","children":["f23d355d-686f-4f09-887c-3084cd6bbf65","fd4aeb2a-849b-4dfe-a557-1808c639e22e","1d48ae0a-e472-403e-bcbe-9247db818560","42acf71d-ccbc-47ce-bacd-3de78ad40fe0","7060575c-46d2-46c4-96f6-fd96fc20f174","636a224c-4c4e-456c-8394-05abf77e1136","16830723-dafd-4fe3-9e5c-3ef90ce04180","369c9567-3ab5-4799-ab16-d7dc0edc77c5","2311925f-e6ea-441f-a2a1-741fc279b574","cce613fc-940c-434c-8fda-6807960eec9f","6d19c94f-1b7b-488e-8ae6-6a6eb223b1e7","6cc9e45f-09dc-4e27-a603-1360443622a7"],"properties":[["name","User Execution"],["tactic_id","T1204"],["tactic_ref",null],["technique_id",null],["technique_ref",null],["description","The user executes the malicious payload."],["confidence",null],["execution_start",null],["execution_end",null]]},{"id":"6b5f92ae-21fd-4e9b-8334-9459b3784701","x":-240,"y":-80,"attrs":256,"template":"action","children":["35b0dc3b-5b16-448d-961c-643f69a2a5d6","77707295-eb55-4a88-8912-455a8994fa8f","c1f7a1fa-a49c-4498-b4da-c5c140b44464","97135309-9d15-4fd9-864a-3398dbf57778","3cc377d3-8c3e-4ec7-838d-af359696bdf3","8e323693-86ce-4c21-83e1-a04e05768d01","124d2d79-3403-4f28-9a75-833cad569470","c0ac2adb-b87b-4118-93c5-8a44013fceef","9307d91e-bcc4-4903-a0db-8aaaf10c15ae","5ffc77c4-a604-41d7-a1ca-cf13eb09d8a1","04444632-e631-4670-b560-17ea731ba376","6269a6bf-0ab7-4e93-b67e-0924ab87b961"],"properties":[["name","Scheduled Task/Job: Scheduled Task"],["tactic_id","T1053.005"],["tactic_ref",null],["technique_id",null],["technique_ref",null],["description","The adversary gains persistence by installing payloads in the user's startup folder."],["confidence",null],["execution_start",null],["execution_end",null]]},{"id":"31f79cd3-ae27-44a1-9824-373683cd0ced","x":200,"y":-80,"attrs":256,"template":"action","children":["17c3075f-c9c7-4fad-8503-5a83b9b3a567","6bd5cfeb-1d8a-4765-867f-b0834387fd68","77183619-8678-4a5f-9113-3d3e1c5fa41b","dc4ab66e-390d-40f7-a742-6ecf503a459c","39e6bdd8-8d81-473a-b913-38fb95f84cbc","f79ddf0c-8fec-440b-ad32-b71d80a03b73","855f658f-2e32-4c53-91df-9790737171fe","ed2bd7d9-edda-439d-b845-c180e9edec6d","9e1dfaae-e55b-4cd7-877f-fc81add11eda","7188b4b0-a5f6-4f02-8889-1a366434d43b","cd15446c-2a02-434e-baf2-ff7b2518cae5","853ad29c-375c-4ce7-8e54-ef26a2e094bc"],"properties":[["name","Scheduled Task/Job: Scheduled Task"],["tactic_id","T1053.005"],["tactic_ref",null],["technique_id",null],["technique_ref",null],["description","The adversary gains persistence by setting up a scheduled task with a malicious payload."],["confidence",null],["execution_start",null],["execution_end",null]]},{"id":"fa8f9660-3a81-4e19-b25c-5a554d736e6e","x":-180,"y":-230,"attrs":0,"template":"@__builtin__line_vertical_elbow","children":["29394674-c4f5-4429-a3a7-1e20e3f10529","58260474-ff83-4d7d-94a9-7cbd24e48f92","2c901ae8-d212-4d29-bb4f-97e20e618a39"],"properties":[]},{"id":"0761e3ae-392d-45a0-b96e-bb84d74bf63c","x":119,"y":-230,"attrs":0,"template":"@__builtin__line_vertical_elbow","children":["1fb0f963-6e5f-4926-b2ae-4a745a32ccdb","ddaa75d2-f89f-4412-b167-ffbabbb69831","dd448cb2-f71c-4393-9099-92e1bb3d8845"],"properties":[]},{"id":"f23d355d-686f-4f09-887c-3084cd6bbf65","x":-118.5,"y":-460,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"fd4aeb2a-849b-4dfe-a557-1808c639e22e","x":-40,"y":-460,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"1d48ae0a-e472-403e-bcbe-9247db818560","x":38.5,"y":-460,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"42acf71d-ccbc-47ce-bacd-3de78ad40fe0","x":118,"y":-415,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"7060575c-46d2-46c4-96f6-fd96fc20f174","x":118,"y":-370,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"636a224c-4c4e-456c-8394-05abf77e1136","x":118,"y":-325,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"16830723-dafd-4fe3-9e5c-3ef90ce04180","x":38.5,"y":-280,"attrs":0,"template":"@__builtin__anchor","children":["1fb0f963-6e5f-4926-b2ae-4a745a32ccdb"],"properties":[],"angle":1},{"id":"369c9567-3ab5-4799-ab16-d7dc0edc77c5","x":-40,"y":-280,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"2311925f-e6ea-441f-a2a1-741fc279b574","x":-118.5,"y":-280,"attrs":0,"template":"@__builtin__anchor","children":["29394674-c4f5-4429-a3a7-1e20e3f10529"],"properties":[],"angle":1},{"id":"cce613fc-940c-434c-8fda-6807960eec9f","x":-197,"y":-325,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"6d19c94f-1b7b-488e-8ae6-6a6eb223b1e7","x":-197,"y":-370,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"6cc9e45f-09dc-4e27-a603-1360443622a7","x":-197,"y":-415,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"35b0dc3b-5b16-448d-961c-643f69a2a5d6","x":-330.5,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"77707295-eb55-4a88-8912-455a8994fa8f","x":-240,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":["2c901ae8-d212-4d29-bb4f-97e20e618a39"],"properties":[],"angle":1},{"id":"c1f7a1fa-a49c-4498-b4da-c5c140b44464","x":-149.5,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"97135309-9d15-4fd9-864a-3398dbf57778","x":-59,"y":-130,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"3cc377d3-8c3e-4ec7-838d-af359696bdf3","x":-59,"y":-80,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"8e323693-86ce-4c21-83e1-a04e05768d01","x":-59,"y":-30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"124d2d79-3403-4f28-9a75-833cad569470","x":-149.5,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"c0ac2adb-b87b-4118-93c5-8a44013fceef","x":-240,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"9307d91e-bcc4-4903-a0db-8aaaf10c15ae","x":-330.5,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"5ffc77c4-a604-41d7-a1ca-cf13eb09d8a1","x":-421,"y":-30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"04444632-e631-4670-b560-17ea731ba376","x":-421,"y":-80,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"6269a6bf-0ab7-4e93-b67e-0924ab87b961","x":-421,"y":-130,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"17c3075f-c9c7-4fad-8503-5a83b9b3a567","x":109.5,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"6bd5cfeb-1d8a-4765-867f-b0834387fd68","x":200,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":["dd448cb2-f71c-4393-9099-92e1bb3d8845"],"properties":[],"angle":1},{"id":"77183619-8678-4a5f-9113-3d3e1c5fa41b","x":290.5,"y":-180,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"dc4ab66e-390d-40f7-a742-6ecf503a459c","x":381,"y":-130,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"39e6bdd8-8d81-473a-b913-38fb95f84cbc","x":381,"y":-80,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"f79ddf0c-8fec-440b-ad32-b71d80a03b73","x":381,"y":-30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"855f658f-2e32-4c53-91df-9790737171fe","x":290.5,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"ed2bd7d9-edda-439d-b845-c180e9edec6d","x":200,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"9e1dfaae-e55b-4cd7-877f-fc81add11eda","x":109.5,"y":20,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":1},{"id":"7188b4b0-a5f6-4f02-8889-1a366434d43b","x":19,"y":-30,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"cd15446c-2a02-434e-baf2-ff7b2518cae5","x":19,"y":-80,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"853ad29c-375c-4ce7-8e54-ef26a2e094bc","x":19,"y":-130,"attrs":0,"template":"@__builtin__anchor","children":[],"properties":[],"angle":0},{"id":"29394674-c4f5-4429-a3a7-1e20e3f10529","x":-118.5,"y":-280,"attrs":0,"template":"@__builtin__line_source","children":[],"properties":[]},{"id":"58260474-ff83-4d7d-94a9-7cbd24e48f92","x":-179.25,"y":-230,"attrs":0,"template":"@__builtin__line_handle","children":[],"properties":[]},{"id":"2c901ae8-d212-4d29-bb4f-97e20e618a39","x":-240,"y":-180,"attrs":0,"template":"@__builtin__line_target","children":[],"properties":[]},{"id":"1fb0f963-6e5f-4926-b2ae-4a745a32ccdb","x":38.5,"y":-280,"attrs":0,"template":"@__builtin__line_source","children":[],"properties":[]},{"id":"ddaa75d2-f89f-4412-b167-ffbabbb69831","x":119.25,"y":-230,"attrs":0,"template":"@__builtin__line_handle","children":[],"properties":[]},{"id":"dd448cb2-f71c-4393-9099-92e1bb3d8845","x":200,"y":-180,"attrs":0,"template":"@__builtin__line_target","children":[],"properties":[]}],"location":{"x":-22.74834534641508,"y":-8.69875878028406,"k":0.8814801579071703}}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку