diff --git a/IBM_X-Force/Snapshot-with-Domain.json b/IBM_X-Force/Snapshot-with-Domain.json
index d0a4add4..1fafcf9e 100644
--- a/IBM_X-Force/Snapshot-with-Domain.json
+++ b/IBM_X-Force/Snapshot-with-Domain.json
@@ -1 +1 @@
-{"description": "IBM X-Force Domain Malicious", "searchHistory": {"selectedObservables": [{"uuid": "baa07891-8d2c-40c8-b286-a2a4c16c5a92", "observable": {"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "disposition": 2, "type": "domain", "value": "dosenyplus.com", "id": "752d6a76"}], "omittedObservables": [], "archivedObservables": [{"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "domain:\"dosenyplus.com\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":659289999.9996006,\"updated-perf\":659289999.9996006,\"type\":\"collect\",\"created\":\"2021-03-03T11:22:39.540Z\",\"state\":\"ok\",\"arg\":\"domain:\\\"dosenyplus.com\\\"\",\"result\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"id\":\"collect-856e683b\",\"uuid\":\"ff75609b-3a29-434a-a46d-12b12035b641\"},{\"created-perf\":2997240000.000602,\"updated-perf\":2997240000.000602,\"type\":\"deliberate\",\"created\":\"2021-03-03T11:22:41.878Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"dosenyplus.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:40.000Z\",\"end_time\":\"2023-11-03T11:22:40.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-a58f0e7d\",\"uuid\":\"99564c8e-aa80-4d66-84eb-bc943e4349c5\"},{\"created-perf\":13011255000.001257,\"updated-perf\":13011260000.00113,\"type\":\"investigate\",\"created\":\"2021-03-03T11:22:51.892Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"dosenyplus.com\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T11:22:51.000Z\",\"end_time\":\"2023-11-03T11:22:51.000Z\"},\"producer\":\"X-Force Research\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"3f7930a9ad9351695b9dea277825c606\"],\"title\":\"Disney Squatting Campaign\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"external_id\":\"3f7930a9ad9351695b9dea277825c606\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"id\":\"transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63\",\"confidence\":\"High\"},{\"tags\":[\"True\"],\"valid_time\":{\"start_time\":\"2023-10-04T11:22:45.000Z\",\"end_time\":\"2023-11-03T11:22:45.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Early Warning\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:45.000Z\",\"end_time\":\"2023-11-03T11:22:45.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6\",\"id\":\"transient:relationship-d9bc2398-94a5-41a7-8bc6-b7694cdecbb8\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224\",\"id\":\"transient:relationship-65834feb-6cee-4a03-9929-98e73cb3c177\",\"relationship_type\":\"sighting-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T11:22:45.000Z\",\"end_time\":\"2023-10-11T11:22:45.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"3f7930a9ad9351695b9dea277825c606\"],\"title\":\"Contained in Collection: Disney Squatting Campaign\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"external_id\":\"3f7930a9ad9351695b9dea277825c606\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"id\":\"transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-09-05T09:05:00.273Z\",\"end_time\":\"2023-09-05T09:05:00.273Z\"}},{\"description\":\"IP addresses that dosenyplus.com resolves to\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"192.187.111.220\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.194\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.195\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.196\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.198\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T11:22:50.000Z\",\"end_time\":\"2023-10-04T11:22:50.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Early Warning\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T11:22:45.000Z\",\"end_time\":\"2023-10-04T11:22:45.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-33a73dab\",\"uuid\":\"2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357\"},{\"created-perf\":20833185000.001324,\"updated-perf\":20833190000.001194,\"type\":\"deliberate\",\"created\":\"2021-03-03T11:22:59.714Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"192.187.111.220\"},{\"type\":\"ip\",\"value\":\"192.187.111.222\"},{\"type\":\"ip\",\"value\":\"81.17.18.195\"},{\"type\":\"ip\",\"value\":\"81.17.18.198\"},{\"type\":\"ip\",\"value\":\"81.17.18.196\"},{\"type\":\"ip\",\"value\":\"81.17.18.194\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:52.508Z\",\"end_time\":\"2023-11-03T11:22:52.508Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":6,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.194\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:55.000Z\",\"end_time\":\"2023-11-03T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.220\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:55.000Z\",\"end_time\":\"2023-11-03T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:55.000Z\",\"end_time\":\"2023-11-03T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.196\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:59.000Z\",\"end_time\":\"2023-11-03T11:22:59.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.195\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:55.000Z\",\"end_time\":\"2023-11-03T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.198\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T11:22:56.000Z\",\"end_time\":\"2023-11-03T11:22:56.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-a2042e4d\",\"uuid\":\"7dc852fe-d9fd-46e6-b411-e278663219a7\"}]", "short_description": "Snapshot @ 20210303 12:15:22", "omittedObservables": [], "archivedObservables": [{"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}], "selectedObservables": [{"uuid": "baa07891-8d2c-40c8-b286-a2a4c16c5a92", "observable": {"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "disposition": 2, "type": "domain", "value": "dosenyplus.com", "id": "752d6a76"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-98eb0a36-585d-4011-ac96-f0698efc0fa5", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:15:26.566Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force Domain Malicious", "searchHistory": {"selectedObservables": [{"uuid": "baa07891-8d2c-40c8-b286-a2a4c16c5a92", "observable": {"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "disposition": 2, "type": "domain", "value": "dosenyplus.com", "id": "752d6a76"}], "omittedObservables": [], "archivedObservables": [{"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "domain:\"dosenyplus.com\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":659289999.9996006,\"updated-perf\":659289999.9996006,\"type\":\"collect\",\"created\":\"2021-03-03T11:22:39.540Z\",\"state\":\"ok\",\"arg\":\"domain:\\\"dosenyplus.com\\\"\",\"result\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"id\":\"collect-856e683b\",\"uuid\":\"ff75609b-3a29-434a-a46d-12b12035b641\"},{\"created-perf\":2997240000.000602,\"updated-perf\":2997240000.000602,\"type\":\"deliberate\",\"created\":\"2021-03-03T11:22:41.878Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"dosenyplus.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:40.000Z\",\"end_time\":\"2023-11-10T11:22:40.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-a58f0e7d\",\"uuid\":\"99564c8e-aa80-4d66-84eb-bc943e4349c5\"},{\"created-perf\":13011255000.001257,\"updated-perf\":13011260000.00113,\"type\":\"investigate\",\"created\":\"2021-03-03T11:22:51.892Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"dosenyplus.com\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T11:22:51.000Z\",\"end_time\":\"2023-11-10T11:22:51.000Z\"},\"producer\":\"X-Force Research\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"3f7930a9ad9351695b9dea277825c606\"],\"title\":\"Disney Squatting Campaign\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"external_id\":\"3f7930a9ad9351695b9dea277825c606\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"id\":\"transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63\",\"confidence\":\"High\"},{\"tags\":[\"True\"],\"valid_time\":{\"start_time\":\"2023-10-11T11:22:45.000Z\",\"end_time\":\"2023-11-10T11:22:45.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Early Warning\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:45.000Z\",\"end_time\":\"2023-11-10T11:22:45.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6\",\"id\":\"transient:relationship-d9bc2398-94a5-41a7-8bc6-b7694cdecbb8\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224\",\"id\":\"transient:relationship-65834feb-6cee-4a03-9929-98e73cb3c177\",\"relationship_type\":\"sighting-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T11:22:45.000Z\",\"end_time\":\"2023-10-18T11:22:45.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":3,\"docs\":[{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"3f7930a9ad9351695b9dea277825c606\"],\"title\":\"Contained in Collection: Disney Squatting Campaign\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"external_id\":\"3f7930a9ad9351695b9dea277825c606\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606\",\"id\":\"transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-09-12T09:05:00.273Z\",\"end_time\":\"2023-09-12T09:05:00.273Z\"}},{\"description\":\"IP addresses that dosenyplus.com resolves to\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"192.187.111.220\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.194\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.195\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.196\",\"type\":\"ip\"}},{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"dosenyplus.com\",\"type\":\"domain\"},\"related\":{\"value\":\"81.17.18.198\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T11:22:50.000Z\",\"end_time\":\"2023-10-11T11:22:50.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"dosenyplus.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Early Warning\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/dosenyplus.com\",\"id\":\"transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T11:22:45.000Z\",\"end_time\":\"2023-10-11T11:22:45.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-33a73dab\",\"uuid\":\"2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357\"},{\"created-perf\":20833185000.001324,\"updated-perf\":20833190000.001194,\"type\":\"deliberate\",\"created\":\"2021-03-03T11:22:59.714Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"192.187.111.220\"},{\"type\":\"ip\",\"value\":\"192.187.111.222\"},{\"type\":\"ip\",\"value\":\"81.17.18.195\"},{\"type\":\"ip\",\"value\":\"81.17.18.198\"},{\"type\":\"ip\",\"value\":\"81.17.18.196\"},{\"type\":\"ip\",\"value\":\"81.17.18.194\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:52.508Z\",\"end_time\":\"2023-11-10T11:22:52.508Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":6,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.194\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:55.000Z\",\"end_time\":\"2023-11-10T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.220\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:55.000Z\",\"end_time\":\"2023-11-10T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"192.187.111.222\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:55.000Z\",\"end_time\":\"2023-11-10T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.196\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:59.000Z\",\"end_time\":\"2023-11-10T11:22:59.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.195\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:55.000Z\",\"end_time\":\"2023-11-10T11:22:55.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"81.17.18.198\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T11:22:56.000Z\",\"end_time\":\"2023-11-10T11:22:56.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-a2042e4d\",\"uuid\":\"7dc852fe-d9fd-46e6-b411-e278663219a7\"}]", "short_description": "Snapshot @ 20210303 12:15:22", "omittedObservables": [], "archivedObservables": [{"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}], "selectedObservables": [{"uuid": "baa07891-8d2c-40c8-b286-a2a4c16c5a92", "observable": {"key": "c98d275f-174e-4e6f-9c2a-d10a9db52d0d", "value": "dosenyplus.com", "indicators": [{"tags": ["True"], "valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-04-02T11:22:45.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:indicator-7f11b907-7caa-5c70-b497-e9d18bf7fe8e", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "7fb8b184-04c4-43ee-82dc-7a4ee7b9fa25", "confidence": "High", "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T11:22:51.000Z", "end_time": "2021-04-02T11:22:51.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Disney Squatting Campaign", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:indicator-75f443c0-7908-52a2-9eb4-b29780447c63", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "96f9c5c5-b210-4628-9f40-231dcef7ea86", "confidence": "High", "ctr_hide": false}], "type": "domain", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T11:22:40.000Z", "end_time": "2021-04-02T11:22:40.000Z"}, "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:752d6a76", "action": "99564c8e-aa80-4d66-84eb-bc943e4349c5"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "dosenyplus.com", "id": "752d6a76", "judgements": [{"valid_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-10T11:22:45.000Z"}, "schema_version": "1.1.1", "observable": {"value": "dosenyplus.com", "type": "domain"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-175de344-37d5-4ead-856d-6c9ae41d2c01", "severity": "High", "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "confidence": "High"}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Early Warning", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-8d1a236d-c5d8-57b9-a70d-44084ed9e224", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "8febba6c-a850-4c0f-b0b1-db54616ac44f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:45.000Z", "end_time": "2021-03-03T11:22:45.000Z"}, "ctr_hide": false}, {"description": "IP addresses that dosenyplus.com resolves to", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.220", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "192.187.111.222", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.194", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.195", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.196", "type": "ip"}}, {"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "dosenyplus.com", "type": "domain"}, "related": {"value": "81.17.18.198", "type": "ip"}}], "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/url/dosenyplus.com", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "716065de-410e-4d50-be3b-1883c6040e6e", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:22:50.000Z", "end_time": "2021-03-03T11:22:50.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "dosenyplus.com", "type": "domain"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["3f7930a9ad9351695b9dea277825c606"], "title": "Contained in Collection: Disney Squatting Campaign", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "external_id": "3f7930a9ad9351695b9dea277825c606"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Disney Squatting Campaign-3f7930a9ad9351695b9dea277825c606", "id": "transient:sighting-6735b1fb-7aaf-57b0-9c9d-143af4e78dc6", "count": 1, "action": "2fb2c4fd-f65d-41e6-ab56-a7e8a38b0357", "ctr_uuid": "4997aa4c-04c5-4836-b66d-2aaa379199f5", "confidence": "High", "observed_time": {"start_time": "2021-02-02T09:05:00.273Z", "end_time": "2021-02-02T09:05:00.273Z"}, "ctr_hide": false}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "domain", "value": "dosenyplus.com"}, "observable_id": "752d6a76"}], "disposition_name": "Malicious", "disposition": 2, "type": "domain", "value": "dosenyplus.com", "id": "752d6a76"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-98eb0a36-585d-4011-ac96-f0698efc0fa5", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:15:26.566Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-IPv4.json b/IBM_X-Force/Snapshot-with-IPv4.json
index 37a85904..c88d03c4 100644
--- a/IBM_X-Force/Snapshot-with-IPv4.json
+++ b/IBM_X-Force/Snapshot-with-IPv4.json
@@ -1 +1 @@
-{"description": "IBM X-Force IP Suspicious", "searchHistory": {"selectedObservables": [{"uuid": "091c55b7-baa7-4821-804f-5383dc081e6e", "observable": {"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "disposition": 3, "type": "ip", "value": "190.2.100.136", "id": "bce3d635"}], "omittedObservables": [], "archivedObservables": [{"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "ip:\"190.2.100.136\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":15657409999.9998,\"updated-perf\":15657409999.9998,\"type\":\"collect\",\"created\":\"2021-03-03T12:15:48.343Z\",\"state\":\"ok\",\"arg\":\"190.2.100.136\",\"result\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"id\":\"collect-e2e69d73\",\"uuid\":\"6821ff28-b1ea-466e-b968-218a0ca3c2b4\"},{\"created-perf\":22327124999.999798,\"updated-perf\":22327130000.001488,\"type\":\"investigate\",\"created\":\"2021-03-03T12:15:55.013Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"190.2.100.136\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T12:15:54.000Z\",\"end_time\":\"2023-11-03T12:15:54.000Z\"},\"producer\":\"X-Force Research\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"76265914d081e79d158260bf5385a9da\"],\"title\":\"Phorpiex Botnet Extortion Activity Monitoring\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"external_id\":\"76265914d081e79d158260bf5385a9da\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"id\":\"transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-11-03T12:15:53.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-11-03T12:15:53.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Dynamic IPs\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-11-03T12:15:53.000Z\"}}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7\",\"id\":\"transient:relationship-e433d97f-5805-4d74-99c1-1639c63143af\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"id\":\"transient:relationship-1ecb6b0d-1961-42f3-a50f-28ea86241d4a\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-29d36407-40f6-59e7-935e-c770d88646da\",\"id\":\"transient:relationship-a85a2328-ef5e-4ac6-adf2-b8e5a42afa3a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"id\":\"transient:relationship-2a50a498-ddf0-4ded-ad61-0520373f8efd\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"id\":\"transient:relationship-3c045780-6479-483d-9c04-d0ae891dd7bf\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-10-11T12:15:53.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":3,\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"severity\":\"Medium\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-10-11T12:15:53.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":4,\"docs\":[{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"76265914d081e79d158260bf5385a9da\"],\"title\":\"Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"external_id\":\"76265914d081e79d158260bf5385a9da\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"id\":\"transient:sighting-29d36407-40f6-59e7-935e-c770d88646da\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T11:55:26.488Z\",\"end_time\":\"2023-10-04T11:55:26.488Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-10-04T12:15:53.000Z\"}},{\"description\":\"Domains that have resolved to 190.2.100.136\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"136.100.2.190.ros.express.com.ar\",\"type\":\"domain\"},\"related\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T12:15:54.000Z\",\"end_time\":\"2023-10-04T12:15:54.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Dynamic IPs\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T12:15:53.000Z\",\"end_time\":\"2023-10-04T12:15:53.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-4dc3c4f4\",\"uuid\":\"afa095af-2c0d-4fe6-8b37-3cb045c71d89\"},{\"created-perf\":23701730000.00068,\"updated-perf\":23701730000.00068,\"type\":\"deliberate\",\"created\":\"2021-03-03T12:15:56.388Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"136.100.2.190.ros.express.com.ar\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"136.100.2.190.ros.express.com.ar\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T12:15:56.000Z\",\"end_time\":\"2023-11-03T12:15:56.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-6f48e4ae\",\"uuid\":\"a66e35e9-ff47-4c6a-a0af-85513fcc8451\"}]", "short_description": "Snapshot @ 20210303 12:16:39", "omittedObservables": [], "archivedObservables": [{"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}], "selectedObservables": [{"uuid": "091c55b7-baa7-4821-804f-5383dc081e6e", "observable": {"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "disposition": 3, "type": "ip", "value": "190.2.100.136", "id": "bce3d635"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-f8517645-9eb0-4145-a1c0-94f245143e41", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:16:42.638Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force IP Suspicious", "searchHistory": {"selectedObservables": [{"uuid": "091c55b7-baa7-4821-804f-5383dc081e6e", "observable": {"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "disposition": 3, "type": "ip", "value": "190.2.100.136", "id": "bce3d635"}], "omittedObservables": [], "archivedObservables": [{"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "ip:\"190.2.100.136\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":15657409999.9998,\"updated-perf\":15657409999.9998,\"type\":\"collect\",\"created\":\"2021-03-03T12:15:48.343Z\",\"state\":\"ok\",\"arg\":\"190.2.100.136\",\"result\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"id\":\"collect-e2e69d73\",\"uuid\":\"6821ff28-b1ea-466e-b968-218a0ca3c2b4\"},{\"created-perf\":22327124999.999798,\"updated-perf\":22327130000.001488,\"type\":\"investigate\",\"created\":\"2021-03-03T12:15:55.013Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"190.2.100.136\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":3,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T12:15:54.000Z\",\"end_time\":\"2023-11-10T12:15:54.000Z\"},\"producer\":\"X-Force Research\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"76265914d081e79d158260bf5385a9da\"],\"title\":\"Phorpiex Botnet Extortion Activity Monitoring\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"external_id\":\"76265914d081e79d158260bf5385a9da\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"id\":\"transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-11-10T12:15:53.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-11-10T12:15:53.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Dynamic IPs\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-11-10T12:15:53.000Z\"}}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7\",\"id\":\"transient:relationship-e433d97f-5805-4d74-99c1-1639c63143af\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"id\":\"transient:relationship-1ecb6b0d-1961-42f3-a50f-28ea86241d4a\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-29d36407-40f6-59e7-935e-c770d88646da\",\"id\":\"transient:relationship-a85a2328-ef5e-4ac6-adf2-b8e5a42afa3a\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"id\":\"transient:relationship-2a50a498-ddf0-4ded-ad61-0520373f8efd\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"id\":\"transient:relationship-3c045780-6479-483d-9c04-d0ae891dd7bf\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-10-18T12:15:53.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":3,\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3\",\"severity\":\"Medium\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-10-18T12:15:53.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":4,\"docs\":[{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"76265914d081e79d158260bf5385a9da\"],\"title\":\"Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"external_id\":\"76265914d081e79d158260bf5385a9da\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da\",\"id\":\"transient:sighting-29d36407-40f6-59e7-935e-c770d88646da\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T11:55:26.488Z\",\"end_time\":\"2023-10-11T11:55:26.488Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-10-11T12:15:53.000Z\"}},{\"description\":\"Domains that have resolved to 190.2.100.136\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"136.100.2.190.ros.express.com.ar\",\"type\":\"domain\"},\"related\":{\"value\":\"190.2.100.136\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T12:15:54.000Z\",\"end_time\":\"2023-10-11T12:15:54.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"190.2.100.136\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Dynamic IPs\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/190.2.100.136\",\"id\":\"transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T12:15:53.000Z\",\"end_time\":\"2023-10-11T12:15:53.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-4dc3c4f4\",\"uuid\":\"afa095af-2c0d-4fe6-8b37-3cb045c71d89\"},{\"created-perf\":23701730000.00068,\"updated-perf\":23701730000.00068,\"type\":\"deliberate\",\"created\":\"2021-03-03T12:15:56.388Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"136.100.2.190.ros.express.com.ar\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"136.100.2.190.ros.express.com.ar\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T12:15:56.000Z\",\"end_time\":\"2023-11-10T12:15:56.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-6f48e4ae\",\"uuid\":\"a66e35e9-ff47-4c6a-a0af-85513fcc8451\"}]", "short_description": "Snapshot @ 20210303 12:16:39", "omittedObservables": [], "archivedObservables": [{"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}], "selectedObservables": [{"uuid": "091c55b7-baa7-4821-804f-5383dc081e6e", "observable": {"key": "fdd46517-d754-4828-bdfe-528676740cbd", "value": "190.2.100.136", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1d810ae9-4259-5b29-aa43-b301fc347afd", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}, {"valid_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-04-02T12:15:54.000Z"}, "producer": "X-Force Research", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:indicator-4bf4db1d-0139-5dc8-a0b4-04e3fdeaedbb", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "confidence": "High"}], "type": "ip", "state": "investigated", "targets": [], "disposition": 3, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-04-02T12:15:53.000Z"}, "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "verdict", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "id": "verdict:IBM X-Force Exchange:bce3d635", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "obsListSortOrder": 2, "listOrder": 0, "label": "190.2.100.136", "id": "bce3d635", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-9ab43db1-490e-4b1a-a5cc-03c2ed0b857f", "severity": "High", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7e379093-28e5-4ab4-8ba7-1d9f82669681", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}, {"valid_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-10T12:15:53.000Z"}, "schema_version": "1.1.1", "observable": {"value": "190.2.100.136", "type": "ip"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 3, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Suspicious", "priority": 85, "id": "transient:judgement-9ca46d91-1297-4d17-af2a-566dfb8eefd3", "severity": "Medium", "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "c5badb50-8e14-4e73-86b4-b1ee712d60ae", "confidence": "High", "ctr_dispositionOrder": 2, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Dynamic IPs", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-24a93769-6003-5be5-9c6d-3e9e30ae9dc7", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "7462eb3e-978f-4353-93ad-dcaa1c50ebf1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"description": "Domains that have resolved to 190.2.100.136", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "136.100.2.190.ros.express.com.ar", "type": "domain"}, "related": {"value": "190.2.100.136", "type": "ip"}}], "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "9ed0b17f-9933-4720-9864-b3f9148f01af", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:54.000Z", "end_time": "2021-03-03T12:15:54.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/190.2.100.136", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "6851965d-e36c-40ca-8cfb-498c856cd1e1", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:15:53.000Z", "end_time": "2021-03-03T12:15:53.000Z"}, "ctr_hide": false}, {"schema_version": "1.1.1", "observables": [{"value": "190.2.100.136", "type": "ip"}], "type": "sighting", "source": "IBM X-Force Exchange", "external_ids": ["76265914d081e79d158260bf5385a9da"], "title": "Contained in Collection: Phorpiex Botnet Extortion Activity Monitoring", "module": "IBM X-Force Exchange", "internal": false, "external_references": [{"source_name": "IBM X-Force Exchange", "url": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "external_id": "76265914d081e79d158260bf5385a9da"}], "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/collection/Phorpiex Botnet Extortion Activity Monitoring-76265914d081e79d158260bf5385a9da", "id": "transient:sighting-29d36407-40f6-59e7-935e-c770d88646da", "count": 1, "action": "afa095af-2c0d-4fe6-8b37-3cb045c71d89", "ctr_uuid": "fc4c5fb5-9a61-44db-8ee8-b9c65d720a2c", "confidence": "High", "observed_time": {"start_time": "2021-03-03T11:55:26.488Z", "end_time": "2021-03-03T11:55:26.488Z"}, "ctr_hide": false}], "revListOrder": 2}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ip", "value": "190.2.100.136"}, "observable_id": "bce3d635"}], "disposition_name": "Suspicious", "disposition": 3, "type": "ip", "value": "190.2.100.136", "id": "bce3d635"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-f8517645-9eb0-4145-a1c0-94f245143e41", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:16:42.638Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-IPv6.json b/IBM_X-Force/Snapshot-with-IPv6.json
index 4bac18fe..421b524f 100644
--- a/IBM_X-Force/Snapshot-with-IPv6.json
+++ b/IBM_X-Force/Snapshot-with-IPv6.json
@@ -1 +1 @@
-{"description": "IBM X-Force IPv6 Malicious", "searchHistory": {"selectedObservables": [{"uuid": "d89e6cf0-74b1-4a30-aca8-111e52bac34a", "observable": {"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "disposition": 2, "type": "ipv6", "value": "2403:7800:5021::58", "id": "f96b1532"}], "omittedObservables": [], "archivedObservables": [{"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "ipv6:\"2403:7800:5021::58\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":15949539999.999615,\"updated-perf\":15949539999.999615,\"type\":\"collect\",\"created\":\"2021-03-03T12:17:03.221Z\",\"state\":\"ok\",\"arg\":\"2403:7800:5021::58\",\"result\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"id\":\"collect-3d6e0247\",\"uuid\":\"3fd5a51d-03af-402a-ae73-4688ecd918e3\"},{\"created-perf\":36907750000.000305,\"updated-perf\":36907750000.000305,\"type\":\"investigate\",\"created\":\"2021-03-03T12:17:24.180Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ipv6\",\"value\":\"2403:7800:5021::58\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T12:17:11.000Z\",\"end_time\":\"2023-11-03T12:17:11.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T12:17:11.000Z\",\"end_time\":\"2023-11-03T12:17:11.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"id\":\"transient:relationship-66a72c08-ee76-424a-8698-9b2779fced0c\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"id\":\"transient:relationship-fa8e0d3c-a958-4cf3-a12c-de608b647771\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T12:17:11.000Z\",\"end_time\":\"2023-10-11T12:17:11.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Domains that have resolved to 2403:7800:5021::58\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"related\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}}],\"observables\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T12:17:16.000Z\",\"end_time\":\"2023-10-04T12:17:16.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T12:17:11.000Z\",\"end_time\":\"2023-10-04T12:17:11.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-b9244abc\",\"uuid\":\"97846fb1-ae7d-4acc-91ee-30af5a70e49f\"},{\"created-perf\":38226674999.999886,\"updated-perf\":38226674999.999886,\"type\":\"deliberate\",\"created\":\"2021-03-03T12:17:25.498Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"m-out-com.basmail.jp\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T12:17:24.511Z\",\"end_time\":\"2023-11-03T12:17:24.511Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T12:17:25.000Z\",\"end_time\":\"2023-11-03T12:17:25.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-e788d330\",\"uuid\":\"fdc5434c-c899-4f05-b670-cd6bd7937dfc\"}]", "short_description": "Snapshot @ 20210303 12:18:07", "omittedObservables": [], "archivedObservables": [{"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}], "selectedObservables": [{"uuid": "d89e6cf0-74b1-4a30-aca8-111e52bac34a", "observable": {"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "disposition": 2, "type": "ipv6", "value": "2403:7800:5021::58", "id": "f96b1532"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-73f9308b-7e0d-4c63-8e4a-9c0693479453", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:18:10.220Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force IPv6 Malicious", "searchHistory": {"selectedObservables": [{"uuid": "d89e6cf0-74b1-4a30-aca8-111e52bac34a", "observable": {"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "disposition": 2, "type": "ipv6", "value": "2403:7800:5021::58", "id": "f96b1532"}], "omittedObservables": [], "archivedObservables": [{"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}]}, "schema_version": "1.1.3", "type": "investigation", "search-txt": "ipv6:\"2403:7800:5021::58\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":15949539999.999615,\"updated-perf\":15949539999.999615,\"type\":\"collect\",\"created\":\"2021-03-03T12:17:03.221Z\",\"state\":\"ok\",\"arg\":\"2403:7800:5021::58\",\"result\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"id\":\"collect-3d6e0247\",\"uuid\":\"3fd5a51d-03af-402a-ae73-4688ecd918e3\"},{\"created-perf\":36907750000.000305,\"updated-perf\":36907750000.000305,\"type\":\"investigate\",\"created\":\"2021-03-03T12:17:24.180Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ipv6\",\"value\":\"2403:7800:5021::58\"},\"result\":{\"data\":[{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T12:17:11.000Z\",\"end_time\":\"2023-11-10T12:17:11.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.1.1\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T12:17:11.000Z\",\"end_time\":\"2023-11-10T12:17:11.000Z\"}}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"id\":\"transient:relationship-66a72c08-ee76-424a-8698-9b2779fced0c\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.1.1\",\"target_ref\":\"transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451\",\"type\":\"relationship\",\"source_ref\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"id\":\"transient:relationship-fa8e0d3c-a958-4cf3-a12c-de608b647771\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T12:17:11.000Z\",\"end_time\":\"2023-10-18T12:17:11.000Z\"},\"schema_version\":\"1.1.1\",\"observable\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"Domains that have resolved to 2403:7800:5021::58\",\"schema_version\":\"1.1.1\",\"relations\":[{\"origin\":\"IBM X-Force Exchange Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"related\":{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}}],\"observables\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"DNS Information\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T12:17:16.000Z\",\"end_time\":\"2023-10-11T12:17:16.000Z\"}},{\"schema_version\":\"1.1.1\",\"observables\":[{\"value\":\"2403:7800:5021::58\",\"type\":\"ipv6\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Spam\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58\",\"id\":\"transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T12:17:11.000Z\",\"end_time\":\"2023-10-11T12:17:11.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"},{\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"SecurityTrails\"},{\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"code\":\"authorization error\",\"message\":\"Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type\",\"type\":\"fatal\",\"module\":\"APIVoid\"}]},\"id\":\"investigate-b9244abc\",\"uuid\":\"97846fb1-ae7d-4acc-91ee-30af5a70e49f\"},{\"created-perf\":38226674999.999886,\"updated-perf\":38226674999.999886,\"type\":\"deliberate\",\"created\":\"2021-03-03T12:17:25.498Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"m-out-com.basmail.jp\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T12:17:24.511Z\",\"end_time\":\"2023-11-10T12:17:24.511Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"6de164b3-270f-4c6d-a23d-25c66c9ded0f\",\"module_type_id\":\"c74dceb5-1d4a-43dd-8137-22840dc664c6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"m-out-com.basmail.jp\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T12:17:25.000Z\",\"end_time\":\"2023-11-10T12:17:25.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-e788d330\",\"uuid\":\"fdc5434c-c899-4f05-b670-cd6bd7937dfc\"}]", "short_description": "Snapshot @ 20210303 12:18:07", "omittedObservables": [], "archivedObservables": [{"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}], "selectedObservables": [{"uuid": "d89e6cf0-74b1-4a30-aca8-111e52bac34a", "observable": {"key": "b175ed60-a73f-48a9-a69f-1e8954eb9ae7", "value": "2403:7800:5021::58", "indicators": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "producer": "IBM X-Force Exchange", "schema_version": "1.1.1", "type": "indicator", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:indicator-1f7fc7d3-25c5-5ede-ae36-9f20eee4b451", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High"}], "type": "ipv6", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-04-02T12:17:11.000Z"}, "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "verdict", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "id": "verdict:IBM X-Force Exchange:f96b1532", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f"}], "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "2403:7800:5021::58", "id": "f96b1532", "judgements": [{"valid_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-10T12:17:11.000Z"}, "schema_version": "1.1.1", "observable": {"value": "2403:7800:5021::58", "type": "ipv6"}, "type": "judgement", "source": "IBM X-Force Exchange", "disposition": 2, "module": "IBM X-Force Exchange", "module-type": null, "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-411b28ea-ceed-4047-827b-bd21974a29b3", "severity": "High", "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "ctr_uuid": "de1c7fd4-1c24-4384-9271-fcc94682bfac", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [{"schema_version": "1.1.1", "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "Spam", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-fcba2e93-2925-5e01-a50e-86ed7e7eeedd", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:11.000Z", "end_time": "2021-03-03T12:17:11.000Z"}}, {"description": "Domains that have resolved to 2403:7800:5021::58", "schema_version": "1.1.1", "relations": [{"origin": "IBM X-Force Exchange Enrichment Module", "relation": "Resolved_To", "source": {"value": "m-out-com.basmail.jp", "type": "domain"}, "related": {"value": "2403:7800:5021::58", "type": "ipv6"}}], "observables": [{"value": "2403:7800:5021::58", "type": "ipv6"}], "type": "sighting", "source": "IBM X-Force Exchange", "title": "DNS Information", "module": "IBM X-Force Exchange", "internal": false, "module-type": null, "source_uri": "https://exchange.xforce.ibmcloud.com/ip/2403:7800:5021::58", "id": "transient:sighting-410b60c0-5935-5246-af09-2cf96cd07a6d", "count": 1, "action": "97846fb1-ae7d-4acc-91ee-30af5a70e49f", "confidence": "High", "observed_time": {"start_time": "2021-03-03T12:17:16.000Z", "end_time": "2021-03-03T12:17:16.000Z"}}], "revListOrder": 1}, "notifications": [{"type": "error", "code": "client-error", "message": "There was a client error in the module: {:message \"Forbidden\"} [403]", "module_name": "Palo Alto AutoFocus relay", "module_type": "bb2689d9-c9f2-4d45-b5a3-7ed006a0709f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "malformed-api-url", "message": "Malformed API URL /observe/observables", "module_name": "Tokio1", "module_type": "2fdd8988-4b4c-4114-adf9-36dacce4c103", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "invalid-json-response", "message": "The server response is not properly JSON encoded", "module_name": "Pulsedive", "module_type": "44606d8d-fc66-4ac7-815b-4448e096180f", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "SecurityTrails", "module_type": "80b90eb0-a856-4251-b857-ab9ebdf917ae", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}, {"type": "fatal", "code": "authorization error", "message": "Authorization failed: jwks_host is missing in JWT payload. Make sure custom_jwks_host field is present in module_type", "module_name": "APIVoid", "module_type": "7564fde0-5d68-49a3-b195-54ebc215754b", "observable": {"type": "ipv6", "value": "2403:7800:5021::58"}, "observable_id": "f96b1532"}], "disposition_name": "Malicious", "disposition": 2, "type": "ipv6", "value": "2403:7800:5021::58", "id": "f96b1532"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-73f9308b-7e0d-4c63-8e4a-9c0693479453", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-03-03T12:18:10.220Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-MD5.json b/IBM_X-Force/Snapshot-with-MD5.json
index ac11643d..40ad0765 100644
--- a/IBM_X-Force/Snapshot-with-MD5.json
+++ b/IBM_X-Force/Snapshot-with-MD5.json
@@ -1 +1 @@
-{"description": "IBM X-Force MD5 Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "md5:\"84c82835a5d21bbcf75a61706d8ab549\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":19236985000.000004,\"updated-perf\":19236989999.999878,\"type\":\"collect\",\"created\":\"2021-02-03T09:04:22.989Z\",\"state\":\"ok\",\"arg\":\"84c82835a5d21bbcf75a61706d8ab549\",\"result\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"id\":\"collect-37909b17\",\"uuid\":\"93135d49-8e0e-4af1-92bc-405e1497310a\"},{\"created-perf\":30012270000.00017,\"updated-perf\":30012275000.000046,\"type\":\"investigate\",\"created\":\"2021-02-03T09:04:33.765Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"attack_patterns\":{\"count\":3,\"docs\":[{\"description\":\"The adversary is trying to avoid being detected.\\n\\nDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Defense Evasion\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a\",\"hydrant-25a33a3c5210a2e663ac52b66faff3cb7b55870d1a952a9173c3b90e67c188a2\",\"ATT&CK-TA0005\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0005\",\"external_id\":\"TA0005\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-91fa4286-7926-4ec6-92fe-1be5a3b4b812\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"defense-evasion\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:43:23.473Z\"},{\"description\":\"The adversary is trying to move through your environment.\\n\\nLateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Lateral Movement\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e\",\"hydrant-62e6b191c0c8340b08d2c0514e8a226d21acbf3e8711e18e203104c2d7e4007e\",\"ATT&CK-TA0008\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0008\",\"external_id\":\"TA0008\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-edb90156-c9fe-45ee-960e-c65e815cb92b\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"lateral-movement\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"actions-on-objective\"}],\"timestamp\":\"2019-07-19T17:44:36.953Z\"},{\"description\":\"The adversary is trying to run malicious code.\\n\\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Execution\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5\",\"hydrant-1290b3f81c16974cc715eb8cb79ec14a4974b553a8d4739bf6d4879bc96964ff\",\"ATT&CK-TA0002\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0002\",\"external_id\":\"TA0002\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-f9897c17-481f-4815-b942-c9c2ac108f08\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"execution\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:42:06.909Z\"}]},\"indicators\":{\"count\":16,\"docs\":[{\"description\":\"A file was created in a fake Recycle Bin. This is done in an attempt to conceal the presence of the file on the system. Please review the 'Disk Artifacts' section in order to view additional details about this file.\",\"tags\":[\"recycler\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2014-10-02T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-29f64911fabc9b10792ef9527847486a977ea051697df8fff2634933977940c6\"],\"short_description\":\"Process Created a File in a Fake Recycle Bin folder\",\"title\":\"fake-recycler-file-creation\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-83bef109-0641-4fa9-bce6-73ee7a6932d7\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a malware variant that will encrypt common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\"],\"valid_time\":{\"start_time\":\"2018-09-26T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-6df1431824dad39727db47d8ec2c8d67ad0507c624b3e1b672c6740fa09712c6\"],\"short_description\":\"Generic Ransomware Detected\",\"title\":\"malware-generic-ransomware\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\"],\"valid_time\":{\"start_time\":\"2019-03-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2019-02-20T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Volume Shadow Copies are snapshots of portions of a file system used for backups and System Restore points. The 'vssadmin.exe' utility provides a way to remove these copies. Malware authors may delete these copies in order to make recovery and access to a target's original files more difficult. This is especially true for ransomware varieties which encrypt files since these shadow copies may still contain the files in an unencrypted state.\",\"tags\":[\"crypto\",\"file\",\"system\"],\"valid_time\":{\"start_time\":\"2017-07-14T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-fc98412693920b7b7e900cab551dd26d0bdc9e3d13fa6c6f9b5e561d0fc3e20c\"],\"short_description\":\"Shadow Copy Deletion Detected\",\"title\":\"command-deleted-shadow-copy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An executable file was found in a recycle bin folder. The recycle bin is intended to hold deleted files in case the files need to be restored. Malware will often attempt to hide files by placing them in recycle bin folders and executing them from the recycle bin.\",\"tags\":[\"recycler\",\"executable\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2019-05-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ade122ee0771d8bf06bf93952ed7cf4bece911a5852fc74712d23323753ad7e8\"],\"short_description\":\"An Executable Found in Recycle Bin Folder\",\"title\":\"recycler-exe-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Wanacryptor is a ransomware variant. Once executed, Wanacryptor will encrypt files on the local machine. It will also attempt to spread itself like a worm using Windows SMB file shares. A ransom in the digital currency Bitcoin is demanded to decrypt the files.\",\"tags\":[\"ransomware\"],\"valid_time\":{\"start_time\":\"2020-01-10T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-01c5df46a35aff90bd2ab27799e2e8fadc18b7921c641bf3e8d454cc5f6eb63c\"],\"short_description\":\"Wanacryptor Ransomware Detected\",\"title\":\"malware-ransomware-wanacryptor\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A process set a new wallpaper for the desktop by modifying its associated registry key or file. This may be done to grab the user's attention or as a scare tactic. Ransomware will often change the desktop to leave instructions on how to pay the bounty.\",\"tags\":[\"process\",\"scareware\",\"registry\",\"ransom\"],\"valid_time\":{\"start_time\":\"2018-07-06T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-3e39186936137a88e3ee6fab67c7bed1f160044d17855adf628f9a80b07e6271\"],\"short_description\":\"Process Modified Desktop Wallpaper\",\"title\":\"desktop-wallpaper-modified\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a class of malware that encrypts common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. It is also common for variants to delete shadow copies which are the default Windows backup mechanism for automatic backup generation. This is in order to prevent recovery of the original files from these backups. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-01-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9117762eddb7bb41077183b8e9d86372a1f29137e11083c3b07656045fc59b9b\"],\"short_description\":\"Ransomware Backup Deletion Detected\",\"title\":\"malware-generic-ransomware-backup-del\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"A machine learned model has determined that the specific set of indicators triggered by this sample signal a high likelihood of it being malicious. Some times, no single indicator by itself is sufficient to determine the malicious nature of behaviours. In such cases, the specific combination of indicators may be used to make a malicious determination. The machine learned model is trained to identify such combinations and takes into account the cumulative contributions by all triggered indicators in order to reach a conclusion.\",\"tags\":[\"suspicious\",\"threshold\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-12-20T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-829a0f95fde3467f366a217995e55e139e708d32f8f330dbb8ba109ecb607743\"],\"short_description\":\"Specific Set Of Indicators Signaling High Likelihood of Maliciousness Detected\",\"title\":\"high-heuristic-score\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-925517bc-8bf2-4ec9-9f2c-96f30289f38b\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A JavaScript artifact was found to contain random looking variables. In addition, the script launches command prompt and uses it to execute a file. The combination of these two anomalies makes this sample highly suspicious.\",\"tags\":[\"javascript\",\"obfuscation\",\"compound\",\"process\",\"launch\"],\"valid_time\":{\"start_time\":\"2019-09-05T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5d041358bebd89a8f121e2fa5f13293446daf12df2deb360f836432fdf900a7b\"],\"short_description\":\"Command Exe File Execution And JavaScript With Random Variables Detected\",\"title\":\"js-compound-random-cmdexec\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-8e61dec5-3ad0-434d-af15-835aff96ec23\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\",\"ransomware\"],\"valid_time\":{\"start_time\":\"2019-03-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-06-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"The WMI command tool (wmic.exe) is an interface to the Windows Management Instrumentation. It allows display and modification of local and remote computers, setting system variables and executing scripts. In this case, it is deleting shadow copies. Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Malware may delete these to prevent the user from restoring files that it has encrypted or destroyed.\",\"tags\":[\"system\",\"system modification\"],\"valid_time\":{\"start_time\":\"2018-02-07T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9d62773bd830933e9293398e91706f67a52b6d0b7d32955372792ad077c87cbf\"],\"short_description\":\"WMIC Used to Delete Shadow Copy\",\"title\":\"wmic-shadowcopy-delete\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2020-04-07T07:41:44.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]},\"relationships\":{\"count\":100,\"docs\":[{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-109c573676a93f101d20bd2c639087b2c372e8ae\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e1abe08b-4703-4021-abd0-6164d3171eac\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.565Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0f85ea48a9dfd371850136d52f4e22916bc0f74b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-48b52c41-807d-4259-b66e-1908e190e1a2\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.646Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-381d738519a1df216f21a3df5b24e5f02caeb754\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-38705230-3cd4-472d-89eb-3125c39f6332\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.385Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8078a0e16855fd506df01654484e4e1d12e95596\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-301e2511-f106-468d-8b7d-2c7c66ffb8af\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.708Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aa9e9b990e865190e57e36306cc27d723a60f936\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8cef817-c738-446b-9445-b97fd8e5df9b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.582Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0c2fd52136a95386b115714f0f3737923840f631\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ac1d1ad-32f1-4b92-9f60-281a98135cc8\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.832Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5f04891465a33dac7ef1f7163e5bec5f32316b51\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fd9e19e7-a08e-4d97-9d4e-967e6b94cd54\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-090a91586947ef35dd14572e44fd48841fc3bc67\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-73ddfbd4-f27c-4516-b7ed-aecdc1e1c52f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.288Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0cc14cb9f99656b62f13ee88887df672c307b48f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2daa1682-3d04-482e-9923-f9d41aebdf2c\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.788Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7bdfe95a186e2b9ecbdf874ecf1700458b6fefea\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-af9e5fd1-f2f0-4a08-bbd1-28f63d593a73\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.797Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-838523774b95d6a2eaa83b67e7b6fb774c8f7b79\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-918632f7-a56b-4da3-8178-dcb54d1f70cf\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.834Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fca74aa1894974efb8311cbbc45fcce715a8ff68\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2c3cc882-3544-4fe2-bec6-385c5f73d3c2\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.091Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9d6be09d9577c65d2b3546fe836e007f292d1ebe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-76605dc1-0f91-4d60-ab20-92559c381f2f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.537Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b9d57e6c09dc9992d9b7788099bec4cac04a9b4d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d28f676a-9202-42d6-848c-fa05baec5234\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.132Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c579134b17fa263b577417e64b099aabf105658\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-14d8a5f8-4796-4ffb-aad1-ba88cd69e440\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.564Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1cf55712a4fb54804f4c4f8dc1753139a0f3c5b4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8848778c-7fd5-447f-9144-21a06eae82af\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.734Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8f0c98e523887a9e94e5e62f02b7776d4fe691ac\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-020e6d2a-df94-46ae-a31b-c70f95e14b89\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.352Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6fe75837291cde12f2abd9587157048a7347d499\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-366094c9-f5e8-4438-903c-6fd46cee28fc\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.568Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1a49507d32dae498cf527657d3437b925cf8de52\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f14d3fc0-2b36-4a6b-b867-afbb1c30b62a\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:33.114Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c18a07ae411487711caad3fa66e2786c79022000\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f30c9bf7-2611-4839-8f6b-0902b186709b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.207Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ff16caa9a2a15f004aff97e58f2be7aec2daa3fd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6e2e10a0-5b44-47f2-9c2e-edf7ceae9181\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.346Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f961245764c85d42f2e00172f0c9a584c4d7200d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4942f9f3-dcf8-4d5f-abd3-3267704c26f3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.366Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b00a8db9660eb27df35ead05c6bce3ee9d7111bb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4c46825d-627f-48a4-90d8-361b59e485e5\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.446Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fe8afb0f3563d9f40d6ed0f8bb1c87747cd24544\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e6336eca-11eb-4f87-9d40-3eefac22436c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.929Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1104601bd5f0b2ca1fb3bf5460ce62eb08ab23e4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d3ce7fda-095a-40bf-92d5-ef7e28fdbfde\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.532Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b8b3317765421765d04f1ea6d1ffbb77bffc1363\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-47d82c88-3540-4770-9171-127cc82102f0\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.129Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-85c17173302b0ff1819eabac9f8b3b9b26da4d9d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1dfcd195-974e-46fe-8ee2-de5c1da2ab88\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.837Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bb09c6c3ee93746e7e991f892d6c27e020077e11\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6cb63f60-df6f-4b64-a6b5-28333490b821\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.503Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3d35f9ad2631100e6ce77104a101a5407557fafe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-744ba337-4bf9-4d19-bd51-2f36038e0961\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.348Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3e52c04f0a6be4fc4efe1cade1f2c3979f4b8460\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ec9b793a-9c71-4ae0-bced-a71f675319d9\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.521Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-03fe4a51229458bcb506a0a6f29948fe6aaf956b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-aecdd78d-817b-44a6-ad50-4db949d72547\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.418Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a88ea16cda1296f8cbd802754088dd36c99a21df\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-31ac9405-42b4-4b49-ae05-41274b115789\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.295Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b70f73090de09979721ca1bf85656af40bc914cd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ec59163f-825c-4f3d-92dd-5de8d39e3b8e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.174Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5cfec627e449988833ce0adae5af8ff4fc65df62\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-69490c8d-d5b9-4e59-9d96-7fbdb89f3824\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.316Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f565fc1c71ac8d8343a445835d2a53f919d6f795\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-bb7d245f-f98e-4be0-a881-966406274423\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.641Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-533aac94cb318bb2f53a806f5e1f5d16dca4f8e7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-df8cd6fa-c961-45a4-a90a-95161fa87bac\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.611Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-faa8426028d3e7884322f57fb8f9156dfb78fc02\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-862caa5f-5d4b-4b6f-a3f5-5991b39c3d7a\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.332Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-008634e4158ec137f736a8af496506493b092da0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-30778f89-b638-4ce2-a822-c177c939f5cb\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.867Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-41036bed927eafc19543e19f4c9f1ae3f1f2a326\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-49ad5158-25f0-4198-8183-ce4796b763e8\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.884Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aaba290f665260744dacc3ff3e572fe99fdad7bf\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e6ee9e1-4f5a-4362-87ba-c80d26c1e069\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.030Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e3499e57b8134a1bae0462d6b03ae7b3e9e079be\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-95011543-faf2-4ce4-a2b6-30775f4556ae\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.654Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2a0f32fda1c6268ef21dfcb56c99bc37a710252\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e46096c-aa94-4731-b393-4a8ea684d404\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.858Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4f4a4aa880b49dc26b7f54104c6eaa844b8cd70f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-819b80f6-2751-4e4e-bba6-b6d5a66fb2e7\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.740Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4f1d3da22044b58e5364331f085fb5c609ea3210\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-669ff1ab-b4ff-4134-a284-d261123f364c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.608Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-52426e32b55e6b70b0e97c17caf360b22608e8ca\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-df0d78ba-5c74-4a31-afbf-4a0fc650cd8b\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:33.022Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-162d03fc4f65b5e72b0018646c28267ea287cde7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2a7cc707-1cc3-476e-b9a3-3c2dd449bb58\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.869Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-64ee91ac798e1e98d9391d4d8384658caada9af8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-19fd1ee5-f88c-4149-9952-d4f0bffa6917\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.575Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-00e871ef4283d6191a305a06fec0d48482a9bc85\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b99c56f6-ce8a-4002-a6fe-32b51cf3be8e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.706Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-21addfe49b46a2ed1fb6ae1ef2ed6e3fe7294bc6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-52c7f372-4a83-4c9b-bbe9-467ac3bbfb8a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.638Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b946a56e5d2d1b129c48f9bb12caa60cb54cec6f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b1613a18-f198-41c6-934f-8a7fd9b241b0\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.977Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-81b309429d588066a00e7c690f38081994e3077b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-01f5f693-d2fa-4101-aad9-f69b51fab812\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.384Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4ecffd331c65b0ffac259ec84ec9a230ba500ae4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e75a1e0-94eb-44c1-a9df-ef1f66aa7b89\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.203Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8056797d3da25a447edc9a4607c70f77f5485444\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-22a62b10-e10f-400a-bfb0-6b8dd633e97e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.484Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d72add2c2a9534a3f7ca640e9fac70fe072bd905\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-99d655bc-ca88-4504-9ae0-0dc6b70ce681\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.672Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a982df6249e6b36e4e6bf63d4e93f4d57e3654e3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a9c11cf5-3165-4c82-8dc5-aa2eea4cbb8c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.238Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1241c3920d1336857017a4eee3dc196ff6ca18a9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-33e1eae2-0dd6-447c-bdae-aea2877d5b3d\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.771Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9e6d1a35ffe6c9d53b93a4d331d024726466bd16\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-25792705-9168-46a6-9b15-b06665b83dbc\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.422Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6b65f6fafab117b377430020954bcafce9d94cf1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1c71a7d4-dd87-49c8-9d08-c4138845a6f8\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.493Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8dbea55492b3e50671a5d7920f1dca889d66cefe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-72913807-5e12-414b-a476-7381f069c4bd\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.017Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5865588cbd6da100e3bb86afcc1a6f1be9b702d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d055655f-9b50-450d-b44f-a1b73eb049a8\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.317Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b588cbcbda10b95349ac73a89e11b401c857e60f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-835e1ab6-a9b6-42cf-872d-57bd71253ac4\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.651Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0f5e270a2550e8f51f5fec7f2cce0945b6bd7241\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c10f1f19-453f-4169-a38c-bf7eae93e1cd\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.646Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a9c3f9076420d7794bf4c9a89b902dab3d0e437e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8901f3ef-dcc7-4ac2-acce-3a2aba667c40\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.548Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b524f8c4bb64ba3362ec92a32a0cbd52d2bac2b5\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5d67fa43-1efe-43e6-ac2f-0dbe85e839f8\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.611Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-58bd86609eebc324637f249383a424b4bda5e55c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c04e2b53-821a-44bd-ad2f-d252fd6eb7c0\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.400Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bc6bbbf788415bebd94107dcb218027b283a0010\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-58aa42b7-02a1-4e53-a4a4-4bc6f3178439\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.768Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-25aa1b963a642aa84a66f3cf2524637b3c94a405\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-13ab0b24-6a47-4a27-99d6-e67bdb9eb461\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.800Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9350421c53bda594a85282a463473e8f022f2312\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-09a3cd2b-0acf-4e95-b17b-50188ddccc98\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.804Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d301cf4b030413681027401989afc613e397914c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-10036831-f6c0-47d1-b68a-010817d67c37\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.834Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99ea94e1cebb7b7f9cb720238bad30ea3c530f70\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7ca57c7a-508c-4b92-ad0b-1c39b222353b\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.392Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-09b6b6ba5b1dc8d7e9be64ffdf9131cf82d63cd1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9e734e83-6ece-41af-ab69-e5667ec2a00b\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.472Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-495489418be5d20e425b213895d501927ee9dbdd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7f0f10f0-e610-4072-9cbd-be073d9de1bc\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.984Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0bfc9c58be90b3346c63ddbb29b3352e04fc34c6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1060626a-ec03-4ef5-b5ca-b016177a1154\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.620Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-27f67e3ae110a3e11e468cf6ce6fbb5b42e1a002\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c092fdc7-bd6e-459b-b2fd-a11a3d238fbe\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.935Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3e731e7485152a4df142546dcd8c77785a657859\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f8ac2c5b-2362-4ea7-9958-f971f00ac690\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.929Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9cc1adcde797c372062350aff892a6bf4d312c0f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-716aacbb-90b3-4ccc-af8c-f18bcd2d074d\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.061Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-32aedfa37757ad76d84ff5f0d7e37e48fb671dc9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4c780db7-1364-4515-9258-23c6d7a9d06b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.405Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9b93566d41971f894eca07cbe24073e5d15e5c92\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0babbcbf-14b5-4d24-bd77-0fec333f5476\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.466Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f5bbcd6819a1aa67ffa69943287f2470d1f6f46d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ab864b3-a837-40b2-91ee-862f8799bc36\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2561a9c0966f36f30ffbbfbd69e992f947ad88d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2dbb1950-7011-4c2d-bb95-8f41bd9d569e\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.741Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a195723911fd32391cb5b09bc642ba1c2b2313eb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0582d1a7-7517-4c12-b703-c8307f86ae42\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.185Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c4d8cf2de152bf83120631d4026266601c23a47b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-086ac0b7-ff59-4ecd-aeea-3566d20782c1\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.472Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2494ca754b3aa6aefa7233bdee226c89557ab54a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-11038a85-031d-4de1-ae61-3ce32eca8645\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.096Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0fae26dcac2f6e7478a6ed94e123ee12248cb629\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7778f341-4c19-42ca-ac4a-b1e97d1cc763\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.064Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f10d1169762d04b8fd7729cf9437a48cbb80d063\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9ba53723-6781-4296-ab7c-6ec9c9c468fd\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.326Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8640d06d5bbf0e21083e06e6755deb99b30b6433\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a1177496-3bc0-4c1e-9fb2-21a8a2b5f2de\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.372Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-629f5cbaacdd9df510df940e361b339574e44d3d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0b768917-5e79-4037-828c-28a475f344ee\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.470Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ec4915143ccc3942785cf77084a5d33a05237382\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3ba9b0b1-d588-4b95-a9a9-4c141bd03524\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.898Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2e472349be9d3caa19fa8bdd3bc52b15e5adb24a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2c82f17e-2979-4e70-bc55-e19d70fc2634\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.440Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2c3029f7f4a5d4b21d729b1695ad95ae25e14787\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-97314f0b-f1e6-45de-b4ef-f611cba5e1ca\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.473Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e01d0e9e1095601bf99157b9c479455ee3ea0782\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-30f46413-9a4d-457f-8fa6-5241b5135ada\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.167Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-427157264ab1d1d0ffddecd5f684ca3431c3084c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-32d1a7a1-932f-4350-916e-484359a3d4a3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.502Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e22499cc8f2d4f3633f3f68ef172962fa12292c4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-433e2413-76ac-406e-9256-c307dc1c27f4\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.535Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-096516e8344b9beba23fe0171511477bb9a55dd9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-330a989f-9ef1-45b6-b426-e8f35b70d67f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.376Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-de6a81db83bce9f5a44e7c253637d93663744a65\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3aa64a5b-7ee2-48b6-af5b-e451af307805\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.101Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7d4482b3e80878a4f34d064f2319dc017c7598aa\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c8ecee9c-0dfc-4736-92de-7120ab492fc2\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.437Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7da0ca15ca0a49b33e68ea1922cc5cd5ded57b9b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7083a164-71db-4a35-8c52-829185706735\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.559Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6bc53984ca79cf22b20f8ade589f5fc5c2514582\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-69135185-6484-44e0-98b1-66063507bdfe\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.245Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5268b6b0d0891ea9f89ae778388f75f5c70c48ae\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-19336e20-e940-4c2f-8692-bd9f46aef68e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.515Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-941723b4600d4273cb1e0ab3d7339470abe6964c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-24d836bd-6f90-47b3-86da-8604335e1b86\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.546Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2020-04-07T07:41:44.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"schema_version\":\"1.0.0\",\"observable\":{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/cd2275c3415e26f96cf78be39f7b892d\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-md5-84c82835a5d21bbcf75a61706d8ab549\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"severity\":\"High\",\"tlp\":\"green\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":100,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1800637c959a52480bfd7bda6bda4755\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9c987e09-e36a-47c9-b4a3-6a935a44b325\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-07T18:52:25.000Z\",\"end_time\":\"2021-10-07T19:01:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-493d517f-a5a3-4015-92db-578d34513e3b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-23T20:15:53.000Z\",\"end_time\":\"2021-12-23T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a999cf5cb17033a10225641f3bd2afba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bf6afc6f-58f5-4103-9f24-075deb40fe9a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-11T18:44:08.000Z\",\"end_time\":\"2021-10-11T19:04:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-68dc97a1fd873abcdb143ccfb7b1b255\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0e7ff42c-da36-457a-aed7-b3c5b89b73c9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T20:07:26.000Z\",\"end_time\":\"2020-10-30T20:12:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0445534795da304113a1d18b330d0acb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-423e5cfe-0ae3-493f-98fb-b7e9b09607a9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-30T20:41:28.000Z\",\"end_time\":\"2020-11-30T20:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8e786549-39e8-4fc2-89e8-ae1b41727ccd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:35.106Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-03T14:36:32.000Z\",\"end_time\":\"2022-02-03T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb00b006329e50beb56d36e711a4d127\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-faadf337-d3f2-401b-94bb-efce08a33a74\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-09T15:33:10.000Z\",\"end_time\":\"2020-11-09T15:39:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5eb5a5d3b5aba303a8030f0f80bdb747\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e82aa27b-3ee5-44da-a891-e035f6b818a4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-09T16:15:11.000Z\",\"end_time\":\"2021-08-09T16:29:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6462622fb8011601a09cb86bd46045e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7befc431-e536-4b58-bff0-dc8e69384240\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T08:55:02.000Z\",\"end_time\":\"2021-10-21T09:03:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fefbc448127d7cfb9b187591576063b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e6b2245-c8b2-4b81-a1cf-7b549de4d9bf\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-09T07:45:13.000Z\",\"end_time\":\"2021-07-09T07:55:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8b3b8e08b9a12fb5d4a2a78e936127b3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9198805a-8144-4e27-82de-8cc497f22210\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T16:41:47.000Z\",\"end_time\":\"2020-10-30T16:46:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-83edd7f6e489f4db9c324d7a55d5bf6f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6b6e3e49-0014-4280-9dce-bfd3e4f23c4c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-08T15:47:58.000Z\",\"end_time\":\"2020-10-08T15:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aadbe6f0058a6896ec57e5749315bb1e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.088Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-16T12:24:25.000Z\",\"end_time\":\"2023-01-16T12:40:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33437b83732b20e128f801914d387652\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-16fd88a1-d366-4d28-b4de-959cb8c5f63f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:43:23.802Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T15:29:24.000Z\",\"end_time\":\"2022-11-08T15:51:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3abc1aece07243f578cdf080c88707e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9a322902-c13e-49ea-9a86-6658eacf2ebb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-09T17:40:56.549Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-05T15:27:30.000Z\",\"end_time\":\"2022-01-05T15:48:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3381fc9baf8e6e7a24e6ff9ab28d5ddd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ba26d23a-49ca-45e1-9917-236fec538a62\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-24T09:21:21.000Z\",\"end_time\":\"2021-06-24T09:31:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-13b2214bf6d0eba2278af1d269ad883a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.257Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T19:27:15.000Z\",\"end_time\":\"2022-11-17T19:37:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aa8a5bcb0e269613fb2a9cb48a113876\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8c666857-2c78-40ed-b290-a9032c27133d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-25T12:41:24.000Z\",\"end_time\":\"2021-08-25T12:51:26.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0a32e8d5ac10c5a1750c62880e9946e0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-35b89638-9b50-41fb-9c1a-7c0659512ee8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-09T08:05:23.000Z\",\"end_time\":\"2021-11-09T08:21:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4434973766bcaf7d8a6163788047dba8\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-aace1a5b-f038-478c-a672-0c3fdb2d183b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-19T18:35:17.000Z\",\"end_time\":\"2021-10-19T18:48:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-73b2b49cc3c97e3de4b2969fa0ef852f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-27a2439a-4547-4257-8cb7-7adfedfe8969\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-07T07:23:34.000Z\",\"end_time\":\"2021-10-07T07:38:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5cd84a69396b3aa4663e5f606b3cdf0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.280Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-05T12:06:56.000Z\",\"end_time\":\"2023-07-05T12:15:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-de8f372d27de40bb198879437c30ec4e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7168306e-a814-4758-b799-aa7ddbfed412\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-11T08:25:02.000Z\",\"end_time\":\"2021-08-11T08:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-440c401604feb297a4b8c6d3574bd03a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ce139fe5-ff08-4d1c-ab8d-135b6fa75ed3\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-05T08:04:19.000Z\",\"end_time\":\"2021-07-05T08:14:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9d4404973f89bbb1041921e98cb4820\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8169784-b95d-4096-adca-36d41ee116ed\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-02T21:16:27.000Z\",\"end_time\":\"2020-11-02T21:20:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f00166203cc58f37db87fe71969ad23c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a880b27d-a3a7-4507-8cd4-883df7ac8a46\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-25T19:41:08.000Z\",\"end_time\":\"2020-10-25T19:49:48.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e4f988a3041bce6e0fad9f1dc620e9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0d61454c-09af-48e6-9a02-32a6d3176b1c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:35:58.000Z\",\"end_time\":\"2020-11-17T08:52:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-48fed39715f044591724bed44dc49f35\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3d5a5130-3fbe-4ffb-bc5b-653fc98890fb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T08:48:33.000Z\",\"end_time\":\"2021-10-21T08:58:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-329c6fcf6be6340581fa856f39772ecd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1d07d2d4-ab69-4856-96e9-bd2749c01107\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-31T21:58:48.285Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-29T20:39:18.000Z\",\"end_time\":\"2022-03-29T20:49:35.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4540b5c5a11fcb59ac9cd6cef151a4c5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9e38fdb9-3677-4e23-9dae-cd9359db6972\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-19T17:20:27.894Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-17T16:18:25.000Z\",\"end_time\":\"2022-03-17T16:28:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-49eba74c4c65fea92943dafcc9c3e281\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebf75ec8-7db8-40f0-97c5-b325328357f1\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-04T16:22:11.000Z\",\"end_time\":\"2021-11-04T16:41:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-18d3499a967805381d5ff741f6ad5d28\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5969fb22-c1ab-4ad5-8eee-fef1b8f32e4f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-14T14:05:36.000Z\",\"end_time\":\"2021-12-14T14:22:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-24a7ed5e06b0997a82dac23a98cd7cd0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-61c3ea90-cd6d-41c3-b276-151900fed9cc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-12T17:54:55.328Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-08T16:35:46.000Z\",\"end_time\":\"2022-02-08T16:52:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7070dd836f1266934eba51c07422ff0c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-43cdb4fd-0d87-48b8-bfc3-49b77904ac79\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-18T04:27:39.000Z\",\"end_time\":\"2020-12-18T04:36:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-487167781221d890aedc92e271380a68\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-cc9773d6-ed43-4018-ab57-3731c4920e30\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-01T17:05:26.000Z\",\"end_time\":\"2021-11-01T17:19:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f246e247d7394c1b50a2676a3072bd4d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e125837f-96c8-441f-bdec-3dae5e0d6f6d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-27T07:59:07.000Z\",\"end_time\":\"2021-07-27T08:08:25.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212bfa058d713132e87f513ee86885b5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9deacfa0-81a7-4dcb-8f30-a23f29c6b3f8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T14:23:08.000Z\",\"end_time\":\"2020-12-04T14:29:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-da10f77e1e98e50e6d1f44ee9fc16e96\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e427df57-d358-4251-b7df-ea0a9c1d8d04\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-28T16:12:44.000Z\",\"end_time\":\"2021-09-28T16:21:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3875ea25-2f8c-46ce-94df-39805723bdca\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-23T20:15:53.000Z\",\"end_time\":\"2021-12-23T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-9eaef8b6b2e75b55e42fc2e7072dda8c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1383f1ba-8348-4493-bc5d-402cf31797a7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-02T15:45:01.000Z\",\"end_time\":\"2021-08-02T15:59:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aab2cfc797b4fde3f9b6925d994e8c3b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a0f32766-1e19-43f4-8c58-b0a6b5d8457a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-21T13:03:26.000Z\",\"end_time\":\"2021-12-21T13:19:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81f760143d1d4774a4b3ed76df9d7ac0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.822Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-17T12:48:36.000Z\",\"end_time\":\"2023-01-17T13:11:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1ef426b1-c050-4eda-b990-95512e88889b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.951Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-03T14:36:32.000Z\",\"end_time\":\"2022-02-03T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-ebe35e82bc562b5df50a1b25e7099c30\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9705da17-7a79-4f01-85ca-ad9ec81f73f2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-24T03:45:58.760Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-20T13:47:47.000Z\",\"end_time\":\"2022-01-20T14:08:36.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ea936a6774ff4698a0dff83cb6a7867\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1aae674a-1967-4c37-9afd-815dbc0d7f66\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T12:17:02.000Z\",\"end_time\":\"2021-10-28T12:27:40.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7d8ec9066482428eec4357deebfde0d6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4760b31a-8adb-4b1a-8722-2c942cf7f795\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T14:15:16.831Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-31T17:17:06.000Z\",\"end_time\":\"2022-03-31T17:23:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fd11120571777e118f1192cdae4759e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7b202024-7951-4cb7-9509-69fedf2e7f00\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-06T17:28:29.000Z\",\"end_time\":\"2021-10-06T17:42:56.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-900e5e345e8193b84b808e2bf0fa16e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1592c658-a927-42b5-a762-3c6754adab14\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T21:55:21.000Z\",\"end_time\":\"2020-12-04T22:01:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-04287f919a3def5f1d2bd9eecfc2ffac\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.476Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-02-22T04:56:32.000Z\",\"end_time\":\"2023-02-22T05:00:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81338238071dd3ce8ca2343b8507596d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6cfce07c-c4e5-4b06-9d69-6c3df994d7e5\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-25T22:26:56.397Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-21T17:00:09.000Z\",\"end_time\":\"2022-02-21T17:09:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ed11cf9ba4767a045a8078b300b34bf\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1c243390-1828-411d-9e30-6d851ab1e60b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T20:59:05.000Z\",\"end_time\":\"2021-10-21T21:12:20.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7420188d21b4b13db023a5587b3c7aa\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.443Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-21T16:26:50.000Z\",\"end_time\":\"2022-11-21T16:41:01.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb27d870e0d4577f6440ff706dd5c211\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8c01e79-8b30-43ce-8b68-22e56403a893\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T16:14:09.791Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-31T17:49:36.000Z\",\"end_time\":\"2022-03-31T17:55:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2e329216a9df995e09f6406f8b732993\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f37f50c3-d599-4521-a843-55e7c8545b25\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T16:41:48.000Z\",\"end_time\":\"2020-10-30T16:46:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-38de421c1eace15dc5211066a8978488\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-128f5a1d-2d80-4750-87ef-bc6eb58e0ae5\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-09T16:42:43.000Z\",\"end_time\":\"2021-07-09T17:03:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf76f600a2af2c19f32d425520e94cfe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ca80bac6-c8f6-4655-a996-1d09c494ee42\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T15:05:00.000Z\",\"end_time\":\"2021-10-18T15:13:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.14\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d8ba36bb037564ce1b0cd5aea1098cf9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-b0965f36-e8b8-4d50-9c62-4cf095a60541\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-01-30T14:33:07.340Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-09-28T17:22:41.000Z\",\"end_time\":\"2022-09-28T17:44:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8461b50008f3d92cf6a2597b05db631b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a3e75e34-573b-4e54-bd08-2ad7cb665312\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-09-28T19:20:07.000Z\",\"end_time\":\"2020-09-28T19:29:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212889a0d2f2d477c3b3b94d55788c2d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-401ddb18-0b7c-402b-b7c6-ab1cf7c909d6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-16T16:19:08.000Z\",\"end_time\":\"2020-10-16T16:27:39.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b2766fa8cd69a03e2c332abf838bdb3f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6522f8f6-7d37-423b-939c-ba2bfa6cc88a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-06T11:23:59.000Z\",\"end_time\":\"2021-07-06T11:32:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3697d2f343a2e37c54b926ffc4fc7461\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8568fa78-8889-4196-83b1-58bd29c7c6bc\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-16T16:31:46.000Z\",\"end_time\":\"2021-06-16T16:45:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-02b2eb94a8e359fedbfab93f564046e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8dbead6e-2574-4353-82db-8a618fcda756\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-20T07:46:55.000Z\",\"end_time\":\"2021-09-20T07:56:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6d6713e4f9e7dbc2994f8068af501097\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-eba471ac-5263-4c7a-b51e-3a7334810026\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:59:17.998Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T18:59:42.000Z\",\"end_time\":\"2022-11-08T19:17:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d5361bdf9f7e2619d7180b326305055e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7867151a-5ba0-4a70-afab-0c8260e609e9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T14:06:02.000Z\",\"end_time\":\"2021-06-21T14:26:02.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-040f760c510edc094bf1b4c57878cc07\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.299Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-30T14:55:36.000Z\",\"end_time\":\"2023-01-30T15:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-459e47c7c53d89b86a31f5c6df11e03d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-36c88665-ffab-42d4-8c7a-0e6762de33e1\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-16T21:57:11.633Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-14T21:55:05.000Z\",\"end_time\":\"2022-03-14T22:05:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3c6bef8cc3cbf26dc99ae77b39797bb5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-daa2c7eb-41e7-44d8-b075-06f8304d275b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-06T18:09:49.157Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-02T14:09:35.000Z\",\"end_time\":\"2022-02-02T14:26:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-361043887560397b6c283da4c5aebd2a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.203Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-08-25T12:46:28.000Z\",\"end_time\":\"2023-08-25T12:53:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5873abbe7447ddd282bcad3a1c688771\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2e1fb56f-4b04-4afb-9217-fa3f84c47209\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-28T17:22:53.000Z\",\"end_time\":\"2021-07-28T17:36:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-831f917866630085e85c7262f5a8dd0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.732Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T17:52:51.000Z\",\"end_time\":\"2022-11-15T18:04:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-72e42c51b430a9773587d712679f493f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-53abda28-59f2-42a8-81b5-77f13175aa67\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-14T16:55:23.000Z\",\"end_time\":\"2020-10-14T16:59:21.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4c7f39a0d9e2e7345a6584369ebed9df\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f666e339-8aa6-4db4-ad94-45a54383e3e4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-20T16:34:04.000Z\",\"end_time\":\"2021-07-20T16:48:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5bbfc088705e99177493de6f0d3a5cd7\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-52532f6b-904d-4863-be11-21a5c6f79f36\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-29T13:19:39.000Z\",\"end_time\":\"2021-07-29T13:29:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e5eeb8ab3269ae22e389bfb0c54e24fb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-646b8270-60ca-4845-a5f5-ada0c1db9df4\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-12T00:48:18.909Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-09T17:58:57.000Z\",\"end_time\":\"2022-03-09T18:24:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3602a4b03d5aa7fa65a9317f3345fb13\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0d3beb94-cea3-4030-97ae-64cafb0e0ef8\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-18T10:31:49.660Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-16T18:59:28.000Z\",\"end_time\":\"2022-03-16T19:10:00.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1ffa74226a06e11bd93392b3f90b1cf3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-251fd9f5-50d4-48d7-a6d5-e077c8fb6f9b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-27T21:27:25.000Z\",\"end_time\":\"2021-01-27T21:37:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b0c3182489aafdceef38476276dbd052\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1efba262-1bd2-4ae4-8e8e-e9d436b12c5c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T14:23:38.000Z\",\"end_time\":\"2020-12-04T14:30:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-45a51ed43f4b077ddd0311924087fd7c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-10994532-6249-4a19-811d-1f78c7e9942d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-07T16:37:57.000Z\",\"end_time\":\"2021-09-07T16:52:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-95a0cca274f886726d0228e3c8249446\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7cbc8c08-4dfc-4a30-8c99-0e8468b9b4ad\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T15:48:24.000Z\",\"end_time\":\"2021-06-21T16:08:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-582eed5dca0044d0371407de198e8026\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-14ad363d-b1b3-49ad-9f76-e080589edd65\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-24T09:13:47.000Z\",\"end_time\":\"2021-08-24T09:23:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-07a0745863ae2771acd327d8a07332fe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ff72b1ac-1d3b-4512-85a4-36cd31fa3bd8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-08T15:54:11.000Z\",\"end_time\":\"2021-11-08T16:10:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9fc6a1612d405946200b8e27f17c6e4\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0f223bcb-eefe-4a2f-8e41-a299e2b1d718\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-05T06:05:49.154Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-02T20:59:52.000Z\",\"end_time\":\"2022-11-02T21:22:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f489dacdb747ea733a4a8ea91a1678ba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-05c8e84a-e6fe-4565-80d3-1792ee2f4055\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-11T18:28:17.000Z\",\"end_time\":\"2020-11-11T18:35:55.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a32fadde91bc210cc020097a48b5799b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.314Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-17T14:55:02.000Z\",\"end_time\":\"2023-03-17T15:11:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-be7c5b569cb74eb04c577b68a13e4fda\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-393b1f5e-a7cd-4784-acf9-9a4deeca109e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-12T16:27:52.000Z\",\"end_time\":\"2021-07-12T16:41:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c044fa761e7d041db73f5a54fc1a43b9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.688Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-05T12:07:06.000Z\",\"end_time\":\"2023-07-05T12:15:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-104fdd3a7b6735940a061217a1a2870f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.543Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-13T20:35:53.000Z\",\"end_time\":\"2022-11-13T20:53:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf3c8f6b69c027f27e3727b6673a3237\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-104e731f-c8ab-4542-9be8-9d3c3468a2b8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T13:43:50.000Z\",\"end_time\":\"2021-10-18T14:04:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0bd75e262dfad965ccdae90d4284629d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.925Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T19:47:37.000Z\",\"end_time\":\"2022-11-08T20:05:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-decb8b9ca273839b23592123ccc9c216\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f41987ed-8e2e-4321-9741-c6b4ec2898f4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:36:41.000Z\",\"end_time\":\"2020-11-17T08:43:33.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-54ce6c6e96474dba1c3223f887c4c52e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-136f6d93-0956-44b7-8267-fb9c8aee03d1\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T13:05:09.000Z\",\"end_time\":\"2021-06-21T13:14:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fdbe8cc2fb6c28ce264b6e2460406ca\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-18378f0b-2bab-444c-a77c-709be2724abb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-07T00:21:20.000Z\",\"end_time\":\"2021-01-07T00:31:07.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e79efbaf99d11c3cf6f2e81fb99eaca2\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-491beec8-27c0-470c-a7dd-b05c39eb74c4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:36:52.000Z\",\"end_time\":\"2020-11-17T08:43:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-77f8083ab7f37854dc327b96cd8a83c9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c7e22902-ecd9-4145-8ebf-f0138d98dacd\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T17:59:15.000Z\",\"end_time\":\"2021-06-21T18:12:06.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-066cc8df482720e98cf7fce0a1075d1a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-fcf12e77-f8d8-4605-884e-02b8692c06e2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-13T02:05:37.000Z\",\"end_time\":\"2021-10-13T02:13:37.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-161c62dedb5375af9b77aa8c92e98bf1\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f9aaaa15-7592-4991-b49c-789bce52bbfd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-30T03:22:17.373Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-26T01:53:44.000Z\",\"end_time\":\"2022-01-26T02:14:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-abda7ac4b9368db5a5c69e7a17416ba5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc3ad349-814d-41d3-baa1-6a20dc861cce\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-10T14:08:15.000Z\",\"end_time\":\"2021-06-10T14:16:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c5441e7de65b2656fceee47c4ac3b547\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-cd964621-f811-4410-a915-0df9a7a4f702\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T17:42:17.000Z\",\"end_time\":\"2021-10-14T18:01:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-614c5dbda629a16f79485e837f37d07c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1962dba8-7d55-4b41-b58b-86e8a6ab9180\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-12T18:15:59.000Z\",\"end_time\":\"2021-10-12T18:36:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33ebba9322b30f9bbce4cea352705745\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-858b242b-c910-4b65-bef9-baca58cc56f2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-08T15:43:17.000Z\",\"end_time\":\"2020-10-08T15:47:16.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:04:33.000Z\",\"end_time\":\"2023-11-03T09:04:33.000Z\"},\"producer\":\"Nick Bradley\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WCry2 Ransomware Outbreak\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-04T09:04:33.000Z\",\"end_time\":\"2023-11-03T09:04:33.000Z\"},\"producer\":\"Jane Ginn\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WannaCry\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"id\":\"transient:relationship-32800abf-1054-40e9-aa9b-73247dff5a60\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"id\":\"transient:relationship-05815ebb-53bc-4a5a-8309-af55266ca748\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WCry2 Ransomware Outbreak\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-01-28T15:29:21.215Z\",\"end_time\":\"2020-01-28T15:29:21.215Z\"}},{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WannaCry\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-09-30T19:42:53.350Z\",\"end_time\":\"2022-09-30T19:42:53.350Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-9f3397ca\",\"uuid\":\"1bf4c5ce-4946-4ca6-9264-c22cfd120bdd\"}]", "short_description": "Snapshot @ 20210203 09:05:02", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1c929474-af90-47e9-8d1b-62f52f3c8ed3", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:05:10.849Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force MD5 Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "md5:\"84c82835a5d21bbcf75a61706d8ab549\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":19236985000.000004,\"updated-perf\":19236989999.999878,\"type\":\"collect\",\"created\":\"2021-02-03T09:04:22.989Z\",\"state\":\"ok\",\"arg\":\"84c82835a5d21bbcf75a61706d8ab549\",\"result\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"id\":\"collect-37909b17\",\"uuid\":\"93135d49-8e0e-4af1-92bc-405e1497310a\"},{\"created-perf\":30012270000.00017,\"updated-perf\":30012275000.000046,\"type\":\"investigate\",\"created\":\"2021-02-03T09:04:33.765Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"84c82835a5d21bbcf75a61706d8ab549\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"attack_patterns\":{\"count\":3,\"docs\":[{\"description\":\"The adversary is trying to avoid being detected.\\n\\nDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Defense Evasion\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a\",\"hydrant-25a33a3c5210a2e663ac52b66faff3cb7b55870d1a952a9173c3b90e67c188a2\",\"ATT&CK-TA0005\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0005\",\"external_id\":\"TA0005\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-91fa4286-7926-4ec6-92fe-1be5a3b4b812\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"defense-evasion\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:43:23.473Z\"},{\"description\":\"The adversary is trying to move through your environment.\\n\\nLateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Lateral Movement\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e\",\"hydrant-62e6b191c0c8340b08d2c0514e8a226d21acbf3e8711e18e203104c2d7e4007e\",\"ATT&CK-TA0008\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0008\",\"external_id\":\"TA0008\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-edb90156-c9fe-45ee-960e-c65e815cb92b\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"lateral-movement\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"actions-on-objective\"}],\"timestamp\":\"2019-07-19T17:44:36.953Z\"},{\"description\":\"The adversary is trying to run malicious code.\\n\\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Execution\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5\",\"hydrant-1290b3f81c16974cc715eb8cb79ec14a4974b553a8d4739bf6d4879bc96964ff\",\"ATT&CK-TA0002\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0002\",\"external_id\":\"TA0002\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-f9897c17-481f-4815-b942-c9c2ac108f08\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"execution\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:42:06.909Z\"}]},\"indicators\":{\"count\":16,\"docs\":[{\"description\":\"A file was created in a fake Recycle Bin. This is done in an attempt to conceal the presence of the file on the system. Please review the 'Disk Artifacts' section in order to view additional details about this file.\",\"tags\":[\"recycler\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2014-10-09T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-29f64911fabc9b10792ef9527847486a977ea051697df8fff2634933977940c6\"],\"short_description\":\"Process Created a File in a Fake Recycle Bin folder\",\"title\":\"fake-recycler-file-creation\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-83bef109-0641-4fa9-bce6-73ee7a6932d7\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a malware variant that will encrypt common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\"],\"valid_time\":{\"start_time\":\"2018-10-03T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-6df1431824dad39727db47d8ec2c8d67ad0507c624b3e1b672c6740fa09712c6\"],\"short_description\":\"Generic Ransomware Detected\",\"title\":\"malware-generic-ransomware\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\"],\"valid_time\":{\"start_time\":\"2019-03-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2019-02-27T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Volume Shadow Copies are snapshots of portions of a file system used for backups and System Restore points. The 'vssadmin.exe' utility provides a way to remove these copies. Malware authors may delete these copies in order to make recovery and access to a target's original files more difficult. This is especially true for ransomware varieties which encrypt files since these shadow copies may still contain the files in an unencrypted state.\",\"tags\":[\"crypto\",\"file\",\"system\"],\"valid_time\":{\"start_time\":\"2017-07-21T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-fc98412693920b7b7e900cab551dd26d0bdc9e3d13fa6c6f9b5e561d0fc3e20c\"],\"short_description\":\"Shadow Copy Deletion Detected\",\"title\":\"command-deleted-shadow-copy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An executable file was found in a recycle bin folder. The recycle bin is intended to hold deleted files in case the files need to be restored. Malware will often attempt to hide files by placing them in recycle bin folders and executing them from the recycle bin.\",\"tags\":[\"recycler\",\"executable\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2019-05-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ade122ee0771d8bf06bf93952ed7cf4bece911a5852fc74712d23323753ad7e8\"],\"short_description\":\"An Executable Found in Recycle Bin Folder\",\"title\":\"recycler-exe-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Wanacryptor is a ransomware variant. Once executed, Wanacryptor will encrypt files on the local machine. It will also attempt to spread itself like a worm using Windows SMB file shares. A ransom in the digital currency Bitcoin is demanded to decrypt the files.\",\"tags\":[\"ransomware\"],\"valid_time\":{\"start_time\":\"2020-01-17T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-01c5df46a35aff90bd2ab27799e2e8fadc18b7921c641bf3e8d454cc5f6eb63c\"],\"short_description\":\"Wanacryptor Ransomware Detected\",\"title\":\"malware-ransomware-wanacryptor\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A process set a new wallpaper for the desktop by modifying its associated registry key or file. This may be done to grab the user's attention or as a scare tactic. Ransomware will often change the desktop to leave instructions on how to pay the bounty.\",\"tags\":[\"process\",\"scareware\",\"registry\",\"ransom\"],\"valid_time\":{\"start_time\":\"2018-07-13T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-3e39186936137a88e3ee6fab67c7bed1f160044d17855adf628f9a80b07e6271\"],\"short_description\":\"Process Modified Desktop Wallpaper\",\"title\":\"desktop-wallpaper-modified\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a class of malware that encrypts common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. It is also common for variants to delete shadow copies which are the default Windows backup mechanism for automatic backup generation. This is in order to prevent recovery of the original files from these backups. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-01-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9117762eddb7bb41077183b8e9d86372a1f29137e11083c3b07656045fc59b9b\"],\"short_description\":\"Ransomware Backup Deletion Detected\",\"title\":\"malware-generic-ransomware-backup-del\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"A machine learned model has determined that the specific set of indicators triggered by this sample signal a high likelihood of it being malicious. Some times, no single indicator by itself is sufficient to determine the malicious nature of behaviours. In such cases, the specific combination of indicators may be used to make a malicious determination. The machine learned model is trained to identify such combinations and takes into account the cumulative contributions by all triggered indicators in order to reach a conclusion.\",\"tags\":[\"suspicious\",\"threshold\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-12-27T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-829a0f95fde3467f366a217995e55e139e708d32f8f330dbb8ba109ecb607743\"],\"short_description\":\"Specific Set Of Indicators Signaling High Likelihood of Maliciousness Detected\",\"title\":\"high-heuristic-score\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-925517bc-8bf2-4ec9-9f2c-96f30289f38b\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A JavaScript artifact was found to contain random looking variables. In addition, the script launches command prompt and uses it to execute a file. The combination of these two anomalies makes this sample highly suspicious.\",\"tags\":[\"javascript\",\"obfuscation\",\"compound\",\"process\",\"launch\"],\"valid_time\":{\"start_time\":\"2019-09-12T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5d041358bebd89a8f121e2fa5f13293446daf12df2deb360f836432fdf900a7b\"],\"short_description\":\"Command Exe File Execution And JavaScript With Random Variables Detected\",\"title\":\"js-compound-random-cmdexec\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-8e61dec5-3ad0-434d-af15-835aff96ec23\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\",\"ransomware\"],\"valid_time\":{\"start_time\":\"2019-03-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-06-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"The WMI command tool (wmic.exe) is an interface to the Windows Management Instrumentation. It allows display and modification of local and remote computers, setting system variables and executing scripts. In this case, it is deleting shadow copies. Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Malware may delete these to prevent the user from restoring files that it has encrypted or destroyed.\",\"tags\":[\"system\",\"system modification\"],\"valid_time\":{\"start_time\":\"2018-02-14T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9d62773bd830933e9293398e91706f67a52b6d0b7d32955372792ad077c87cbf\"],\"short_description\":\"WMIC Used to Delete Shadow Copy\",\"title\":\"wmic-shadowcopy-delete\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2020-04-14T07:41:44.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"}}]},\"relationships\":{\"count\":100,\"docs\":[{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-109c573676a93f101d20bd2c639087b2c372e8ae\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e1abe08b-4703-4021-abd0-6164d3171eac\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.565Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0f85ea48a9dfd371850136d52f4e22916bc0f74b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-48b52c41-807d-4259-b66e-1908e190e1a2\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.646Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-381d738519a1df216f21a3df5b24e5f02caeb754\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-38705230-3cd4-472d-89eb-3125c39f6332\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.385Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8078a0e16855fd506df01654484e4e1d12e95596\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-301e2511-f106-468d-8b7d-2c7c66ffb8af\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.708Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aa9e9b990e865190e57e36306cc27d723a60f936\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8cef817-c738-446b-9445-b97fd8e5df9b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.582Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0c2fd52136a95386b115714f0f3737923840f631\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ac1d1ad-32f1-4b92-9f60-281a98135cc8\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.832Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5f04891465a33dac7ef1f7163e5bec5f32316b51\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fd9e19e7-a08e-4d97-9d4e-967e6b94cd54\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-090a91586947ef35dd14572e44fd48841fc3bc67\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-73ddfbd4-f27c-4516-b7ed-aecdc1e1c52f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.288Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0cc14cb9f99656b62f13ee88887df672c307b48f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2daa1682-3d04-482e-9923-f9d41aebdf2c\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.788Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7bdfe95a186e2b9ecbdf874ecf1700458b6fefea\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-af9e5fd1-f2f0-4a08-bbd1-28f63d593a73\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.797Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-838523774b95d6a2eaa83b67e7b6fb774c8f7b79\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-918632f7-a56b-4da3-8178-dcb54d1f70cf\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.834Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fca74aa1894974efb8311cbbc45fcce715a8ff68\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2c3cc882-3544-4fe2-bec6-385c5f73d3c2\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.091Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9d6be09d9577c65d2b3546fe836e007f292d1ebe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-76605dc1-0f91-4d60-ab20-92559c381f2f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.537Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b9d57e6c09dc9992d9b7788099bec4cac04a9b4d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d28f676a-9202-42d6-848c-fa05baec5234\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.132Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c579134b17fa263b577417e64b099aabf105658\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-14d8a5f8-4796-4ffb-aad1-ba88cd69e440\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.564Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1cf55712a4fb54804f4c4f8dc1753139a0f3c5b4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8848778c-7fd5-447f-9144-21a06eae82af\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.734Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8f0c98e523887a9e94e5e62f02b7776d4fe691ac\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-020e6d2a-df94-46ae-a31b-c70f95e14b89\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.352Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6fe75837291cde12f2abd9587157048a7347d499\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-366094c9-f5e8-4438-903c-6fd46cee28fc\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.568Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1a49507d32dae498cf527657d3437b925cf8de52\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f14d3fc0-2b36-4a6b-b867-afbb1c30b62a\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:33.114Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c18a07ae411487711caad3fa66e2786c79022000\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f30c9bf7-2611-4839-8f6b-0902b186709b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.207Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ff16caa9a2a15f004aff97e58f2be7aec2daa3fd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6e2e10a0-5b44-47f2-9c2e-edf7ceae9181\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.346Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f961245764c85d42f2e00172f0c9a584c4d7200d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4942f9f3-dcf8-4d5f-abd3-3267704c26f3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.366Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b00a8db9660eb27df35ead05c6bce3ee9d7111bb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4c46825d-627f-48a4-90d8-361b59e485e5\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.446Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fe8afb0f3563d9f40d6ed0f8bb1c87747cd24544\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e6336eca-11eb-4f87-9d40-3eefac22436c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.929Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1104601bd5f0b2ca1fb3bf5460ce62eb08ab23e4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d3ce7fda-095a-40bf-92d5-ef7e28fdbfde\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.532Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b8b3317765421765d04f1ea6d1ffbb77bffc1363\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-47d82c88-3540-4770-9171-127cc82102f0\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.129Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-85c17173302b0ff1819eabac9f8b3b9b26da4d9d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1dfcd195-974e-46fe-8ee2-de5c1da2ab88\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.837Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bb09c6c3ee93746e7e991f892d6c27e020077e11\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6cb63f60-df6f-4b64-a6b5-28333490b821\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.503Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3d35f9ad2631100e6ce77104a101a5407557fafe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-744ba337-4bf9-4d19-bd51-2f36038e0961\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.348Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3e52c04f0a6be4fc4efe1cade1f2c3979f4b8460\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ec9b793a-9c71-4ae0-bced-a71f675319d9\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.521Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-03fe4a51229458bcb506a0a6f29948fe6aaf956b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-aecdd78d-817b-44a6-ad50-4db949d72547\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.418Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a88ea16cda1296f8cbd802754088dd36c99a21df\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-31ac9405-42b4-4b49-ae05-41274b115789\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.295Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b70f73090de09979721ca1bf85656af40bc914cd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ec59163f-825c-4f3d-92dd-5de8d39e3b8e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.174Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5cfec627e449988833ce0adae5af8ff4fc65df62\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-69490c8d-d5b9-4e59-9d96-7fbdb89f3824\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.316Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f565fc1c71ac8d8343a445835d2a53f919d6f795\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-bb7d245f-f98e-4be0-a881-966406274423\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.641Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-533aac94cb318bb2f53a806f5e1f5d16dca4f8e7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-df8cd6fa-c961-45a4-a90a-95161fa87bac\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.611Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-faa8426028d3e7884322f57fb8f9156dfb78fc02\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-862caa5f-5d4b-4b6f-a3f5-5991b39c3d7a\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.332Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-008634e4158ec137f736a8af496506493b092da0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-30778f89-b638-4ce2-a822-c177c939f5cb\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.867Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-41036bed927eafc19543e19f4c9f1ae3f1f2a326\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-49ad5158-25f0-4198-8183-ce4796b763e8\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.884Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aaba290f665260744dacc3ff3e572fe99fdad7bf\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e6ee9e1-4f5a-4362-87ba-c80d26c1e069\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.030Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e3499e57b8134a1bae0462d6b03ae7b3e9e079be\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-95011543-faf2-4ce4-a2b6-30775f4556ae\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.654Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2a0f32fda1c6268ef21dfcb56c99bc37a710252\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e46096c-aa94-4731-b393-4a8ea684d404\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.858Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4f4a4aa880b49dc26b7f54104c6eaa844b8cd70f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-819b80f6-2751-4e4e-bba6-b6d5a66fb2e7\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.740Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4f1d3da22044b58e5364331f085fb5c609ea3210\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-669ff1ab-b4ff-4134-a284-d261123f364c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.608Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-52426e32b55e6b70b0e97c17caf360b22608e8ca\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-df0d78ba-5c74-4a31-afbf-4a0fc650cd8b\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:33.022Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-162d03fc4f65b5e72b0018646c28267ea287cde7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2a7cc707-1cc3-476e-b9a3-3c2dd449bb58\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.869Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-64ee91ac798e1e98d9391d4d8384658caada9af8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-19fd1ee5-f88c-4149-9952-d4f0bffa6917\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.575Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-00e871ef4283d6191a305a06fec0d48482a9bc85\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b99c56f6-ce8a-4002-a6fe-32b51cf3be8e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.706Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-21addfe49b46a2ed1fb6ae1ef2ed6e3fe7294bc6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-52c7f372-4a83-4c9b-bbe9-467ac3bbfb8a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.638Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b946a56e5d2d1b129c48f9bb12caa60cb54cec6f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b1613a18-f198-41c6-934f-8a7fd9b241b0\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.977Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-81b309429d588066a00e7c690f38081994e3077b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-01f5f693-d2fa-4101-aad9-f69b51fab812\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.384Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4ecffd331c65b0ffac259ec84ec9a230ba500ae4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7e75a1e0-94eb-44c1-a9df-ef1f66aa7b89\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.203Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8056797d3da25a447edc9a4607c70f77f5485444\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-22a62b10-e10f-400a-bfb0-6b8dd633e97e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.484Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d72add2c2a9534a3f7ca640e9fac70fe072bd905\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-99d655bc-ca88-4504-9ae0-0dc6b70ce681\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.672Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a982df6249e6b36e4e6bf63d4e93f4d57e3654e3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a9c11cf5-3165-4c82-8dc5-aa2eea4cbb8c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.238Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1241c3920d1336857017a4eee3dc196ff6ca18a9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-33e1eae2-0dd6-447c-bdae-aea2877d5b3d\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.771Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9e6d1a35ffe6c9d53b93a4d331d024726466bd16\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-25792705-9168-46a6-9b15-b06665b83dbc\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.422Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6b65f6fafab117b377430020954bcafce9d94cf1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1c71a7d4-dd87-49c8-9d08-c4138845a6f8\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.493Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8dbea55492b3e50671a5d7920f1dca889d66cefe\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-72913807-5e12-414b-a476-7381f069c4bd\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.017Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5865588cbd6da100e3bb86afcc1a6f1be9b702d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d055655f-9b50-450d-b44f-a1b73eb049a8\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.317Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b588cbcbda10b95349ac73a89e11b401c857e60f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-835e1ab6-a9b6-42cf-872d-57bd71253ac4\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.651Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0f5e270a2550e8f51f5fec7f2cce0945b6bd7241\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c10f1f19-453f-4169-a38c-bf7eae93e1cd\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.646Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a9c3f9076420d7794bf4c9a89b902dab3d0e437e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8901f3ef-dcc7-4ac2-acce-3a2aba667c40\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.548Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b524f8c4bb64ba3362ec92a32a0cbd52d2bac2b5\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5d67fa43-1efe-43e6-ac2f-0dbe85e839f8\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.611Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-58bd86609eebc324637f249383a424b4bda5e55c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c04e2b53-821a-44bd-ad2f-d252fd6eb7c0\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.400Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bc6bbbf788415bebd94107dcb218027b283a0010\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-58aa42b7-02a1-4e53-a4a4-4bc6f3178439\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.768Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-25aa1b963a642aa84a66f3cf2524637b3c94a405\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-13ab0b24-6a47-4a27-99d6-e67bdb9eb461\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.800Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9350421c53bda594a85282a463473e8f022f2312\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-09a3cd2b-0acf-4e95-b17b-50188ddccc98\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.804Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d301cf4b030413681027401989afc613e397914c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-10036831-f6c0-47d1-b68a-010817d67c37\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.834Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99ea94e1cebb7b7f9cb720238bad30ea3c530f70\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7ca57c7a-508c-4b92-ad0b-1c39b222353b\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.392Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-09b6b6ba5b1dc8d7e9be64ffdf9131cf82d63cd1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9e734e83-6ece-41af-ab69-e5667ec2a00b\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.472Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-495489418be5d20e425b213895d501927ee9dbdd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7f0f10f0-e610-4072-9cbd-be073d9de1bc\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.984Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0bfc9c58be90b3346c63ddbb29b3352e04fc34c6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1060626a-ec03-4ef5-b5ca-b016177a1154\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.620Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-27f67e3ae110a3e11e468cf6ce6fbb5b42e1a002\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c092fdc7-bd6e-459b-b2fd-a11a3d238fbe\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.935Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3e731e7485152a4df142546dcd8c77785a657859\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f8ac2c5b-2362-4ea7-9958-f971f00ac690\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.929Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9cc1adcde797c372062350aff892a6bf4d312c0f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-716aacbb-90b3-4ccc-af8c-f18bcd2d074d\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:27.061Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-32aedfa37757ad76d84ff5f0d7e37e48fb671dc9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4c780db7-1364-4515-9258-23c6d7a9d06b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.405Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9b93566d41971f894eca07cbe24073e5d15e5c92\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0babbcbf-14b5-4d24-bd77-0fec333f5476\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.466Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f5bbcd6819a1aa67ffa69943287f2470d1f6f46d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ab864b3-a837-40b2-91ee-862f8799bc36\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.281Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c2561a9c0966f36f30ffbbfbd69e992f947ad88d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2dbb1950-7011-4c2d-bb95-8f41bd9d569e\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.741Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a195723911fd32391cb5b09bc642ba1c2b2313eb\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0582d1a7-7517-4c12-b703-c8307f86ae42\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.185Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c4d8cf2de152bf83120631d4026266601c23a47b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-086ac0b7-ff59-4ecd-aeea-3566d20782c1\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.472Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2494ca754b3aa6aefa7233bdee226c89557ab54a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-11038a85-031d-4de1-ae61-3ce32eca8645\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.096Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-0fae26dcac2f6e7478a6ed94e123ee12248cb629\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7778f341-4c19-42ca-ac4a-b1e97d1cc763\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:09.064Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f10d1169762d04b8fd7729cf9437a48cbb80d063\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9ba53723-6781-4296-ab7c-6ec9c9c468fd\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.326Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8640d06d5bbf0e21083e06e6755deb99b30b6433\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a1177496-3bc0-4c1e-9fb2-21a8a2b5f2de\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.372Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-629f5cbaacdd9df510df940e361b339574e44d3d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0b768917-5e79-4037-828c-28a475f344ee\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.470Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ec4915143ccc3942785cf77084a5d33a05237382\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3ba9b0b1-d588-4b95-a9a9-4c141bd03524\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.898Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2e472349be9d3caa19fa8bdd3bc52b15e5adb24a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2c82f17e-2979-4e70-bc55-e19d70fc2634\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.440Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2c3029f7f4a5d4b21d729b1695ad95ae25e14787\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-97314f0b-f1e6-45de-b4ef-f611cba5e1ca\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.473Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e01d0e9e1095601bf99157b9c479455ee3ea0782\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-30f46413-9a4d-457f-8fa6-5241b5135ada\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.167Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-427157264ab1d1d0ffddecd5f684ca3431c3084c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-32d1a7a1-932f-4350-916e-484359a3d4a3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.502Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e22499cc8f2d4f3633f3f68ef172962fa12292c4\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-433e2413-76ac-406e-9256-c307dc1c27f4\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.535Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-096516e8344b9beba23fe0171511477bb9a55dd9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-330a989f-9ef1-45b6-b426-e8f35b70d67f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.376Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-de6a81db83bce9f5a44e7c253637d93663744a65\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3aa64a5b-7ee2-48b6-af5b-e451af307805\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.101Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7d4482b3e80878a4f34d064f2319dc017c7598aa\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c8ecee9c-0dfc-4736-92de-7120ab492fc2\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.437Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7da0ca15ca0a49b33e68ea1922cc5cd5ded57b9b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7083a164-71db-4a35-8c52-829185706735\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.559Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6bc53984ca79cf22b20f8ade589f5fc5c2514582\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-69135185-6484-44e0-98b1-66063507bdfe\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.245Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5268b6b0d0891ea9f89ae778388f75f5c70c48ae\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-19336e20-e940-4c2f-8692-bd9f46aef68e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.515Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-941723b4600d4273cb1e0ab3d7339470abe6964c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-24d836bd-6f90-47b3-86da-8604335e1b86\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:21.546Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2020-04-14T07:41:44.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"schema_version\":\"1.0.0\",\"observable\":{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/cd2275c3415e26f96cf78be39f7b892d\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-md5-84c82835a5d21bbcf75a61706d8ab549\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-602313cd-dad8-46d4-add1-5a62f17003cc\",\"severity\":\"High\",\"tlp\":\"green\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":100,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1800637c959a52480bfd7bda6bda4755\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9c987e09-e36a-47c9-b4a3-6a935a44b325\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T18:52:25.000Z\",\"end_time\":\"2021-10-14T19:01:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-493d517f-a5a3-4015-92db-578d34513e3b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-30T20:15:53.000Z\",\"end_time\":\"2021-12-30T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a999cf5cb17033a10225641f3bd2afba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bf6afc6f-58f5-4103-9f24-075deb40fe9a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T18:44:08.000Z\",\"end_time\":\"2021-10-18T19:04:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-68dc97a1fd873abcdb143ccfb7b1b255\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0e7ff42c-da36-457a-aed7-b3c5b89b73c9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T20:07:26.000Z\",\"end_time\":\"2020-11-06T20:12:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0445534795da304113a1d18b330d0acb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-423e5cfe-0ae3-493f-98fb-b7e9b09607a9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-07T20:41:28.000Z\",\"end_time\":\"2020-12-07T20:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8e786549-39e8-4fc2-89e8-ae1b41727ccd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:35.106Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-10T14:36:32.000Z\",\"end_time\":\"2022-02-10T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb00b006329e50beb56d36e711a4d127\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-faadf337-d3f2-401b-94bb-efce08a33a74\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-16T15:33:10.000Z\",\"end_time\":\"2020-11-16T15:39:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5eb5a5d3b5aba303a8030f0f80bdb747\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e82aa27b-3ee5-44da-a891-e035f6b818a4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-16T16:15:11.000Z\",\"end_time\":\"2021-08-16T16:29:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6462622fb8011601a09cb86bd46045e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7befc431-e536-4b58-bff0-dc8e69384240\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T08:55:02.000Z\",\"end_time\":\"2021-10-28T09:03:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fefbc448127d7cfb9b187591576063b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e6b2245-c8b2-4b81-a1cf-7b549de4d9bf\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-16T07:45:13.000Z\",\"end_time\":\"2021-07-16T07:55:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8b3b8e08b9a12fb5d4a2a78e936127b3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9198805a-8144-4e27-82de-8cc497f22210\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T16:41:47.000Z\",\"end_time\":\"2020-11-06T16:46:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-83edd7f6e489f4db9c324d7a55d5bf6f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6b6e3e49-0014-4280-9dce-bfd3e4f23c4c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-15T15:47:58.000Z\",\"end_time\":\"2020-10-15T15:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aadbe6f0058a6896ec57e5749315bb1e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-144049f4-d9fd-4b99-ac77-768f93e57387\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:23.088Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-23T12:24:25.000Z\",\"end_time\":\"2023-01-23T12:40:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33437b83732b20e128f801914d387652\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-16fd88a1-d366-4d28-b4de-959cb8c5f63f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:43:23.802Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T15:29:24.000Z\",\"end_time\":\"2022-11-15T15:51:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3abc1aece07243f578cdf080c88707e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9a322902-c13e-49ea-9a86-6658eacf2ebb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-09T17:40:56.549Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-12T15:27:30.000Z\",\"end_time\":\"2022-01-12T15:48:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3381fc9baf8e6e7a24e6ff9ab28d5ddd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ba26d23a-49ca-45e1-9917-236fec538a62\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-01T09:21:21.000Z\",\"end_time\":\"2021-07-01T09:31:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-13b2214bf6d0eba2278af1d269ad883a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc1a73a3-9601-4be1-a7ca-5bb99e0165a8\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:53.257Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-24T19:27:15.000Z\",\"end_time\":\"2022-11-24T19:37:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aa8a5bcb0e269613fb2a9cb48a113876\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8c666857-2c78-40ed-b290-a9032c27133d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-01T12:41:24.000Z\",\"end_time\":\"2021-09-01T12:51:26.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0a32e8d5ac10c5a1750c62880e9946e0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-35b89638-9b50-41fb-9c1a-7c0659512ee8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-16T08:05:23.000Z\",\"end_time\":\"2021-11-16T08:21:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4434973766bcaf7d8a6163788047dba8\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-aace1a5b-f038-478c-a672-0c3fdb2d183b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-26T18:35:17.000Z\",\"end_time\":\"2021-10-26T18:48:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-73b2b49cc3c97e3de4b2969fa0ef852f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-27a2439a-4547-4257-8cb7-7adfedfe8969\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T07:23:34.000Z\",\"end_time\":\"2021-10-14T07:38:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5cd84a69396b3aa4663e5f606b3cdf0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-709b47c4-8298-443e-addf-694dcdb1b284\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:32.280Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-12T12:06:56.000Z\",\"end_time\":\"2023-07-12T12:15:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-de8f372d27de40bb198879437c30ec4e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7168306e-a814-4758-b799-aa7ddbfed412\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-18T08:25:02.000Z\",\"end_time\":\"2021-08-18T08:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-440c401604feb297a4b8c6d3574bd03a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ce139fe5-ff08-4d1c-ab8d-135b6fa75ed3\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-12T08:04:19.000Z\",\"end_time\":\"2021-07-12T08:14:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9d4404973f89bbb1041921e98cb4820\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8169784-b95d-4096-adca-36d41ee116ed\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-09T21:16:27.000Z\",\"end_time\":\"2020-11-09T21:20:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f00166203cc58f37db87fe71969ad23c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a880b27d-a3a7-4507-8cd4-883df7ac8a46\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-01T19:41:08.000Z\",\"end_time\":\"2020-11-01T19:49:48.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e4f988a3041bce6e0fad9f1dc620e9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0d61454c-09af-48e6-9a02-32a6d3176b1c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:35:58.000Z\",\"end_time\":\"2020-11-24T08:52:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-48fed39715f044591724bed44dc49f35\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3d5a5130-3fbe-4ffb-bc5b-653fc98890fb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T08:48:33.000Z\",\"end_time\":\"2021-10-28T08:58:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-329c6fcf6be6340581fa856f39772ecd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1d07d2d4-ab69-4856-96e9-bd2749c01107\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-31T21:58:48.285Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-05T20:39:18.000Z\",\"end_time\":\"2022-04-05T20:49:35.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4540b5c5a11fcb59ac9cd6cef151a4c5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9e38fdb9-3677-4e23-9dae-cd9359db6972\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-19T17:20:27.894Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-24T16:18:25.000Z\",\"end_time\":\"2022-03-24T16:28:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-49eba74c4c65fea92943dafcc9c3e281\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebf75ec8-7db8-40f0-97c5-b325328357f1\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-11T16:22:11.000Z\",\"end_time\":\"2021-11-11T16:41:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-18d3499a967805381d5ff741f6ad5d28\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5969fb22-c1ab-4ad5-8eee-fef1b8f32e4f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-21T14:05:36.000Z\",\"end_time\":\"2021-12-21T14:22:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-24a7ed5e06b0997a82dac23a98cd7cd0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-61c3ea90-cd6d-41c3-b276-151900fed9cc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-12T17:54:55.328Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-15T16:35:46.000Z\",\"end_time\":\"2022-02-15T16:52:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7070dd836f1266934eba51c07422ff0c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-43cdb4fd-0d87-48b8-bfc3-49b77904ac79\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-25T04:27:39.000Z\",\"end_time\":\"2020-12-25T04:36:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-487167781221d890aedc92e271380a68\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-cc9773d6-ed43-4018-ab57-3731c4920e30\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-08T17:05:26.000Z\",\"end_time\":\"2021-11-08T17:19:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f246e247d7394c1b50a2676a3072bd4d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e125837f-96c8-441f-bdec-3dae5e0d6f6d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-03T07:59:07.000Z\",\"end_time\":\"2021-08-03T08:08:25.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212bfa058d713132e87f513ee86885b5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9deacfa0-81a7-4dcb-8f30-a23f29c6b3f8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T14:23:08.000Z\",\"end_time\":\"2020-12-11T14:29:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-da10f77e1e98e50e6d1f44ee9fc16e96\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e427df57-d358-4251-b7df-ea0a9c1d8d04\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-05T16:12:44.000Z\",\"end_time\":\"2021-10-05T16:21:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3875ea25-2f8c-46ce-94df-39805723bdca\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-30T20:15:53.000Z\",\"end_time\":\"2021-12-30T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-9eaef8b6b2e75b55e42fc2e7072dda8c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1383f1ba-8348-4493-bc5d-402cf31797a7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-09T15:45:01.000Z\",\"end_time\":\"2021-08-09T15:59:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aab2cfc797b4fde3f9b6925d994e8c3b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a0f32766-1e19-43f4-8c58-b0a6b5d8457a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-28T13:03:26.000Z\",\"end_time\":\"2021-12-28T13:19:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81f760143d1d4774a4b3ed76df9d7ac0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90c9f03a-f331-4dc2-8a91-c76402b197d2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.822Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-24T12:48:36.000Z\",\"end_time\":\"2023-01-24T13:11:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1ef426b1-c050-4eda-b990-95512e88889b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.951Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-10T14:36:32.000Z\",\"end_time\":\"2022-02-10T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-ebe35e82bc562b5df50a1b25e7099c30\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9705da17-7a79-4f01-85ca-ad9ec81f73f2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-24T03:45:58.760Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-27T13:47:47.000Z\",\"end_time\":\"2022-01-27T14:08:36.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ea936a6774ff4698a0dff83cb6a7867\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1aae674a-1967-4c37-9afd-815dbc0d7f66\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-04T12:17:02.000Z\",\"end_time\":\"2021-11-04T12:27:40.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7d8ec9066482428eec4357deebfde0d6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4760b31a-8adb-4b1a-8722-2c942cf7f795\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T14:15:16.831Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-07T17:17:06.000Z\",\"end_time\":\"2022-04-07T17:23:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fd11120571777e118f1192cdae4759e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7b202024-7951-4cb7-9509-69fedf2e7f00\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-13T17:28:29.000Z\",\"end_time\":\"2021-10-13T17:42:56.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-900e5e345e8193b84b808e2bf0fa16e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1592c658-a927-42b5-a762-3c6754adab14\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T21:55:21.000Z\",\"end_time\":\"2020-12-11T22:01:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-04287f919a3def5f1d2bd9eecfc2ffac\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-51137139-1dd1-49a7-b9c9-1051c0f9da62\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.476Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-01T04:56:32.000Z\",\"end_time\":\"2023-03-01T05:00:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81338238071dd3ce8ca2343b8507596d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6cfce07c-c4e5-4b06-9d69-6c3df994d7e5\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-25T22:26:56.397Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-28T17:00:09.000Z\",\"end_time\":\"2022-02-28T17:09:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ed11cf9ba4767a045a8078b300b34bf\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1c243390-1828-411d-9e30-6d851ab1e60b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T20:59:05.000Z\",\"end_time\":\"2021-10-28T21:12:20.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7420188d21b4b13db023a5587b3c7aa\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-da3c7c2f-38ac-4270-922d-71aa9f3812d1\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.443Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-28T16:26:50.000Z\",\"end_time\":\"2022-11-28T16:41:01.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb27d870e0d4577f6440ff706dd5c211\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8c01e79-8b30-43ce-8b68-22e56403a893\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T16:14:09.791Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-07T17:49:36.000Z\",\"end_time\":\"2022-04-07T17:55:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2e329216a9df995e09f6406f8b732993\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f37f50c3-d599-4521-a843-55e7c8545b25\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T16:41:48.000Z\",\"end_time\":\"2020-11-06T16:46:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-38de421c1eace15dc5211066a8978488\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-128f5a1d-2d80-4750-87ef-bc6eb58e0ae5\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-16T16:42:43.000Z\",\"end_time\":\"2021-07-16T17:03:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf76f600a2af2c19f32d425520e94cfe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ca80bac6-c8f6-4655-a996-1d09c494ee42\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-25T15:05:00.000Z\",\"end_time\":\"2021-10-25T15:13:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.14\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d8ba36bb037564ce1b0cd5aea1098cf9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-b0965f36-e8b8-4d50-9c62-4cf095a60541\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-01-30T14:33:07.340Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-05T17:22:41.000Z\",\"end_time\":\"2022-10-05T17:44:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8461b50008f3d92cf6a2597b05db631b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a3e75e34-573b-4e54-bd08-2ad7cb665312\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-05T19:20:07.000Z\",\"end_time\":\"2020-10-05T19:29:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212889a0d2f2d477c3b3b94d55788c2d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-401ddb18-0b7c-402b-b7c6-ab1cf7c909d6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-23T16:19:08.000Z\",\"end_time\":\"2020-10-23T16:27:39.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b2766fa8cd69a03e2c332abf838bdb3f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6522f8f6-7d37-423b-939c-ba2bfa6cc88a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-13T11:23:59.000Z\",\"end_time\":\"2021-07-13T11:32:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3697d2f343a2e37c54b926ffc4fc7461\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8568fa78-8889-4196-83b1-58bd29c7c6bc\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-23T16:31:46.000Z\",\"end_time\":\"2021-06-23T16:45:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-02b2eb94a8e359fedbfab93f564046e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8dbead6e-2574-4353-82db-8a618fcda756\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-27T07:46:55.000Z\",\"end_time\":\"2021-09-27T07:56:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6d6713e4f9e7dbc2994f8068af501097\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-eba471ac-5263-4c7a-b51e-3a7334810026\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:59:17.998Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T18:59:42.000Z\",\"end_time\":\"2022-11-15T19:17:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d5361bdf9f7e2619d7180b326305055e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7867151a-5ba0-4a70-afab-0c8260e609e9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T14:06:02.000Z\",\"end_time\":\"2021-06-28T14:26:02.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-040f760c510edc094bf1b4c57878cc07\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6ad0d2be-04d1-46f8-8039-ce2b923e5b3f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:07.299Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-02-06T14:55:36.000Z\",\"end_time\":\"2023-02-06T15:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-459e47c7c53d89b86a31f5c6df11e03d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-36c88665-ffab-42d4-8c7a-0e6762de33e1\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-16T21:57:11.633Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-21T21:55:05.000Z\",\"end_time\":\"2022-03-21T22:05:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3c6bef8cc3cbf26dc99ae77b39797bb5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-daa2c7eb-41e7-44d8-b075-06f8304d275b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-06T18:09:49.157Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-09T14:09:35.000Z\",\"end_time\":\"2022-02-09T14:26:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-361043887560397b6c283da4c5aebd2a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebe78544-ae85-4783-ae85-acbdf60c3c1c\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:04.203Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-09-01T12:46:28.000Z\",\"end_time\":\"2023-09-01T12:53:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5873abbe7447ddd282bcad3a1c688771\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2e1fb56f-4b04-4afb-9217-fa3f84c47209\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-04T17:22:53.000Z\",\"end_time\":\"2021-08-04T17:36:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-831f917866630085e85c7262f5a8dd0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4858931e-7e92-457b-a489-b521c1b6d9f2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.732Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-22T17:52:51.000Z\",\"end_time\":\"2022-11-22T18:04:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-72e42c51b430a9773587d712679f493f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-53abda28-59f2-42a8-81b5-77f13175aa67\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-21T16:55:23.000Z\",\"end_time\":\"2020-10-21T16:59:21.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4c7f39a0d9e2e7345a6584369ebed9df\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f666e339-8aa6-4db4-ad94-45a54383e3e4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-27T16:34:04.000Z\",\"end_time\":\"2021-07-27T16:48:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5bbfc088705e99177493de6f0d3a5cd7\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-52532f6b-904d-4863-be11-21a5c6f79f36\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-05T13:19:39.000Z\",\"end_time\":\"2021-08-05T13:29:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e5eeb8ab3269ae22e389bfb0c54e24fb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-646b8270-60ca-4845-a5f5-ada0c1db9df4\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-12T00:48:18.909Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-16T17:58:57.000Z\",\"end_time\":\"2022-03-16T18:24:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3602a4b03d5aa7fa65a9317f3345fb13\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0d3beb94-cea3-4030-97ae-64cafb0e0ef8\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-18T10:31:49.660Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-23T18:59:28.000Z\",\"end_time\":\"2022-03-23T19:10:00.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1ffa74226a06e11bd93392b3f90b1cf3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-251fd9f5-50d4-48d7-a6d5-e077c8fb6f9b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-02-03T21:27:25.000Z\",\"end_time\":\"2021-02-03T21:37:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b0c3182489aafdceef38476276dbd052\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1efba262-1bd2-4ae4-8e8e-e9d436b12c5c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T14:23:38.000Z\",\"end_time\":\"2020-12-11T14:30:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-45a51ed43f4b077ddd0311924087fd7c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-10994532-6249-4a19-811d-1f78c7e9942d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-14T16:37:57.000Z\",\"end_time\":\"2021-09-14T16:52:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-95a0cca274f886726d0228e3c8249446\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7cbc8c08-4dfc-4a30-8c99-0e8468b9b4ad\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T15:48:24.000Z\",\"end_time\":\"2021-06-28T16:08:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-582eed5dca0044d0371407de198e8026\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-14ad363d-b1b3-49ad-9f76-e080589edd65\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-31T09:13:47.000Z\",\"end_time\":\"2021-08-31T09:23:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-07a0745863ae2771acd327d8a07332fe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ff72b1ac-1d3b-4512-85a4-36cd31fa3bd8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-15T15:54:11.000Z\",\"end_time\":\"2021-11-15T16:10:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9fc6a1612d405946200b8e27f17c6e4\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0f223bcb-eefe-4a2f-8e41-a299e2b1d718\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-05T06:05:49.154Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-09T20:59:52.000Z\",\"end_time\":\"2022-11-09T21:22:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f489dacdb747ea733a4a8ea91a1678ba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-05c8e84a-e6fe-4565-80d3-1792ee2f4055\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-18T18:28:17.000Z\",\"end_time\":\"2020-11-18T18:35:55.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a32fadde91bc210cc020097a48b5799b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9f0d990e-9613-4919-845b-3b6f88d64b3b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:50.314Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-24T14:55:02.000Z\",\"end_time\":\"2023-03-24T15:11:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-be7c5b569cb74eb04c577b68a13e4fda\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-393b1f5e-a7cd-4784-acf9-9a4deeca109e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-19T16:27:52.000Z\",\"end_time\":\"2021-07-19T16:41:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c044fa761e7d041db73f5a54fc1a43b9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3cab41a2-1ddb-49c5-a158-0eb527d7ff70\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:20.688Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-12T12:07:06.000Z\",\"end_time\":\"2023-07-12T12:15:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-104fdd3a7b6735940a061217a1a2870f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d874b89b-8517-4c60-8667-32140345f490\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:43.543Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-20T20:35:53.000Z\",\"end_time\":\"2022-11-20T20:53:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf3c8f6b69c027f27e3727b6673a3237\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-104e731f-c8ab-4542-9be8-9d3c3468a2b8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-25T13:43:50.000Z\",\"end_time\":\"2021-10-25T14:04:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0bd75e262dfad965ccdae90d4284629d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c76bf134-7018-4949-bdf2-13b8fc0dab5a\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.925Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T19:47:37.000Z\",\"end_time\":\"2022-11-15T20:05:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-decb8b9ca273839b23592123ccc9c216\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f41987ed-8e2e-4321-9741-c6b4ec2898f4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:36:41.000Z\",\"end_time\":\"2020-11-24T08:43:33.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-54ce6c6e96474dba1c3223f887c4c52e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-136f6d93-0956-44b7-8267-fb9c8aee03d1\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T13:05:09.000Z\",\"end_time\":\"2021-06-28T13:14:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fdbe8cc2fb6c28ce264b6e2460406ca\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-18378f0b-2bab-444c-a77c-709be2724abb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-14T00:21:20.000Z\",\"end_time\":\"2021-01-14T00:31:07.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e79efbaf99d11c3cf6f2e81fb99eaca2\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-491beec8-27c0-470c-a7dd-b05c39eb74c4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:36:52.000Z\",\"end_time\":\"2020-11-24T08:43:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-77f8083ab7f37854dc327b96cd8a83c9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c7e22902-ecd9-4145-8ebf-f0138d98dacd\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T17:59:15.000Z\",\"end_time\":\"2021-06-28T18:12:06.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-066cc8df482720e98cf7fce0a1075d1a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-fcf12e77-f8d8-4605-884e-02b8692c06e2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-20T02:05:37.000Z\",\"end_time\":\"2021-10-20T02:13:37.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-161c62dedb5375af9b77aa8c92e98bf1\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f9aaaa15-7592-4991-b49c-789bce52bbfd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-30T03:22:17.373Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-02T01:53:44.000Z\",\"end_time\":\"2022-02-02T02:14:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-abda7ac4b9368db5a5c69e7a17416ba5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dc3ad349-814d-41d3-baa1-6a20dc861cce\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-17T14:08:15.000Z\",\"end_time\":\"2021-06-17T14:16:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c5441e7de65b2656fceee47c4ac3b547\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-cd964621-f811-4410-a915-0df9a7a4f702\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T17:42:17.000Z\",\"end_time\":\"2021-10-21T18:01:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-614c5dbda629a16f79485e837f37d07c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1962dba8-7d55-4b41-b58b-86e8a6ab9180\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-19T18:15:59.000Z\",\"end_time\":\"2021-10-19T18:36:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33ebba9322b30f9bbce4cea352705745\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-858b242b-c910-4b65-bef9-baca58cc56f2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-15T15:43:17.000Z\",\"end_time\":\"2020-10-15T15:47:16.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:04:33.000Z\",\"end_time\":\"2023-11-10T09:04:33.000Z\"},\"producer\":\"Nick Bradley\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WCry2 Ransomware Outbreak\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-11T09:04:33.000Z\",\"end_time\":\"2023-11-10T09:04:33.000Z\"},\"producer\":\"Jane Ginn\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WannaCry\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"id\":\"transient:relationship-32800abf-1054-40e9-aa9b-73247dff5a60\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"id\":\"transient:relationship-05815ebb-53bc-4a5a-8309-af55266ca748\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WCry2 Ransomware Outbreak\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-02-04T15:29:21.215Z\",\"end_time\":\"2020-02-04T15:29:21.215Z\"}},{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"84c82835a5d21bbcf75a61706d8ab549\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WannaCry\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-07T19:42:53.350Z\",\"end_time\":\"2022-10-07T19:42:53.350Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-9f3397ca\",\"uuid\":\"1bf4c5ce-4946-4ca6-9264-c22cfd120bdd\"}]", "short_description": "Snapshot @ 20210203 09:05:02", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-1c929474-af90-47e9-8d1b-62f52f3c8ed3", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:05:10.849Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-SHA1.json b/IBM_X-Force/Snapshot-with-SHA1.json
index 5eeba77b..f4eeaa2e 100644
--- a/IBM_X-Force/Snapshot-with-SHA1.json
+++ b/IBM_X-Force/Snapshot-with-SHA1.json
@@ -1 +1 @@
-{"description": "IBM X-Force SHA256 Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "sha1:\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":8235239999.999976,\"updated-perf\":8235244999.99985,\"type\":\"collect\",\"created\":\"2021-02-03T09:05:25.348Z\",\"state\":\"ok\",\"arg\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"result\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"id\":\"collect-fa03477d\",\"uuid\":\"9844aae9-044c-4926-801d-29766c53f5fd\"},{\"created-perf\":18035580000.00021,\"updated-perf\":18035580000.00021,\"type\":\"investigate\",\"created\":\"2021-02-03T09:05:35.148Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha1\",\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"attack_patterns\":{\"count\":3,\"docs\":[{\"description\":\"The adversary is trying to avoid being detected.\\n\\nDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Defense Evasion\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a\",\"hydrant-25a33a3c5210a2e663ac52b66faff3cb7b55870d1a952a9173c3b90e67c188a2\",\"ATT&CK-TA0005\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0005\",\"external_id\":\"TA0005\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-91fa4286-7926-4ec6-92fe-1be5a3b4b812\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"defense-evasion\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:43:23.473Z\"},{\"description\":\"The adversary is trying to move through your environment.\\n\\nLateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Lateral Movement\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e\",\"hydrant-62e6b191c0c8340b08d2c0514e8a226d21acbf3e8711e18e203104c2d7e4007e\",\"ATT&CK-TA0008\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0008\",\"external_id\":\"TA0008\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-edb90156-c9fe-45ee-960e-c65e815cb92b\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"lateral-movement\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"actions-on-objective\"}],\"timestamp\":\"2019-07-19T17:44:36.953Z\"},{\"description\":\"The adversary is trying to run malicious code.\\n\\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Execution\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5\",\"hydrant-1290b3f81c16974cc715eb8cb79ec14a4974b553a8d4739bf6d4879bc96964ff\",\"ATT&CK-TA0002\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0002\",\"external_id\":\"TA0002\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-f9897c17-481f-4815-b942-c9c2ac108f08\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"execution\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:42:06.909Z\"}]},\"indicators\":{\"count\":16,\"docs\":[{\"description\":\"A file was created in a fake Recycle Bin. This is done in an attempt to conceal the presence of the file on the system. Please review the 'Disk Artifacts' section in order to view additional details about this file.\",\"tags\":[\"recycler\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2014-10-02T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-29f64911fabc9b10792ef9527847486a977ea051697df8fff2634933977940c6\"],\"short_description\":\"Process Created a File in a Fake Recycle Bin folder\",\"title\":\"fake-recycler-file-creation\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-83bef109-0641-4fa9-bce6-73ee7a6932d7\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a malware variant that will encrypt common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\"],\"valid_time\":{\"start_time\":\"2018-09-26T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-6df1431824dad39727db47d8ec2c8d67ad0507c624b3e1b672c6740fa09712c6\"],\"short_description\":\"Generic Ransomware Detected\",\"title\":\"malware-generic-ransomware\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\"],\"valid_time\":{\"start_time\":\"2019-03-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2019-02-20T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Volume Shadow Copies are snapshots of portions of a file system used for backups and System Restore points. The 'vssadmin.exe' utility provides a way to remove these copies. Malware authors may delete these copies in order to make recovery and access to a target's original files more difficult. This is especially true for ransomware varieties which encrypt files since these shadow copies may still contain the files in an unencrypted state.\",\"tags\":[\"crypto\",\"file\",\"system\"],\"valid_time\":{\"start_time\":\"2017-07-14T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-fc98412693920b7b7e900cab551dd26d0bdc9e3d13fa6c6f9b5e561d0fc3e20c\"],\"short_description\":\"Shadow Copy Deletion Detected\",\"title\":\"command-deleted-shadow-copy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An executable file was found in a recycle bin folder. The recycle bin is intended to hold deleted files in case the files need to be restored. Malware will often attempt to hide files by placing them in recycle bin folders and executing them from the recycle bin.\",\"tags\":[\"recycler\",\"executable\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2019-05-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ade122ee0771d8bf06bf93952ed7cf4bece911a5852fc74712d23323753ad7e8\"],\"short_description\":\"An Executable Found in Recycle Bin Folder\",\"title\":\"recycler-exe-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Wanacryptor is a ransomware variant. Once executed, Wanacryptor will encrypt files on the local machine. It will also attempt to spread itself like a worm using Windows SMB file shares. A ransom in the digital currency Bitcoin is demanded to decrypt the files.\",\"tags\":[\"ransomware\"],\"valid_time\":{\"start_time\":\"2020-01-10T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-01c5df46a35aff90bd2ab27799e2e8fadc18b7921c641bf3e8d454cc5f6eb63c\"],\"short_description\":\"Wanacryptor Ransomware Detected\",\"title\":\"malware-ransomware-wanacryptor\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A process set a new wallpaper for the desktop by modifying its associated registry key or file. This may be done to grab the user's attention or as a scare tactic. Ransomware will often change the desktop to leave instructions on how to pay the bounty.\",\"tags\":[\"process\",\"scareware\",\"registry\",\"ransom\"],\"valid_time\":{\"start_time\":\"2018-07-06T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-3e39186936137a88e3ee6fab67c7bed1f160044d17855adf628f9a80b07e6271\"],\"short_description\":\"Process Modified Desktop Wallpaper\",\"title\":\"desktop-wallpaper-modified\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a class of malware that encrypts common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. It is also common for variants to delete shadow copies which are the default Windows backup mechanism for automatic backup generation. This is in order to prevent recovery of the original files from these backups. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-01-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9117762eddb7bb41077183b8e9d86372a1f29137e11083c3b07656045fc59b9b\"],\"short_description\":\"Ransomware Backup Deletion Detected\",\"title\":\"malware-generic-ransomware-backup-del\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"A machine learned model has determined that the specific set of indicators triggered by this sample signal a high likelihood of it being malicious. Some times, no single indicator by itself is sufficient to determine the malicious nature of behaviours. In such cases, the specific combination of indicators may be used to make a malicious determination. The machine learned model is trained to identify such combinations and takes into account the cumulative contributions by all triggered indicators in order to reach a conclusion.\",\"tags\":[\"suspicious\",\"threshold\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-12-20T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-829a0f95fde3467f366a217995e55e139e708d32f8f330dbb8ba109ecb607743\"],\"short_description\":\"Specific Set Of Indicators Signaling High Likelihood of Maliciousness Detected\",\"title\":\"high-heuristic-score\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-925517bc-8bf2-4ec9-9f2c-96f30289f38b\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A JavaScript artifact was found to contain random looking variables. In addition, the script launches command prompt and uses it to execute a file. The combination of these two anomalies makes this sample highly suspicious.\",\"tags\":[\"javascript\",\"obfuscation\",\"compound\",\"process\",\"launch\"],\"valid_time\":{\"start_time\":\"2019-09-05T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5d041358bebd89a8f121e2fa5f13293446daf12df2deb360f836432fdf900a7b\"],\"short_description\":\"Command Exe File Execution And JavaScript With Random Variables Detected\",\"title\":\"js-compound-random-cmdexec\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-8e61dec5-3ad0-434d-af15-835aff96ec23\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\",\"ransomware\"],\"valid_time\":{\"start_time\":\"2019-03-13T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-06-09T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"The WMI command tool (wmic.exe) is an interface to the Windows Management Instrumentation. It allows display and modification of local and remote computers, setting system variables and executing scripts. In this case, it is deleting shadow copies. Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Malware may delete these to prevent the user from restoring files that it has encrypted or destroyed.\",\"tags\":[\"system\",\"system modification\"],\"valid_time\":{\"start_time\":\"2018-02-07T00:00:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9d62773bd830933e9293398e91706f67a52b6d0b7d32955372792ad077c87cbf\"],\"short_description\":\"WMIC Used to Delete Shadow Copy\",\"title\":\"wmic-shadowcopy-delete\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2020-04-07T07:41:44.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]},\"relationships\":{\"count\":100,\"docs\":[{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a109111c26ba5a7259f6ef0c39b1e2b246d27162\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ea2ce339-a0be-4c21-ba2a-1cbb52f4e365\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.505Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bd168ccb0d2da18e6e9b034d8481cda1d1d74f87\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fd689c9f-ec0b-43a7-ad98-a6cf7beed21c\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.334Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d7d715899d6655c9bb94472bf435d4c6e0afa14e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5215851e-b43d-42e1-aba0-9bf109766433\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.980Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-46b7b0a294ba312a48a4fe994be59a69d5e2a4de\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-feabb322-c5d3-4162-b66b-f71933fab4b4\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.649Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-35a8d0cbaa7bfa643a2c35269769db62b417b111\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3695bf4e-e7ff-479c-bda1-47074d27470d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.325Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-34ec69a67e7cfb064bea6f494d0e10d185852117\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-56cf99fc-080f-453b-a3ad-727d752d4ce2\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.368Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ec4b9aabb80e92d3c95b8a2c15389bc1acf270e6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8eedcac7-4d93-4cb4-82ea-e71db7467162\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.192Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-96b33f59eff786b71947eeff25122ddeca934363\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2a835bce-26e6-41eb-837d-c3f87d787ca9\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.809Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c8e4dae4399b1ff0f4d0afdde0dee123384ad3db\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dd7b2089-682c-4a17-b60e-f1b7a952ea11\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.413Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-71a27b4e37eb0f62e0eee03c42363d6182cefe88\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-63701147-3442-4954-8a2b-aaa25dc9d9ea\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.768Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8e46ccce936152a500cefc8682b213194d611f98\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b17cbcbd-e5fd-439a-9228-1d5e4cacb6e2\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.094Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-81ddefe9149d63ad6d7a39ad57887ec294d901c2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-32f5952c-f6d3-4576-91fa-75da2285792d\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.804Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3abbc21a1a532d382f65f7ea85920dc84802c796\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d15614a3-1371-48e9-8348-7a6aede62930\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.277Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d214cf48a8ff7fffeef2e6cf5e777cc21e4ae7ad\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a11ff3e4-990e-48a2-bee0-ba093911c9fa\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.101Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cce77171559854ea05ca37c8b5a3ae52a118b189\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-39ddfe80-5376-43b4-ba3f-f17ded8698b8\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.085Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-433beea745728e3bdbd17fce2431ac004dbdcd54\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-536af2e3-06cf-4713-8da2-dd1d507f9282\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.684Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c06bc4d89287f458c04ed5edede109e91dc4fa6b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3311fc09-00d8-4502-b118-0e0de8ad1bd7\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.700Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-16cea0d7205b6be01431bfeaf2419a6f6a73c67c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dad98dfa-ed5a-4040-ab18-f7be5be53b8d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.970Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e415b20ae8689a4cdca7dae8d9a98a2323348787\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b75a0659-5353-41f4-ab74-b9ec374af2d9\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.685Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8460943ee44d929dd055dd618761708c9c9ca905\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e1de555d-67f3-460c-b984-5d83b851d0d6\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.146Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3f3d895c0ebe1cc92cc0785c3d41085b744f7cdd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-13a40de6-2279-47fe-9520-556ee777fe74\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.712Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a8c5719cfff43bb2e023c552c0fea216780cd761\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e247e8a0-c2e1-4f28-8aad-735076423110\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.603Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-734163bea91678e56da80b49d640f771003465a3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-37d79efd-54d6-4459-a8a6-c01098292d53\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.774Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d355ef6fdbb88e0b97717a01881ef116b3282133\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-eeefb352-7e7f-4b60-9c9d-09babb9bfb2f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.776Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e150aa9f0258e2de72a65d3add3df6d2432031f8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3e6194d-d15c-4b9c-a545-20742222ce01\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.476Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4bfba4797e88c60a19046bde8c2428f95a2fad8e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ed83e74-bd8a-46f4-aaee-13e45070b740\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.631Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f940ea2bffe755fab74362e4af31aec13e3ebbc0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7f5668a4-2735-439a-a0db-66de427df132\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.879Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9f1422585970072ef82d1f972826765d04be6114\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9eb831a9-263c-4762-8b88-ff3eeff58084\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.898Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-01b2de29ce849caf9a76811e13902e3c349ab3d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-cce94249-a90a-46ef-9557-565e6776ce4e\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.675Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-438115782b16d3be80ed61111c957a82d921db2c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f631276c-13d6-4de5-aafb-f87fb26b7e8e\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.721Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f315729fe65f8fa9440cc04623ba67f5bf6b5a48\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3bc64f84-1020-40b1-83c1-663308ff6563\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.871Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8fb125bc0248c06d4ff9c591a7bc3fbe6e9e5fb6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-305d99bf-2953-4848-97d9-8a0f93792954\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.049Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f64c0de5c95a8907a72260c53dd0030f36a2c8f7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-27d0adce-1009-4301-bf4b-d54eeb36a83c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.744Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c2fb197783127db1f0878169deaf4c47444ac7f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-db5fa300-1c22-4441-b669-a70355c15202\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.059Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bfe34c3384996e8205f0ddb909eece885492a890\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8437e6c6-8211-4545-bb2a-30ff1c8d5b27\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.874Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7ef12f8dab6dbaaf28771e64509966166767dc1f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-513110a6-f24d-42d3-a972-47acfcf0160b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.017Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-00473087a72eb68c14e4ca0cc3f5f6b88ab5f923\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3665d4e-67e5-4b32-943a-b00c8cf76764\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.375Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3735a4e879a3023e70918bc511b654be77ac5156\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5036b37b-14a4-4724-a71e-67517b9fb253\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.766Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-14c9b18a5074a73f35e381823ca37e9fb1e5089e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8619ceb9-925f-4435-9df8-a96a8a958614\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.734Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cdc91edf7ed17c3baedde08187925079ad9f1e75\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fdb62f6a-e054-4b92-8440-68bdb92cc824\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.254Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e5ec916dd334e272727886cf34e9a37aaf3f8a38\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a4e5895f-8a92-44a5-a2b0-6e588d6beaf3\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.333Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c30090ed14d272b9c061dbdfa7ab89b4acd1f1d0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0ec3fc93-f53a-4894-bf8f-7b6fd9d4dc1a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.328Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a846a32dc303a85edb80b096f869b77cbdc27926\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e0dde6a6-5ff0-44b1-a68e-a78193ec0a90\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.679Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4dc389c6692cf9f63496d25ad3cdcb4f406b5fc2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3c802436-b501-4c81-a3d3-e0e48870ed54\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.833Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c1b93e27c436d179533a17632c9d7f3576518e56\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-11d98baa-c9c0-4d59-a6ab-643587a5ce9f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.864Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-31a525aa5f526e7f4cc10efaa874d421d84e71f7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0e9cd375-c49a-4c21-8279-1ac1083e3bae\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.116Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a6b53b9b51c60800f2beff54fbe3f90b9bb30c4e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c7c3f4cb-49cf-40c9-b339-d3a97790c55a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.180Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fac88726e44805257a9ba9e84442727b24cd41c9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8e746666-4e78-4546-8674-12bd4b4ba988\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.780Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3020da52cde7396bfab5d5903358de624dc73778\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ab318187-b354-4792-9b19-715eb7134e1a\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.051Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9376a82a531324750eb608f7d7fd3768769ae84e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0b120750-ef32-4f2c-8723-ea2f56ad9ab3\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.464Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1a286115672e82704fc001cf4f1682dae5edf980\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d849e40b-c0a0-4bc5-91cf-52c929aa682f\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.448Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2ac100f4db7818a7ee749094c45333d17a1fb6cd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e89b527b-3826-49a0-be34-da9a28fbd860\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.399Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-35cc2b405fb9f096422c168438d0ecb58cb508cc\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-12518ddb-e20a-47d7-bdf6-95fe974e1836\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.299Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-451bc56c6819a9031b26bc893dd65c4d4268cfa5\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3dafd77-1f28-4e21-adbf-028d143866d3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.936Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5267dcbacdefcece03664e1a48f7fcf391a83412\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-09d58326-8045-44f2-b6c8-b0c901f072e9\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.885Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e7ff9c31557b5adee40271f645e7abbd859c558d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-367bc87c-2aae-4ea7-a2db-7338fc7f9f63\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.553Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c410eea4dc8c1183860ed5ca3367083ae8db8670\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-17cde4dd-c7c6-4586-93c2-e5c3f4630ded\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.927Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99a658520bb70871edddf1f1b6f3ac53441abba1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f6c4957a-1ec4-46f2-a5a2-2910b3a14765\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.527Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-78b1d38c48a74b638e3e7e58e2a746cc23967106\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5953c725-899a-4af6-80c4-a8a26f7ff869\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.550Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cdb1a619b9f4e105e580ba6b3dee8c1204d52cf2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c2de3912-a52b-491c-a595-9fd50ed84b31\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.187Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-eb6a2dae0dde9504cecce234faf2319785ca7027\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-087e6bd7-9420-4763-b861-7c1b29f2cb2d\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.459Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3c5a425f9d65f317f6d4ab0eda0d411c10a4d162\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a144596b-abaa-4427-94e6-7711ef178af7\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.431Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-22591191614782cd879d27c169b0bd13335e333b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6b493cb9-40f1-47e4-81f7-133b7cd30675\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.221Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ee9f3e37136eb24db48981e61febf2264d157240\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6073843f-b010-4254-860d-a3f7b3cb7f05\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.410Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5df7f5fab68de81d06c056f7852bef7b0fab6309\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d7d2e7c2-a376-456c-ab40-842c5dc18bdb\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.995Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4d192f503a6197672094e20947226d6939691691\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dcf236a4-dd51-479b-bcf1-e410c2654747\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.367Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f0ca0d074335093fa841ce5cc6d99e6f3962d6a2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5156c27e-cd5f-4a23-b02e-3b7f46798fc1\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.701Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c87c39da807b939e27a9da7300100eb647c39c40\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7a2f49b0-092a-450b-8209-54b359528c7d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.198Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a9f6866ea496ad87fd0938370e0e4a54ed914dc8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d0be8e2a-7e53-40c2-9e49-45c3f65607ce\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.580Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c274d69b428ddc3cb4c0035c43d118d52c427b8e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8738b82b-2aa4-4688-86a3-c4fd83c27dbd\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.539Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f7d11aa147d026daf0bcbd47f0b7021d15a15c26\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b2e4bcea-64ec-4eb2-89c2-2b28f1ffb513\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.850Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a3e788c278d829bd2868c425172f8feb531b05b3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-92b9386f-2f76-4581-aad0-83016136578e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.896Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-09a6233800a619d9b807d493f15ed12dde6addb0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e14f3511-144e-44ae-a1f8-89e59232ed2e\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.276Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6110027a3c618da706e811cda6dede62aaf73093\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a2d1f5ae-c138-4722-9e90-109366aa3cef\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.945Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-297f3fa08f8ef35174ccb1106cb2484586d0a3a1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0aac9f12-b342-4312-b8d3-bae4e2da4fb6\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.583Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-808f8b076b62741f8ce1ede4b5721876fbbe4802\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3d5a787-b6b5-456a-ba2f-dc44cecc3408\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.297Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6ad48bafba213f2fdd5d9117cc7c0dbd454d7a32\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-887efa89-f3dd-4ca7-acad-cb5365c24760\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.136Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aee8a737db2270c842756224ed0fba4af0eef6b6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-86cbc666-b895-48fa-be0b-86e446702f86\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.709Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3cad078ab96661a1cc2aa2e116b2b082c8c790f1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-539ac583-3f44-47da-8b3b-bedc425271f4\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.439Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-960adf6ab886de848cf9fe165d883ce1911276ab\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b161bfce-067d-4a6a-8849-3076aecbf44f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.800Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-95ac850f66f29d63e05fe0de1f7d241656adb19d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-87d0a0bf-5070-4cbe-a33b-4723e786230e\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.839Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-93c4585fd60065a0b548ee32084bfe3edac0a3b2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7fef9b37-2473-4d3f-88d5-4a1aee9e9684\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.793Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-55a12c155410ac79b15778b4c4cc4299f416f9a7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4ebfe90b-cbf7-4e28-b04a-a701ae227b73\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.817Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d48f23b001d533c244f1690fd95419439b484496\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3430af2a-b978-40bb-88b4-98b3c09e2b0f\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.588Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a47d45990b4a4e282eea1ecdf7790809bfcb3b31\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d889d864-c7d3-42a7-8154-d330e1d53000\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.909Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-763c92f3230cde6dae72b311a8ccafa3b2673355\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1324c8b4-1929-4c02-9b9b-54dc7754e3d8\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.122Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e2d6cd8d23f63ed40394922a286fc5b853bb2296\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f2f9af8b-488e-4290-a30b-c51d2dbb8203\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.865Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a32a60685ec9fa81695d753ca592fb8fa7e9ef65\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-70ea0421-3714-45b3-bdc5-670d29442f0f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.838Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6983e37dd1314589feff6e58f56543ddd2238738\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8c151c0-4e5d-46be-b59e-788657f40dbb\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.966Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ae75cff92f645a868adbb3049af36d1afd23f6df\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0fe3c56b-eda2-4ff0-8867-bb131bd66b19\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.366Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b74461a5c2f90f23d558303e4525af17ac115464\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3dcc4f38-ea10-4859-b897-a674f81e7765\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.068Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4cc64d58dca3df8d7774149a823772058de78b2a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-bdb7b207-9d52-4f62-8cd0-48b7b7d00d62\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.956Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-13764f579971a0835107ab46e398810cacb37c3d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d7a5c493-1433-4b95-99bc-83044196f0c9\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.514Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9d0695e171f8a3e1dffd6e07c25b0a1ef5ced005\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8bc9acb-ed17-4b50-b659-02a349da31d7\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.404Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ce2be68e5ed09b824436a05ffc38ed0ece81cf5b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5ad01041-fe0a-4a82-8836-823fbb7a07cf\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.228Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1d993a269ea0625f7e3cc5481a2031f8118a7276\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5e4cd7d4-dc18-464c-83ca-af749081419b\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.514Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-593baada880e0d1ac33f59de2508ccbf81ac12a9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-49677a19-c407-4e0a-a28a-d8d604c6c1ce\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.466Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-add3bd101bfa998b8e70cc5932889ec4758fc430\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5bd8ada1-65c0-48b3-80e7-606206a34b77\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.117Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-117e115ed481e24b24c90a892d3f6dc60b7a96d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5b747482-9920-43e6-82bb-73e06bf3f607\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.474Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c3e4d6363f2f0515c43a2c4e85237cba8b31f66\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2dde8cbc-1a7e-4888-9523-eb510968157e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.160Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2020-04-07T07:41:44.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"},\"schema_version\":\"1.0.0\",\"observable\":{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/cd2275c3415e26f96cf78be39f7b892d\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha1-5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"severity\":\"High\",\"tlp\":\"green\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":100,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e4f988a3041bce6e0fad9f1dc620e9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f6def4a7-86dc-42b2-bec4-9b48b212e960\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:35:58.000Z\",\"end_time\":\"2020-11-17T08:52:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-24a7ed5e06b0997a82dac23a98cd7cd0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-af0e53c6-58fc-4e8d-855a-08cd509ecbbc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-12T17:54:54.288Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-08T16:35:46.000Z\",\"end_time\":\"2022-02-08T16:52:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212889a0d2f2d477c3b3b94d55788c2d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-b45a4e8a-a4ba-4e97-a42f-3fae9494a0bd\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-16T16:19:08.000Z\",\"end_time\":\"2020-10-16T16:27:39.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ed11cf9ba4767a045a8078b300b34bf\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a42c320e-559e-4232-96f0-80e8d103c708\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T20:59:05.000Z\",\"end_time\":\"2021-10-21T21:12:20.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-487167781221d890aedc92e271380a68\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-583843ea-25d2-4165-826c-4256c2f6680f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-01T17:05:26.000Z\",\"end_time\":\"2021-11-01T17:19:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-68dc97a1fd873abcdb143ccfb7b1b255\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-15f8c0d1-946d-4d71-8093-39f278d6c56e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T20:07:26.000Z\",\"end_time\":\"2020-10-30T20:12:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212bfa058d713132e87f513ee86885b5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-087dc865-d86a-42b6-b10f-b4d6deeb71fb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T14:23:08.000Z\",\"end_time\":\"2020-12-04T14:29:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f246e247d7394c1b50a2676a3072bd4d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8cd5697-505e-4d1f-9e6f-843afb07422c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-27T07:59:07.000Z\",\"end_time\":\"2021-07-27T08:08:25.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb27d870e0d4577f6440ff706dd5c211\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bc092f3e-adb0-49db-885c-ceba5531ce74\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T16:14:08.749Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-31T17:49:36.000Z\",\"end_time\":\"2022-03-31T17:55:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33437b83732b20e128f801914d387652\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4a5c2eac-9b76-4746-94c3-36143c14263b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:43:23.081Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T15:29:24.000Z\",\"end_time\":\"2022-11-08T15:51:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4540b5c5a11fcb59ac9cd6cef151a4c5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7dc9540d-2e33-4206-8d16-0a352a8998a9\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-19T17:20:26.369Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-17T16:18:25.000Z\",\"end_time\":\"2022-03-17T16:28:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6d6713e4f9e7dbc2994f8068af501097\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e9bd94b0-31c3-4268-a845-27bdfd479c55\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:59:17.022Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T18:59:42.000Z\",\"end_time\":\"2022-11-08T19:17:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1800637c959a52480bfd7bda6bda4755\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8b096985-fc70-4191-b757-03417b406de4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-07T18:52:25.000Z\",\"end_time\":\"2021-10-07T19:01:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1ffa74226a06e11bd93392b3f90b1cf3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-928827ef-3ef2-4cc6-9d02-262964f045ae\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-27T21:27:25.000Z\",\"end_time\":\"2021-01-27T21:37:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4434973766bcaf7d8a6163788047dba8\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-593b6a3b-33d6-49ff-ac13-23fb49eedd67\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-19T18:35:17.000Z\",\"end_time\":\"2021-10-19T18:48:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3602a4b03d5aa7fa65a9317f3345fb13\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-33ed1056-95d1-4c76-afd5-5a076a4e4b35\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-18T10:31:48.909Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-16T18:59:28.000Z\",\"end_time\":\"2022-03-16T19:10:00.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-066cc8df482720e98cf7fce0a1075d1a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e71e7f34-087f-415b-afb3-a80e2fd89029\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-13T02:05:37.000Z\",\"end_time\":\"2021-10-13T02:13:37.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b0c3182489aafdceef38476276dbd052\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a9b8f1c8-e25e-4fa8-9075-730b4a4ab71d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T14:23:38.000Z\",\"end_time\":\"2020-12-04T14:30:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-13b2214bf6d0eba2278af1d269ad883a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.616Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T19:27:15.000Z\",\"end_time\":\"2022-11-17T19:37:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0bd75e262dfad965ccdae90d4284629d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.203Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T19:47:37.000Z\",\"end_time\":\"2022-11-08T20:05:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c044fa761e7d041db73f5a54fc1a43b9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.494Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-05T12:07:06.000Z\",\"end_time\":\"2023-07-05T12:15:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-ebe35e82bc562b5df50a1b25e7099c30\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-678535f1-fea4-4a84-99c1-75fceecbd752\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-24T03:45:57.716Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-20T13:47:47.000Z\",\"end_time\":\"2022-01-20T14:08:36.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5bbfc088705e99177493de6f0d3a5cd7\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ea9f0688-625b-46e5-838d-227bcb2eaa8b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-29T13:19:39.000Z\",\"end_time\":\"2021-07-29T13:29:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-45a51ed43f4b077ddd0311924087fd7c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90bc5d02-91a1-443a-a680-492fd087c56f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-07T16:37:57.000Z\",\"end_time\":\"2021-09-07T16:52:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7420188d21b4b13db023a5587b3c7aa\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:58.979Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-21T16:26:50.000Z\",\"end_time\":\"2022-11-21T16:41:01.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-9eaef8b6b2e75b55e42fc2e7072dda8c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7874d7c5-da9d-4f16-b1fc-0b6e4a977724\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-02T15:45:01.000Z\",\"end_time\":\"2021-08-02T15:59:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-582eed5dca0044d0371407de198e8026\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-01df3d58-8144-46cb-8335-ce275527cc0f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-24T09:13:47.000Z\",\"end_time\":\"2021-08-24T09:23:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-161c62dedb5375af9b77aa8c92e98bf1\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-12c627d0-c423-4ecb-a7e6-800c93b7bc32\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-30T03:22:16.421Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-26T01:53:44.000Z\",\"end_time\":\"2022-01-26T02:14:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-54ce6c6e96474dba1c3223f887c4c52e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a0cf498e-8c27-4154-ad10-a2827a94d3c8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T13:05:09.000Z\",\"end_time\":\"2021-06-21T13:14:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-18d3499a967805381d5ff741f6ad5d28\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-106c372f-ef01-4d3f-86c2-12a4b0027c4f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-14T14:05:36.000Z\",\"end_time\":\"2021-12-14T14:22:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6462622fb8011601a09cb86bd46045e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9de80af4-e6b0-460e-b319-bbdd4267953c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T08:55:02.000Z\",\"end_time\":\"2021-10-21T09:03:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9fc6a1612d405946200b8e27f17c6e4\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-11e3fe04-f6ea-4bcb-b4a6-bf0f24405627\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-05T06:05:48.246Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-02T20:59:52.000Z\",\"end_time\":\"2022-11-02T21:22:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c5441e7de65b2656fceee47c4ac3b547\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dcf6045f-d5b0-47bd-87e1-e8fb6357299e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T17:42:17.000Z\",\"end_time\":\"2021-10-14T18:01:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-040f760c510edc094bf1b4c57878cc07\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.641Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-30T14:55:36.000Z\",\"end_time\":\"2023-01-30T15:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e5eeb8ab3269ae22e389bfb0c54e24fb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-64b42a32-1883-48aa-9aba-25fc05dc4f42\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-12T00:48:18.151Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-09T17:58:57.000Z\",\"end_time\":\"2022-03-09T18:24:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-614c5dbda629a16f79485e837f37d07c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-52225490-3785-477d-897b-363e84dad5a2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-12T18:15:59.000Z\",\"end_time\":\"2021-10-12T18:36:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5eb5a5d3b5aba303a8030f0f80bdb747\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7561c58d-683f-4037-b379-6e00e51d716f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-09T16:15:11.000Z\",\"end_time\":\"2021-08-09T16:29:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81f760143d1d4774a4b3ed76df9d7ac0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.232Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-17T12:48:36.000Z\",\"end_time\":\"2023-01-17T13:11:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9d4404973f89bbb1041921e98cb4820\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-580a42fb-633f-4875-a052-96d589aa8aa9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-02T21:16:27.000Z\",\"end_time\":\"2020-11-02T21:20:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a999cf5cb17033a10225641f3bd2afba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c1fb488a-b373-486a-9020-1f4f8f72c90b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-11T18:44:08.000Z\",\"end_time\":\"2021-10-11T19:04:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3c6bef8cc3cbf26dc99ae77b39797bb5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-46c6e7ad-bd72-486e-a60d-b1ec4afd8720\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-06T18:09:48.131Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-02T14:09:35.000Z\",\"end_time\":\"2022-02-02T14:26:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e79efbaf99d11c3cf6f2e81fb99eaca2\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d54f9c6a-bfc7-40f5-9c81-a00f733fdbc4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:36:52.000Z\",\"end_time\":\"2020-11-17T08:43:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-361043887560397b6c283da4c5aebd2a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.749Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-08-25T12:46:28.000Z\",\"end_time\":\"2023-08-25T12:53:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fefbc448127d7cfb9b187591576063b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2f99232c-6713-4e61-b731-10c345017b9a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-09T07:45:13.000Z\",\"end_time\":\"2021-07-09T07:55:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-da10f77e1e98e50e6d1f44ee9fc16e96\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0656524e-f3b9-4257-94e9-1d21341ae845\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-28T16:12:44.000Z\",\"end_time\":\"2021-09-28T16:21:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8461b50008f3d92cf6a2597b05db631b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-705533b7-be36-45eb-957c-ee688fd63fc6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-09-28T19:20:07.000Z\",\"end_time\":\"2020-09-28T19:29:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-07a0745863ae2771acd327d8a07332fe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6fd90d8b-9bb6-403c-9032-673f1cad79d0\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-08T15:54:11.000Z\",\"end_time\":\"2021-11-08T16:10:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-329c6fcf6be6340581fa856f39772ecd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7130e3d0-d15b-4756-9d72-ede374048677\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-31T21:58:47.383Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-29T20:39:18.000Z\",\"end_time\":\"2022-03-29T20:49:35.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aab2cfc797b4fde3f9b6925d994e8c3b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2687d0f4-0933-4ca9-bae5-7a4a3529e9aa\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-21T13:03:26.000Z\",\"end_time\":\"2021-12-21T13:19:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-459e47c7c53d89b86a31f5c6df11e03d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-76b70ee3-ec52-4056-98f9-2e2670d6de6e\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-16T21:57:10.891Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-14T21:55:05.000Z\",\"end_time\":\"2022-03-14T22:05:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf76f600a2af2c19f32d425520e94cfe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-22dcfd67-4676-4365-9392-4609fed75438\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T15:05:00.000Z\",\"end_time\":\"2021-10-18T15:13:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fd11120571777e118f1192cdae4759e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-025a2a02-2739-4658-a3b2-f47c6b0868d6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-06T17:28:29.000Z\",\"end_time\":\"2021-10-06T17:42:56.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-df9bc0c3-7f19-4140-8801-9ee753aeef3a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-23T20:15:53.000Z\",\"end_time\":\"2021-12-23T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aadbe6f0058a6896ec57e5749315bb1e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.263Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-16T12:24:25.000Z\",\"end_time\":\"2023-01-16T12:40:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33ebba9322b30f9bbce4cea352705745\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3309bcdf-a7a3-43ff-90fc-2cb7e2090866\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-08T15:43:17.000Z\",\"end_time\":\"2020-10-08T15:47:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81338238071dd3ce8ca2343b8507596d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2df1efdd-9758-4fab-94d0-b96637d54806\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-25T22:26:55.407Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-21T17:00:09.000Z\",\"end_time\":\"2022-02-21T17:09:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5873abbe7447ddd282bcad3a1c688771\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ddf8b857-32b0-4429-b3e5-bf376e2fe56c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-28T17:22:53.000Z\",\"end_time\":\"2021-07-28T17:36:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-440c401604feb297a4b8c6d3574bd03a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85f88373-ada3-4b3d-8097-f046b0ea79da\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-05T08:04:19.000Z\",\"end_time\":\"2021-07-05T08:14:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2e329216a9df995e09f6406f8b732993\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d0c7736f-99fb-4cd9-8021-abd692062a07\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T16:41:48.000Z\",\"end_time\":\"2020-10-30T16:46:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.14\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d8ba36bb037564ce1b0cd5aea1098cf9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d1d53d33-e68f-4389-ba44-a2048fdb39c2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-01-30T14:33:06.796Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-09-28T17:22:41.000Z\",\"end_time\":\"2022-09-28T17:44:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5cd84a69396b3aa4663e5f606b3cdf0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.365Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-05T12:06:56.000Z\",\"end_time\":\"2023-07-05T12:15:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aa8a5bcb0e269613fb2a9cb48a113876\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d9f28679-e119-4c3f-9742-7bb9a008d91c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-25T12:41:24.000Z\",\"end_time\":\"2021-08-25T12:51:26.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4e84062e-6143-4f4c-b151-1386205106fb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.265Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-03T14:36:32.000Z\",\"end_time\":\"2022-02-03T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-900e5e345e8193b84b808e2bf0fa16e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-20873d24-15af-4359-942a-df8a0050573d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-04T21:55:21.000Z\",\"end_time\":\"2020-12-04T22:01:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ea936a6774ff4698a0dff83cb6a7867\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-37debbdd-c786-4976-bc13-6c619be41d76\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T12:17:02.000Z\",\"end_time\":\"2021-10-28T12:27:40.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-34c259b4-1fe1-4273-8e50-b00a5f2b4419\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.411Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-03T14:36:32.000Z\",\"end_time\":\"2022-02-03T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-abda7ac4b9368db5a5c69e7a17416ba5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f14e53d0-20d4-4700-a2c6-fabb66a5edc2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-10T14:08:15.000Z\",\"end_time\":\"2021-06-10T14:16:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-771d51da-4071-4c3e-b45a-812cfbe9880a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-23T20:15:53.000Z\",\"end_time\":\"2021-12-23T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-48fed39715f044591724bed44dc49f35\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a125bb3a-6769-46a6-9929-e69694d427c5\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T08:48:33.000Z\",\"end_time\":\"2021-10-21T08:58:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3697d2f343a2e37c54b926ffc4fc7461\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-fcf6fba6-6b0a-4f51-8e2b-385846922672\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-16T16:31:46.000Z\",\"end_time\":\"2021-06-16T16:45:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f00166203cc58f37db87fe71969ad23c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2c34a3bc-8a34-4538-94ac-757310306143\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-25T19:41:08.000Z\",\"end_time\":\"2020-10-25T19:49:48.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf3c8f6b69c027f27e3727b6673a3237\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0e1f6a68-ff07-4d2b-91d3-6bd9ae7d75c4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T13:43:50.000Z\",\"end_time\":\"2021-10-18T14:04:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d5361bdf9f7e2619d7180b326305055e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e13c0720-ae4a-4349-ac73-ed22c5423893\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T14:06:02.000Z\",\"end_time\":\"2021-06-21T14:26:02.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7070dd836f1266934eba51c07422ff0c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-54aa0cd7-0f89-42a4-8066-406b6df28f0e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-18T04:27:39.000Z\",\"end_time\":\"2020-12-18T04:36:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8b3b8e08b9a12fb5d4a2a78e936127b3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-591dfb50-5bf5-4446-81b6-fc0163df89ec\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-30T16:41:47.000Z\",\"end_time\":\"2020-10-30T16:46:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b2766fa8cd69a03e2c332abf838bdb3f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-74f07b0e-0245-4131-b4d8-577f39b52cbf\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-06T11:23:59.000Z\",\"end_time\":\"2021-07-06T11:32:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-be7c5b569cb74eb04c577b68a13e4fda\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e80bb81f-decf-408d-a50d-1d0239cb4a0e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-12T16:27:52.000Z\",\"end_time\":\"2021-07-12T16:41:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0445534795da304113a1d18b330d0acb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-323b2c66-96f3-49ce-bf7b-c549306ee521\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-30T20:41:28.000Z\",\"end_time\":\"2020-11-30T20:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-38de421c1eace15dc5211066a8978488\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-30bb7f60-1b5c-44bc-8c9c-972034f7ea87\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-09T16:42:43.000Z\",\"end_time\":\"2021-07-09T17:03:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-831f917866630085e85c7262f5a8dd0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.057Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T17:52:51.000Z\",\"end_time\":\"2022-11-15T18:04:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fdbe8cc2fb6c28ce264b6e2460406ca\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8195773c-9f8c-46e7-9de8-c345b1b01804\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-07T00:21:20.000Z\",\"end_time\":\"2021-01-07T00:31:07.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-02b2eb94a8e359fedbfab93f564046e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7d602aa1-04a1-48fa-a708-3ee6510e4d76\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-20T07:46:55.000Z\",\"end_time\":\"2021-09-20T07:56:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-72e42c51b430a9773587d712679f493f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ee09afaf-8b06-4cc3-92b5-35008e7221f7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-14T16:55:23.000Z\",\"end_time\":\"2020-10-14T16:59:21.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-77f8083ab7f37854dc327b96cd8a83c9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c650af4a-0685-4d52-b741-86b96eb70c40\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T17:59:15.000Z\",\"end_time\":\"2021-06-21T18:12:06.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4c7f39a0d9e2e7345a6584369ebed9df\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d6d6e8a3-57e5-4a03-b382-493b7794d496\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-20T16:34:04.000Z\",\"end_time\":\"2021-07-20T16:48:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3abc1aece07243f578cdf080c88707e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a3f6e62e-a2b6-4a62-add0-8f322946aaf7\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-09T17:40:55.571Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-05T15:27:30.000Z\",\"end_time\":\"2022-01-05T15:48:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a32fadde91bc210cc020097a48b5799b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.440Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-17T14:55:02.000Z\",\"end_time\":\"2023-03-17T15:11:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-95a0cca274f886726d0228e3c8249446\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-08298ca2-af15-4dfb-a969-fc0a582c81f3\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-21T15:48:24.000Z\",\"end_time\":\"2021-06-21T16:08:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f489dacdb747ea733a4a8ea91a1678ba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-558b8d53-e78d-4baf-a7f1-f7a2e6272d20\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-11T18:28:17.000Z\",\"end_time\":\"2020-11-11T18:35:55.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-49eba74c4c65fea92943dafcc9c3e281\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-aa92d487-e097-4998-8968-349c7b497897\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-04T16:22:11.000Z\",\"end_time\":\"2021-11-04T16:41:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7d8ec9066482428eec4357deebfde0d6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-015be142-56ba-49b7-b3d6-2b305141fedc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T14:15:15.824Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-31T17:17:06.000Z\",\"end_time\":\"2022-03-31T17:23:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-83edd7f6e489f4db9c324d7a55d5bf6f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-620c8d59-3dbb-4835-aecb-a3af44071c8d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-08T15:47:58.000Z\",\"end_time\":\"2020-10-08T15:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-104fdd3a7b6735940a061217a1a2870f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.666Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-13T20:35:53.000Z\",\"end_time\":\"2022-11-13T20:53:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-73b2b49cc3c97e3de4b2969fa0ef852f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e60b840d-d7e0-4c71-9833-78201de0d3c7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-07T07:23:34.000Z\",\"end_time\":\"2021-10-07T07:38:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0a32e8d5ac10c5a1750c62880e9946e0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bca11019-6769-4ad8-8062-d6e186416b7a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-09T08:05:23.000Z\",\"end_time\":\"2021-11-09T08:21:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-decb8b9ca273839b23592123ccc9c216\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebfd4285-1b13-47d3-8a91-1452af7443e2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-17T08:36:41.000Z\",\"end_time\":\"2020-11-17T08:43:33.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-04287f919a3def5f1d2bd9eecfc2ffac\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.857Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-02-22T04:56:32.000Z\",\"end_time\":\"2023-02-22T05:00:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb00b006329e50beb56d36e711a4d127\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-639194c0-596e-44fe-ada5-077ae39455ac\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-09T15:33:10.000Z\",\"end_time\":\"2020-11-09T15:39:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3381fc9baf8e6e7a24e6ff9ab28d5ddd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8b30e35a-f457-4608-a2bd-fc473dbd0483\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-24T09:21:21.000Z\",\"end_time\":\"2021-06-24T09:31:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-de8f372d27de40bb198879437c30ec4e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7bce8c41-0a5c-4fcf-b8db-1b02e803f44b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-11T08:25:02.000Z\",\"end_time\":\"2021-08-11T08:33:04.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:05:34.000Z\",\"end_time\":\"2023-11-03T09:05:34.000Z\"},\"producer\":\"Jane Ginn\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WannaCry\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-04T09:05:34.000Z\",\"end_time\":\"2023-11-03T09:05:34.000Z\"},\"producer\":\"Nick Bradley\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WCry2 Ransomware Outbreak\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"id\":\"transient:relationship-876e0dfc-5a91-41d4-9e3a-c84a97a624a0\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"id\":\"transient:relationship-36ea4478-230f-4173-8063-99effc0fa137\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WCry2 Ransomware Outbreak\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-01-28T15:29:21.215Z\",\"end_time\":\"2020-01-28T15:29:21.215Z\"}},{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WannaCry\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-09-30T19:42:53.350Z\",\"end_time\":\"2022-09-30T19:42:53.350Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-52c6fd37\",\"uuid\":\"6c40bfba-e788-47ca-b267-3cfa6894de1f\"}]", "short_description": "Snapshot @ 20210203 09:05:53", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-efd07322-e0b8-45e1-a92e-6c9bfc9ea917", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:06:02.273Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force SHA256 Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "sha1:\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":8235239999.999976,\"updated-perf\":8235244999.99985,\"type\":\"collect\",\"created\":\"2021-02-03T09:05:25.348Z\",\"state\":\"ok\",\"arg\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"result\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"id\":\"collect-fa03477d\",\"uuid\":\"9844aae9-044c-4926-801d-29766c53f5fd\"},{\"created-perf\":18035580000.00021,\"updated-perf\":18035580000.00021,\"type\":\"investigate\",\"created\":\"2021-02-03T09:05:35.148Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha1\",\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"},\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"attack_patterns\":{\"count\":3,\"docs\":[{\"description\":\"The adversary is trying to avoid being detected.\\n\\nDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Defense Evasion\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--78b23412-0651-46d7-a540-170a1ce8bd5a\",\"hydrant-25a33a3c5210a2e663ac52b66faff3cb7b55870d1a952a9173c3b90e67c188a2\",\"ATT&CK-TA0005\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0005\",\"external_id\":\"TA0005\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-91fa4286-7926-4ec6-92fe-1be5a3b4b812\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"defense-evasion\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:43:23.473Z\"},{\"description\":\"The adversary is trying to move through your environment.\\n\\nLateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Lateral Movement\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--7141578b-e50b-4dcc-bfa4-08a8dd689e9e\",\"hydrant-62e6b191c0c8340b08d2c0514e8a226d21acbf3e8711e18e203104c2d7e4007e\",\"ATT&CK-TA0008\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0008\",\"external_id\":\"TA0008\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-edb90156-c9fe-45ee-960e-c65e815cb92b\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"lateral-movement\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"actions-on-objective\"}],\"timestamp\":\"2019-07-19T17:44:36.953Z\"},{\"description\":\"The adversary is trying to run malicious code.\\n\\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. \",\"abstraction_level\":\"category\",\"schema_version\":\"1.0.16\",\"name\":\"Execution\",\"type\":\"attack-pattern\",\"source\":\"MITRE Enterprise ATT&CK\",\"external_ids\":[\"x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5\",\"hydrant-1290b3f81c16974cc715eb8cb79ec14a4974b553a8d4739bf6d4879bc96964ff\",\"ATT&CK-TA0002\"],\"external_references\":[{\"source_name\":\"mitre-attack\",\"url\":\"https://attack.mitre.org/tactics/TA0002\",\"external_id\":\"TA0002\"}],\"source_uri\":\"https://attack.mitre.org\",\"id\":\"https://intel.amp.cisco.com:443/ctia/attack-pattern/attack-pattern-f9897c17-481f-4815-b942-c9c2ac108f08\",\"tlp\":\"green\",\"kill_chain_phases\":[{\"kill_chain_name\":\"mitre-attack\",\"phase_name\":\"execution\"},{\"kill_chain_name\":\"lockheed-martin-cyber-kill-chain\",\"phase_name\":\"installation\"}],\"timestamp\":\"2019-07-19T17:42:06.909Z\"}]},\"indicators\":{\"count\":16,\"docs\":[{\"description\":\"A file was created in a fake Recycle Bin. This is done in an attempt to conceal the presence of the file on the system. Please review the 'Disk Artifacts' section in order to view additional details about this file.\",\"tags\":[\"recycler\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2014-10-09T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-29f64911fabc9b10792ef9527847486a977ea051697df8fff2634933977940c6\"],\"short_description\":\"Process Created a File in a Fake Recycle Bin folder\",\"title\":\"fake-recycler-file-creation\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-83bef109-0641-4fa9-bce6-73ee7a6932d7\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a malware variant that will encrypt common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\"],\"valid_time\":{\"start_time\":\"2018-10-03T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-6df1431824dad39727db47d8ec2c8d67ad0507c624b3e1b672c6740fa09712c6\"],\"short_description\":\"Generic Ransomware Detected\",\"title\":\"malware-generic-ransomware\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\"],\"valid_time\":{\"start_time\":\"2019-03-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus service flagged an artifact as malicious. When using antivirus software, relying on a single engine is susceptible to false-positives. Online services, such as VirusTotal and Reversing Labs, use multiple antivirus engines to scan a file and the scan results of all engines are taken together to make a more accurate determination. One or more of these services have indicated that the file is malicious with a high degree of confidence. The results of individual antivirus engine scans are displayed, if available.\",\"tags\":[\"file\",\"antivirus\"],\"valid_time\":{\"start_time\":\"2019-02-27T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ef8735e087cb3449b42e75de0c4b9cee68f481d16defd9b1b374325a2da6fe88\"],\"short_description\":\"Artifact Flagged Malicious by Antivirus Service\",\"title\":\"antivirus-service-flagged-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Volume Shadow Copies are snapshots of portions of a file system used for backups and System Restore points. The 'vssadmin.exe' utility provides a way to remove these copies. Malware authors may delete these copies in order to make recovery and access to a target's original files more difficult. This is especially true for ransomware varieties which encrypt files since these shadow copies may still contain the files in an unencrypted state.\",\"tags\":[\"crypto\",\"file\",\"system\"],\"valid_time\":{\"start_time\":\"2017-07-21T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-fc98412693920b7b7e900cab551dd26d0bdc9e3d13fa6c6f9b5e561d0fc3e20c\"],\"short_description\":\"Shadow Copy Deletion Detected\",\"title\":\"command-deleted-shadow-copy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An executable file was found in a recycle bin folder. The recycle bin is intended to hold deleted files in case the files need to be restored. Malware will often attempt to hide files by placing them in recycle bin folders and executing them from the recycle bin.\",\"tags\":[\"recycler\",\"executable\",\"file\",\"process\"],\"valid_time\":{\"start_time\":\"2019-05-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-ade122ee0771d8bf06bf93952ed7cf4bece911a5852fc74712d23323753ad7e8\"],\"short_description\":\"An Executable Found in Recycle Bin Folder\",\"title\":\"recycler-exe-artifact\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Wanacryptor is a ransomware variant. Once executed, Wanacryptor will encrypt files on the local machine. It will also attempt to spread itself like a worm using Windows SMB file shares. A ransom in the digital currency Bitcoin is demanded to decrypt the files.\",\"tags\":[\"ransomware\"],\"valid_time\":{\"start_time\":\"2020-01-17T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-01c5df46a35aff90bd2ab27799e2e8fadc18b7921c641bf3e8d454cc5f6eb63c\"],\"short_description\":\"Wanacryptor Ransomware Detected\",\"title\":\"malware-ransomware-wanacryptor\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A process set a new wallpaper for the desktop by modifying its associated registry key or file. This may be done to grab the user's attention or as a scare tactic. Ransomware will often change the desktop to leave instructions on how to pay the bounty.\",\"tags\":[\"process\",\"scareware\",\"registry\",\"ransom\"],\"valid_time\":{\"start_time\":\"2018-07-13T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-3e39186936137a88e3ee6fab67c7bed1f160044d17855adf628f9a80b07e6271\"],\"short_description\":\"Process Modified Desktop Wallpaper\",\"title\":\"desktop-wallpaper-modified\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"Ransomware is a class of malware that encrypts common media file types that are likely irreplaceable to the owner in question. Once files are encrypted the malware will provide instructions on how to provide the attackers a ransom, typically in the form of digital currency, in order to decrypt these files. It is also common for variants to delete shadow copies which are the default Windows backup mechanism for automatic backup generation. This is in order to prevent recovery of the original files from these backups. They also commonly make use of hidden services on the 'dark net' through onion networks like Tor which provides anonymity to their command and control infrastructure. This prevents their servers from being taken down by law enforcement or hosting entities once reported.\",\"tags\":[\"ransomware\",\"malware\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-01-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9117762eddb7bb41077183b8e9d86372a1f29137e11083c3b07656045fc59b9b\"],\"short_description\":\"Ransomware Backup Deletion Detected\",\"title\":\"malware-generic-ransomware-backup-del\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as potentially malicious. Additionally, a machine learning model has determined that the same artifact is likely malicious. The antivirus program uses a variety of checks on the artifact. The machine-learning engine uses a large number of known malicious samples to identify patterns across a large number of variables. The combination of both the antivirus hit and the machine-learning results are a strong indication of malicious patterns within the artifact.\",\"tags\":[\"cognitive\",\"antivirus\",\"machine learning\"],\"valid_time\":{\"start_time\":\"2021-09-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5ffce9cca6df51c588b20be93b6721d57e1f4615f5d1952b9b46d07f6f8f7aa8\"],\"short_description\":\"Artifact Flagged by Antivirus and Machine Learning Model\",\"title\":\"antivirus-flagged-artifact-cta\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"A machine learned model has determined that the specific set of indicators triggered by this sample signal a high likelihood of it being malicious. Some times, no single indicator by itself is sufficient to determine the malicious nature of behaviours. In such cases, the specific combination of indicators may be used to make a malicious determination. The machine learned model is trained to identify such combinations and takes into account the cumulative contributions by all triggered indicators in order to reach a conclusion.\",\"tags\":[\"suspicious\",\"threshold\",\"compound\"],\"valid_time\":{\"start_time\":\"2019-12-27T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-829a0f95fde3467f366a217995e55e139e708d32f8f330dbb8ba109ecb607743\"],\"short_description\":\"Specific Set Of Indicators Signaling High Likelihood of Maliciousness Detected\",\"title\":\"high-heuristic-score\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-925517bc-8bf2-4ec9-9f2c-96f30289f38b\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A JavaScript artifact was found to contain random looking variables. In addition, the script launches command prompt and uses it to execute a file. The combination of these two anomalies makes this sample highly suspicious.\",\"tags\":[\"javascript\",\"obfuscation\",\"compound\",\"process\",\"launch\"],\"valid_time\":{\"start_time\":\"2019-09-12T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-5d041358bebd89a8f121e2fa5f13293446daf12df2deb360f836432fdf900a7b\"],\"short_description\":\"Command Exe File Execution And JavaScript With Random Variables Detected\",\"title\":\"js-compound-random-cmdexec\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-8e61dec5-3ad0-434d-af15-835aff96ec23\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"A large amount of high entropy artifacts were written to disk. This is suspicious as artifacts which have high entropy are likely to be encrypted or obfuscated, which in turn could indicate that the sample in question is encrypting files, or is attempting to conceal the true intent of the files it is writing.\",\"tags\":[\"malware\",\"ransomware\"],\"valid_time\":{\"start_time\":\"2019-03-20T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-7f1dbc60300d88b794d0f72cb4def9ed202f6c3013d75e76d424f670f8d6e894\"],\"short_description\":\"Large Amount of High Entropy Artifacts Written\",\"title\":\"malware-generic-ransomware-entropy\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-02T00:00:00.000Z\",\"confidence\":\"High\"},{\"description\":\"An antivirus engine flagged an artifact as a Trojan. A Trojan is a program that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often a backdoor allowing unauthorized access to the system. Trojans may steal information or infect the host systems. They are commonly installed by drive-by downloads or embedded into games or Internet driven applications.\",\"tags\":[\"trojan\",\"RAT\"],\"valid_time\":{\"start_time\":\"2016-06-16T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-412c0f2e3e1998445f7fea4fbad7c95f06b57ddf8675b04d866f88d7e807468e\"],\"short_description\":\"Artifact Flagged as Known Trojan by Antivirus\",\"title\":\"malware-known-trojan-av\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1e12d77b-2dab-4ec4-bf20-b5ec827e0a51\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"},{\"description\":\"The WMI command tool (wmic.exe) is an interface to the Windows Management Instrumentation. It allows display and modification of local and remote computers, setting system variables and executing scripts. In this case, it is deleting shadow copies. Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Malware may delete these to prevent the user from restoring files that it has encrypted or destroyed.\",\"tags\":[\"system\",\"system modification\"],\"valid_time\":{\"start_time\":\"2018-02-14T00:00:00.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"producer\":\"Threat Grid\",\"schema_version\":\"1.0.19\",\"type\":\"indicator\",\"source\":\"Threat Grid Indicators\",\"external_ids\":[\"hydrant-9d62773bd830933e9293398e91706f67a52b6d0b7d32955372792ad077c87cbf\"],\"short_description\":\"WMIC Used to Delete Shadow Copy\",\"title\":\"wmic-shadowcopy-delete\",\"source_uri\":\"https://panacea.threatgrid.com\",\"id\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"tlp\":\"green\",\"timestamp\":\"2020-10-28T20:37:25.082Z\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2020-04-14T07:41:44.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"}}]},\"relationships\":{\"count\":100,\"docs\":[{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a109111c26ba5a7259f6ef0c39b1e2b246d27162\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ea2ce339-a0be-4c21-ba2a-1cbb52f4e365\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.505Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bd168ccb0d2da18e6e9b034d8481cda1d1d74f87\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fd689c9f-ec0b-43a7-ad98-a6cf7beed21c\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.334Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d7d715899d6655c9bb94472bf435d4c6e0afa14e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5215851e-b43d-42e1-aba0-9bf109766433\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.980Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-46b7b0a294ba312a48a4fe994be59a69d5e2a4de\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-feabb322-c5d3-4162-b66b-f71933fab4b4\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.649Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-35a8d0cbaa7bfa643a2c35269769db62b417b111\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3695bf4e-e7ff-479c-bda1-47074d27470d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.325Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-34ec69a67e7cfb064bea6f494d0e10d185852117\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-56cf99fc-080f-453b-a3ad-727d752d4ce2\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.368Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ec4b9aabb80e92d3c95b8a2c15389bc1acf270e6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8eedcac7-4d93-4cb4-82ea-e71db7467162\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.192Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-96b33f59eff786b71947eeff25122ddeca934363\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2a835bce-26e6-41eb-837d-c3f87d787ca9\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.809Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c8e4dae4399b1ff0f4d0afdde0dee123384ad3db\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dd7b2089-682c-4a17-b60e-f1b7a952ea11\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.413Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-71a27b4e37eb0f62e0eee03c42363d6182cefe88\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-63701147-3442-4954-8a2b-aaa25dc9d9ea\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.768Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8e46ccce936152a500cefc8682b213194d611f98\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b17cbcbd-e5fd-439a-9228-1d5e4cacb6e2\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.094Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-81ddefe9149d63ad6d7a39ad57887ec294d901c2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-32f5952c-f6d3-4576-91fa-75da2285792d\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.804Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3abbc21a1a532d382f65f7ea85920dc84802c796\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d15614a3-1371-48e9-8348-7a6aede62930\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.277Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d214cf48a8ff7fffeef2e6cf5e777cc21e4ae7ad\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a11ff3e4-990e-48a2-bee0-ba093911c9fa\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.101Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cce77171559854ea05ca37c8b5a3ae52a118b189\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-39ddfe80-5376-43b4-ba3f-f17ded8698b8\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.085Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-433beea745728e3bdbd17fce2431ac004dbdcd54\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-536af2e3-06cf-4713-8da2-dd1d507f9282\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.684Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c06bc4d89287f458c04ed5edede109e91dc4fa6b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3311fc09-00d8-4502-b118-0e0de8ad1bd7\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.700Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-16cea0d7205b6be01431bfeaf2419a6f6a73c67c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dad98dfa-ed5a-4040-ab18-f7be5be53b8d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.970Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e415b20ae8689a4cdca7dae8d9a98a2323348787\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b75a0659-5353-41f4-ab74-b9ec374af2d9\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.685Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8460943ee44d929dd055dd618761708c9c9ca905\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e1de555d-67f3-460c-b984-5d83b851d0d6\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.146Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3f3d895c0ebe1cc92cc0785c3d41085b744f7cdd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-13a40de6-2279-47fe-9520-556ee777fe74\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.712Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a8c5719cfff43bb2e023c552c0fea216780cd761\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e247e8a0-c2e1-4f28-8aad-735076423110\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.603Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-734163bea91678e56da80b49d640f771003465a3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-37d79efd-54d6-4459-a8a6-c01098292d53\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.774Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d355ef6fdbb88e0b97717a01881ef116b3282133\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-eeefb352-7e7f-4b60-9c9d-09babb9bfb2f\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.776Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e150aa9f0258e2de72a65d3add3df6d2432031f8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3e6194d-d15c-4b9c-a545-20742222ce01\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.476Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4bfba4797e88c60a19046bde8c2428f95a2fad8e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2ed83e74-bd8a-46f4-aaee-13e45070b740\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.631Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f940ea2bffe755fab74362e4af31aec13e3ebbc0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7f5668a4-2735-439a-a0db-66de427df132\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.879Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9f1422585970072ef82d1f972826765d04be6114\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-9eb831a9-263c-4762-8b88-ff3eeff58084\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.898Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-01b2de29ce849caf9a76811e13902e3c349ab3d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-cce94249-a90a-46ef-9557-565e6776ce4e\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.675Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-438115782b16d3be80ed61111c957a82d921db2c\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f631276c-13d6-4de5-aafb-f87fb26b7e8e\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.721Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f315729fe65f8fa9440cc04623ba67f5bf6b5a48\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3bc64f84-1020-40b1-83c1-663308ff6563\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.871Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-8fb125bc0248c06d4ff9c591a7bc3fbe6e9e5fb6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-305d99bf-2953-4848-97d9-8a0f93792954\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.049Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f64c0de5c95a8907a72260c53dd0030f36a2c8f7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-27d0adce-1009-4301-bf4b-d54eeb36a83c\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.744Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c2fb197783127db1f0878169deaf4c47444ac7f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-db5fa300-1c22-4441-b669-a70355c15202\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.059Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-bfe34c3384996e8205f0ddb909eece885492a890\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8437e6c6-8211-4545-bb2a-30ff1c8d5b27\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.874Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-7ef12f8dab6dbaaf28771e64509966166767dc1f\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-513110a6-f24d-42d3-a972-47acfcf0160b\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.017Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-00473087a72eb68c14e4ca0cc3f5f6b88ab5f923\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3665d4e-67e5-4b32-943a-b00c8cf76764\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.375Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3735a4e879a3023e70918bc511b654be77ac5156\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5036b37b-14a4-4724-a71e-67517b9fb253\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.766Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-14c9b18a5074a73f35e381823ca37e9fb1e5089e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8619ceb9-925f-4435-9df8-a96a8a958614\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.734Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cdc91edf7ed17c3baedde08187925079ad9f1e75\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-fdb62f6a-e054-4b92-8440-68bdb92cc824\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.254Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e5ec916dd334e272727886cf34e9a37aaf3f8a38\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a4e5895f-8a92-44a5-a2b0-6e588d6beaf3\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.333Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c30090ed14d272b9c061dbdfa7ab89b4acd1f1d0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0ec3fc93-f53a-4894-bf8f-7b6fd9d4dc1a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.328Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a846a32dc303a85edb80b096f869b77cbdc27926\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e0dde6a6-5ff0-44b1-a68e-a78193ec0a90\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.679Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4dc389c6692cf9f63496d25ad3cdcb4f406b5fc2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3c802436-b501-4c81-a3d3-e0e48870ed54\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.833Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c1b93e27c436d179533a17632c9d7f3576518e56\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-11d98baa-c9c0-4d59-a6ab-643587a5ce9f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.864Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-31a525aa5f526e7f4cc10efaa874d421d84e71f7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0e9cd375-c49a-4c21-8279-1ac1083e3bae\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.116Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a6b53b9b51c60800f2beff54fbe3f90b9bb30c4e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c7c3f4cb-49cf-40c9-b339-d3a97790c55a\",\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:59.180Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-fac88726e44805257a9ba9e84442727b24cd41c9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8e746666-4e78-4546-8674-12bd4b4ba988\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.780Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3020da52cde7396bfab5d5903358de624dc73778\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-ab318187-b354-4792-9b19-715eb7134e1a\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.051Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9376a82a531324750eb608f7d7fd3768769ae84e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0b120750-ef32-4f2c-8723-ea2f56ad9ab3\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.464Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1a286115672e82704fc001cf4f1682dae5edf980\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d849e40b-c0a0-4bc5-91cf-52c929aa682f\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.448Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-2ac100f4db7818a7ee749094c45333d17a1fb6cd\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e89b527b-3826-49a0-be34-da9a28fbd860\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.399Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-35cc2b405fb9f096422c168438d0ecb58cb508cc\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-12518ddb-e20a-47d7-bdf6-95fe974e1836\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.299Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-451bc56c6819a9031b26bc893dd65c4d4268cfa5\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3dafd77-1f28-4e21-adbf-028d143866d3\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.936Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5267dcbacdefcece03664e1a48f7fcf391a83412\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-09d58326-8045-44f2-b6c8-b0c901f072e9\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.885Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-65c00516-5565-4383-8c60-bed7b7d394d2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e7ff9c31557b5adee40271f645e7abbd859c558d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-367bc87c-2aae-4ea7-a2db-7338fc7f9f63\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.553Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c410eea4dc8c1183860ed5ca3367083ae8db8670\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-17cde4dd-c7c6-4586-93c2-e5c3f4630ded\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.927Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-99a658520bb70871edddf1f1b6f3ac53441abba1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f6c4957a-1ec4-46f2-a5a2-2910b3a14765\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.527Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-78b1d38c48a74b638e3e7e58e2a746cc23967106\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5953c725-899a-4af6-80c4-a8a26f7ff869\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.550Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-cdb1a619b9f4e105e580ba6b3dee8c1204d52cf2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c2de3912-a52b-491c-a595-9fd50ed84b31\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:31.187Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-eb6a2dae0dde9504cecce234faf2319785ca7027\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-087e6bd7-9420-4763-b861-7c1b29f2cb2d\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.459Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3c5a425f9d65f317f6d4ab0eda0d411c10a4d162\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a144596b-abaa-4427-94e6-7711ef178af7\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.431Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-22591191614782cd879d27c169b0bd13335e333b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6b493cb9-40f1-47e4-81f7-133b7cd30675\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.221Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ee9f3e37136eb24db48981e61febf2264d157240\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-6073843f-b010-4254-860d-a3f7b3cb7f05\",\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.410Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-5df7f5fab68de81d06c056f7852bef7b0fab6309\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d7d2e7c2-a376-456c-ab40-842c5dc18bdb\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.995Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4d192f503a6197672094e20947226d6939691691\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-dcf236a4-dd51-479b-bcf1-e410c2654747\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.367Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f0ca0d074335093fa841ce5cc6d99e6f3962d6a2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5156c27e-cd5f-4a23-b02e-3b7f46798fc1\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.701Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.23\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c87c39da807b939e27a9da7300100eb647c39c40\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7a2f49b0-092a-450b-8209-54b359528c7d\",\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:03.198Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a9f6866ea496ad87fd0938370e0e4a54ed914dc8\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d0be8e2a-7e53-40c2-9e49-45c3f65607ce\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.580Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-c274d69b428ddc3cb4c0035c43d118d52c427b8e\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-8738b82b-2aa4-4688-86a3-c4fd83c27dbd\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.539Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-f7d11aa147d026daf0bcbd47f0b7021d15a15c26\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b2e4bcea-64ec-4eb2-89c2-2b28f1ffb513\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.850Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a3e788c278d829bd2868c425172f8feb531b05b3\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-92b9386f-2f76-4581-aad0-83016136578e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.896Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-09a6233800a619d9b807d493f15ed12dde6addb0\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-e14f3511-144e-44ae-a1f8-89e59232ed2e\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.276Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6110027a3c618da706e811cda6dede62aaf73093\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-a2d1f5ae-c138-4722-9e90-109366aa3cef\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.945Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-297f3fa08f8ef35174ccb1106cb2484586d0a3a1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0aac9f12-b342-4312-b8d3-bae4e2da4fb6\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.583Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-9ee5f0cb-25b8-4b3d-8858-23505d25c30f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-808f8b076b62741f8ce1ede4b5721876fbbe4802\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-c3d5a787-b6b5-456a-ba2f-dc44cecc3408\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.297Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6ad48bafba213f2fdd5d9117cc7c0dbd454d7a32\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-887efa89-f3dd-4ca7-acad-cb5365c24760\",\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:35.136Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-aee8a737db2270c842756224ed0fba4af0eef6b6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-86cbc666-b895-48fa-be0b-86e446702f86\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.709Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-3cad078ab96661a1cc2aa2e116b2b082c8c790f1\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-539ac583-3f44-47da-8b3b-bedc425271f4\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.439Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-960adf6ab886de848cf9fe165d883ce1911276ab\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-b161bfce-067d-4a6a-8849-3076aecbf44f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.800Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-95ac850f66f29d63e05fe0de1f7d241656adb19d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-87d0a0bf-5070-4cbe-a33b-4723e786230e\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.839Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-93c4585fd60065a0b548ee32084bfe3edac0a3b2\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-7fef9b37-2473-4d3f-88d5-4a1aee9e9684\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.793Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-55a12c155410ac79b15778b4c4cc4299f416f9a7\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-4ebfe90b-cbf7-4e28-b04a-a701ae227b73\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.817Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-d48f23b001d533c244f1690fd95419439b484496\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3430af2a-b978-40bb-88b4-98b3c09e2b0f\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.588Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-89dcaae2-0d78-4e8d-80b2-69d76799dd35\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a47d45990b4a4e282eea1ecdf7790809bfcb3b31\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d889d864-c7d3-42a7-8154-d330e1d53000\",\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.909Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-73b6835a-4c0a-422f-9f12-ed4ae4502093\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-763c92f3230cde6dae72b311a8ccafa3b2673355\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-1324c8b4-1929-4c02-9b9b-54dc7754e3d8\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.122Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-1ebe17e8-1b93-40cb-a3d0-f689acefcb60\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-e2d6cd8d23f63ed40394922a286fc5b853bb2296\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-f2f9af8b-488e-4290-a30b-c51d2dbb8203\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.865Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-a32a60685ec9fa81695d753ca592fb8fa7e9ef65\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-70ea0421-3714-45b3-bdc5-670d29442f0f\",\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.838Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-6983e37dd1314589feff6e58f56543ddd2238738\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8c151c0-4e5d-46be-b59e-788657f40dbb\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.966Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ae75cff92f645a868adbb3049af36d1afd23f6df\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-0fe3c56b-eda2-4ff0-8867-bb131bd66b19\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.366Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-b74461a5c2f90f23d558303e4525af17ac115464\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-3dcc4f38-ea10-4859-b897-a674f81e7765\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.068Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-3fec1bf6-b1cc-40bb-ace6-9ed65d1cbde2\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4cc64d58dca3df8d7774149a823772058de78b2a\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-bdb7b207-9d52-4f62-8cd0-48b7b7d00d62\",\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.956Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-0b627b13-6481-4b39-b240-42db3b652acc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-13764f579971a0835107ab46e398810cacb37c3d\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d7a5c493-1433-4b95-99bc-83044196f0c9\",\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.514Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-9d0695e171f8a3e1dffd6e07c25b0a1ef5ced005\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-d8bc9acb-ed17-4b50-b659-02a349da31d7\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.404Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-acc8e637-4ec8-430d-9b99-9aeb59e32590\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-ce2be68e5ed09b824436a05ffc38ed0ece81cf5b\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5ad01041-fe0a-4a82-8836-823fbb7a07cf\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.228Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-1d993a269ea0625f7e3cc5481a2031f8118a7276\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5e4cd7d4-dc18-464c-83ca-af749081419b\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.514Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-7e77007a-2f3f-407e-9b4b-8cae3c2e5a12\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-593baada880e0d1ac33f59de2508ccbf81ac12a9\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-49677a19-c407-4e0a-a28a-d8d604c6c1ce\",\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.466Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.19\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-ebb47223-3a67-4baf-bf21-0fffef83c21e\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-add3bd101bfa998b8e70cc5932889ec4758fc430\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5bd8ada1-65c0-48b3-80e7-606206a34b77\",\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:19.117Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-78244181-63d7-4643-b466-f6a1c359144f\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-117e115ed481e24b24c90a892d3f6dc60b7a96d6\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-5b747482-9920-43e6-82bb-73e06bf3f607\",\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.474Z\",\"relationship_type\":\"indicates\"},{\"schema_version\":\"1.0.16\",\"target_ref\":\"https://intel.amp.cisco.com:443/ctia/indicator/indicator-066784ec-9c0a-494b-bf62-92abe1ad8ddc\",\"type\":\"relationship\",\"source\":\"AMP Threat Grid Sample Analysis\",\"external_ids\":[\"relationship-4c3e4d6363f2f0515c43a2c4e85237cba8b31f66\"],\"source_ref\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"id\":\"https://intel.amp.cisco.com:443/ctia/relationship/relationship-2dde8cbc-1a7e-4888-9523-eb510968157e\",\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.160Z\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2020-04-14T07:41:44.000Z\",\"end_time\":\"2527-09-08T00:00:00.000Z\"},\"schema_version\":\"1.0.0\",\"observable\":{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"},\"reason_uri\":\"https://panacea.threatgrid.com/samples/cd2275c3415e26f96cf78be39f7b892d\",\"type\":\"judgement\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-disposition-judgement-sha1-5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\"],\"disposition\":2,\"reason\":\"AMP Threat Grid Sample Analysis\",\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-fef7cad0-9c95-4c70-b948-ed6c60138690\",\"severity\":\"High\",\"tlp\":\"green\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":100,\"docs\":[{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e4f988a3041bce6e0fad9f1dc620e9d9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f6def4a7-86dc-42b2-bec4-9b48b212e960\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:35:58.000Z\",\"end_time\":\"2020-11-24T08:52:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-24a7ed5e06b0997a82dac23a98cd7cd0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-af0e53c6-58fc-4e8d-855a-08cd509ecbbc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-12T17:54:54.288Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-15T16:35:46.000Z\",\"end_time\":\"2022-02-15T16:52:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212889a0d2f2d477c3b3b94d55788c2d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-b45a4e8a-a4ba-4e97-a42f-3fae9494a0bd\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-23T16:19:08.000Z\",\"end_time\":\"2020-10-23T16:27:39.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ed11cf9ba4767a045a8078b300b34bf\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a42c320e-559e-4232-96f0-80e8d103c708\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T20:59:05.000Z\",\"end_time\":\"2021-10-28T21:12:20.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-487167781221d890aedc92e271380a68\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-583843ea-25d2-4165-826c-4256c2f6680f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-08T17:05:26.000Z\",\"end_time\":\"2021-11-08T17:19:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-68dc97a1fd873abcdb143ccfb7b1b255\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-15f8c0d1-946d-4d71-8093-39f278d6c56e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T20:07:26.000Z\",\"end_time\":\"2020-11-06T20:12:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-212bfa058d713132e87f513ee86885b5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-087dc865-d86a-42b6-b10f-b4d6deeb71fb\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T14:23:08.000Z\",\"end_time\":\"2020-12-11T14:29:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f246e247d7394c1b50a2676a3072bd4d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a8cd5697-505e-4d1f-9e6f-843afb07422c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-03T07:59:07.000Z\",\"end_time\":\"2021-08-03T08:08:25.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb27d870e0d4577f6440ff706dd5c211\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bc092f3e-adb0-49db-885c-ceba5531ce74\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T16:14:08.749Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-07T17:49:36.000Z\",\"end_time\":\"2022-04-07T17:55:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33437b83732b20e128f801914d387652\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4a5c2eac-9b76-4746-94c3-36143c14263b\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:43:23.081Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T15:29:24.000Z\",\"end_time\":\"2022-11-15T15:51:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4540b5c5a11fcb59ac9cd6cef151a4c5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7dc9540d-2e33-4206-8d16-0a352a8998a9\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-19T17:20:26.369Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-24T16:18:25.000Z\",\"end_time\":\"2022-03-24T16:28:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6d6713e4f9e7dbc2994f8068af501097\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e9bd94b0-31c3-4268-a845-27bdfd479c55\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T07:59:17.022Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T18:59:42.000Z\",\"end_time\":\"2022-11-15T19:17:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1800637c959a52480bfd7bda6bda4755\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8b096985-fc70-4191-b757-03417b406de4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T18:52:25.000Z\",\"end_time\":\"2021-10-14T19:01:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-1ffa74226a06e11bd93392b3f90b1cf3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-928827ef-3ef2-4cc6-9d02-262964f045ae\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-02-03T21:27:25.000Z\",\"end_time\":\"2021-02-03T21:37:53.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4434973766bcaf7d8a6163788047dba8\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-593b6a3b-33d6-49ff-ac13-23fb49eedd67\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-26T18:35:17.000Z\",\"end_time\":\"2021-10-26T18:48:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3602a4b03d5aa7fa65a9317f3345fb13\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-33ed1056-95d1-4c76-afd5-5a076a4e4b35\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-18T10:31:48.909Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-23T18:59:28.000Z\",\"end_time\":\"2022-03-23T19:10:00.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-066cc8df482720e98cf7fce0a1075d1a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e71e7f34-087f-415b-afb3-a80e2fd89029\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-20T02:05:37.000Z\",\"end_time\":\"2021-10-20T02:13:37.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b0c3182489aafdceef38476276dbd052\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a9b8f1c8-e25e-4fa8-9075-730b4a4ab71d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T14:23:38.000Z\",\"end_time\":\"2020-12-11T14:30:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-13b2214bf6d0eba2278af1d269ad883a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7e2f23b2-9832-40e0-8c4d-cf1ed392518f\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-20T09:01:52.616Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-24T19:27:15.000Z\",\"end_time\":\"2022-11-24T19:37:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0bd75e262dfad965ccdae90d4284629d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-707f018a-da83-4f87-9f7a-5d612146e441\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-11T08:47:08.203Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T19:47:37.000Z\",\"end_time\":\"2022-11-15T20:05:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c044fa761e7d041db73f5a54fc1a43b9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e04f4e88-86e5-42c5-9615-ade35abf6bcd\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:18.494Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-12T12:07:06.000Z\",\"end_time\":\"2023-07-12T12:15:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-ebe35e82bc562b5df50a1b25e7099c30\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-678535f1-fea4-4a84-99c1-75fceecbd752\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-24T03:45:57.716Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-27T13:47:47.000Z\",\"end_time\":\"2022-01-27T14:08:36.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5bbfc088705e99177493de6f0d3a5cd7\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ea9f0688-625b-46e5-838d-227bcb2eaa8b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-05T13:19:39.000Z\",\"end_time\":\"2021-08-05T13:29:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-45a51ed43f4b077ddd0311924087fd7c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-90bc5d02-91a1-443a-a680-492fd087c56f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-14T16:37:57.000Z\",\"end_time\":\"2021-09-14T16:52:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7420188d21b4b13db023a5587b3c7aa\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4d8b892e-47d6-4f2d-9d32-6f44ff9a2c69\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-24T07:47:58.979Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-28T16:26:50.000Z\",\"end_time\":\"2022-11-28T16:41:01.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-9eaef8b6b2e75b55e42fc2e7072dda8c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7874d7c5-da9d-4f16-b1fc-0b6e4a977724\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-09T15:45:01.000Z\",\"end_time\":\"2021-08-09T15:59:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-582eed5dca0044d0371407de198e8026\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-01df3d58-8144-46cb-8335-ce275527cc0f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-31T09:13:47.000Z\",\"end_time\":\"2021-08-31T09:23:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-161c62dedb5375af9b77aa8c92e98bf1\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-12c627d0-c423-4ecb-a7e6-800c93b7bc32\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-30T03:22:16.421Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-02T01:53:44.000Z\",\"end_time\":\"2022-02-02T02:14:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-54ce6c6e96474dba1c3223f887c4c52e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a0cf498e-8c27-4154-ad10-a2827a94d3c8\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T13:05:09.000Z\",\"end_time\":\"2021-06-28T13:14:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-18d3499a967805381d5ff741f6ad5d28\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-106c372f-ef01-4d3f-86c2-12a4b0027c4f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-21T14:05:36.000Z\",\"end_time\":\"2021-12-21T14:22:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-6462622fb8011601a09cb86bd46045e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-9de80af4-e6b0-460e-b319-bbdd4267953c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T08:55:02.000Z\",\"end_time\":\"2021-10-28T09:03:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9fc6a1612d405946200b8e27f17c6e4\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-11e3fe04-f6ea-4bcb-b4a6-bf0f24405627\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-05T06:05:48.246Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-09T20:59:52.000Z\",\"end_time\":\"2022-11-09T21:22:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c5441e7de65b2656fceee47c4ac3b547\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-dcf6045f-d5b0-47bd-87e1-e8fb6357299e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-21T17:42:17.000Z\",\"end_time\":\"2021-10-21T18:01:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-040f760c510edc094bf1b4c57878cc07\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c9daf6eb-626d-469a-bdb7-c048949d182d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-02T04:53:06.641Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-02-06T14:55:36.000Z\",\"end_time\":\"2023-02-06T15:33:04.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e5eeb8ab3269ae22e389bfb0c54e24fb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-64b42a32-1883-48aa-9aba-25fc05dc4f42\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-12T00:48:18.151Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-16T17:58:57.000Z\",\"end_time\":\"2022-03-16T18:24:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-614c5dbda629a16f79485e837f37d07c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-52225490-3785-477d-897b-363e84dad5a2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-19T18:15:59.000Z\",\"end_time\":\"2021-10-19T18:36:38.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5eb5a5d3b5aba303a8030f0f80bdb747\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7561c58d-683f-4037-b379-6e00e51d716f\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-16T16:15:11.000Z\",\"end_time\":\"2021-08-16T16:29:13.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81f760143d1d4774a4b3ed76df9d7ac0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85c9c3d8-391b-4eaa-9dc4-aa5f7c9d14e6\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-20T05:14:26.232Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-24T12:48:36.000Z\",\"end_time\":\"2023-01-24T13:11:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9d4404973f89bbb1041921e98cb4820\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-580a42fb-633f-4875-a052-96d589aa8aa9\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-09T21:16:27.000Z\",\"end_time\":\"2020-11-09T21:20:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a999cf5cb17033a10225641f3bd2afba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c1fb488a-b373-486a-9020-1f4f8f72c90b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-18T18:44:08.000Z\",\"end_time\":\"2021-10-18T19:04:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3c6bef8cc3cbf26dc99ae77b39797bb5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-46c6e7ad-bd72-486e-a60d-b1ec4afd8720\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-06T18:09:48.131Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-09T14:09:35.000Z\",\"end_time\":\"2022-02-09T14:26:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-e79efbaf99d11c3cf6f2e81fb99eaca2\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d54f9c6a-bfc7-40f5-9c81-a00f733fdbc4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:36:52.000Z\",\"end_time\":\"2020-11-24T08:43:31.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.23\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-361043887560397b6c283da4c5aebd2a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d8b02ed5-2c15-4154-868c-978d9a0793bc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-12-26T05:50:02.749Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-09-01T12:46:28.000Z\",\"end_time\":\"2023-09-01T12:53:34.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fefbc448127d7cfb9b187591576063b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2f99232c-6713-4e61-b731-10c345017b9a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-16T07:45:13.000Z\",\"end_time\":\"2021-07-16T07:55:42.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-da10f77e1e98e50e6d1f44ee9fc16e96\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0656524e-f3b9-4257-94e9-1d21341ae845\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-05T16:12:44.000Z\",\"end_time\":\"2021-10-05T16:21:45.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8461b50008f3d92cf6a2597b05db631b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-705533b7-be36-45eb-957c-ee688fd63fc6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-05T19:20:07.000Z\",\"end_time\":\"2020-10-05T19:29:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-07a0745863ae2771acd327d8a07332fe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6fd90d8b-9bb6-403c-9032-673f1cad79d0\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-15T15:54:11.000Z\",\"end_time\":\"2021-11-15T16:10:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-329c6fcf6be6340581fa856f39772ecd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7130e3d0-d15b-4756-9d72-ede374048677\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-31T21:58:47.383Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-05T20:39:18.000Z\",\"end_time\":\"2022-04-05T20:49:35.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aab2cfc797b4fde3f9b6925d994e8c3b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2687d0f4-0933-4ca9-bae5-7a4a3529e9aa\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-28T13:03:26.000Z\",\"end_time\":\"2021-12-28T13:19:59.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-459e47c7c53d89b86a31f5c6df11e03d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-76b70ee3-ec52-4056-98f9-2e2670d6de6e\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-07-16T21:57:10.891Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-03-21T21:55:05.000Z\",\"end_time\":\"2022-03-21T22:05:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf76f600a2af2c19f32d425520e94cfe\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-22dcfd67-4676-4365-9392-4609fed75438\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-25T15:05:00.000Z\",\"end_time\":\"2021-10-25T15:13:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-fd11120571777e118f1192cdae4759e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-025a2a02-2739-4658-a3b2-f47c6b0868d6\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-13T17:28:29.000Z\",\"end_time\":\"2021-10-13T17:42:56.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-df9bc0c3-7f19-4140-8801-9ee753aeef3a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-30T20:15:53.000Z\",\"end_time\":\"2021-12-30T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aadbe6f0058a6896ec57e5749315bb1e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-5e68db4d-f8c2-433d-ae0b-c2a5b5b09646\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-05-19T05:37:22.263Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-01-23T12:24:25.000Z\",\"end_time\":\"2023-01-23T12:40:12.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-33ebba9322b30f9bbce4cea352705745\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3309bcdf-a7a3-43ff-90fc-2cb7e2090866\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-15T15:43:17.000Z\",\"end_time\":\"2020-10-15T15:47:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-81338238071dd3ce8ca2343b8507596d\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2df1efdd-9758-4fab-94d0-b96637d54806\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-25T22:26:55.407Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-28T17:00:09.000Z\",\"end_time\":\"2022-02-28T17:09:27.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5873abbe7447ddd282bcad3a1c688771\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ddf8b857-32b0-4429-b3e5-bf376e2fe56c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-04T17:22:53.000Z\",\"end_time\":\"2021-08-04T17:36:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-440c401604feb297a4b8c6d3574bd03a\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-85f88373-ada3-4b3d-8097-f046b0ea79da\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-12T08:04:19.000Z\",\"end_time\":\"2021-07-12T08:14:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2e329216a9df995e09f6406f8b732993\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d0c7736f-99fb-4cd9-8021-abd692062a07\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T16:41:48.000Z\",\"end_time\":\"2020-11-06T16:46:30.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.14\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d8ba36bb037564ce1b0cd5aea1098cf9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d1d53d33-e68f-4389-ba44-a2048fdb39c2\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-01-30T14:33:06.796Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-05T17:22:41.000Z\",\"end_time\":\"2022-10-05T17:44:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.19\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-5cd84a69396b3aa4663e5f606b3cdf0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-3e11682d-e028-4621-b9bd-25420aaf7493\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-11-25T01:45:30.365Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-07-12T12:06:56.000Z\",\"end_time\":\"2023-07-12T12:15:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-aa8a5bcb0e269613fb2a9cb48a113876\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d9f28679-e119-4c3f-9742-7bb9a008d91c\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-01T12:41:24.000Z\",\"end_time\":\"2021-09-01T12:51:26.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-4e84062e-6143-4f4c-b151-1386205106fb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.265Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-10T14:36:32.000Z\",\"end_time\":\"2022-02-10T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-900e5e345e8193b84b808e2bf0fa16e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-20873d24-15af-4359-942a-df8a0050573d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-11T21:55:21.000Z\",\"end_time\":\"2020-12-11T22:01:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8ea936a6774ff4698a0dff83cb6a7867\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-37debbdd-c786-4976-bc13-6c619be41d76\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-04T12:17:02.000Z\",\"end_time\":\"2021-11-04T12:27:40.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-c9be836d29a8f3e0ed38f19eeb8cc661\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-34c259b4-1fe1-4273-8e50-b00a5f2b4419\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-06-07T21:20:34.411Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-02-10T14:36:32.000Z\",\"end_time\":\"2022-02-10T14:53:15.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-abda7ac4b9368db5a5c69e7a17416ba5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-f14e53d0-20d4-4700-a2c6-fabb66a5edc2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-17T14:08:15.000Z\",\"end_time\":\"2021-06-17T14:16:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f7158eeb685bac46d2d089ca589c5318\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-771d51da-4071-4c3e-b45a-812cfbe9880a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-12-30T20:15:53.000Z\",\"end_time\":\"2021-12-30T20:30:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-48fed39715f044591724bed44dc49f35\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a125bb3a-6769-46a6-9929-e69694d427c5\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-28T08:48:33.000Z\",\"end_time\":\"2021-10-28T08:58:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3697d2f343a2e37c54b926ffc4fc7461\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-fcf6fba6-6b0a-4f51-8e2b-385846922672\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-23T16:31:46.000Z\",\"end_time\":\"2021-06-23T16:45:51.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f00166203cc58f37db87fe71969ad23c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2c34a3bc-8a34-4538-94ac-757310306143\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-01T19:41:08.000Z\",\"end_time\":\"2020-11-01T19:49:48.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-cf3c8f6b69c027f27e3727b6673a3237\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-0e1f6a68-ff07-4d2b-91d3-6bd9ae7d75c4\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-25T13:43:50.000Z\",\"end_time\":\"2021-10-25T14:04:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-d5361bdf9f7e2619d7180b326305055e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e13c0720-ae4a-4349-ac73-ed22c5423893\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T14:06:02.000Z\",\"end_time\":\"2021-06-28T14:26:02.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7070dd836f1266934eba51c07422ff0c\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-54aa0cd7-0f89-42a4-8066-406b6df28f0e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-25T04:27:39.000Z\",\"end_time\":\"2020-12-25T04:36:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-8b3b8e08b9a12fb5d4a2a78e936127b3\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-591dfb50-5bf5-4446-81b6-fc0163df89ec\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-06T16:41:47.000Z\",\"end_time\":\"2020-11-06T16:46:29.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-b2766fa8cd69a03e2c332abf838bdb3f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-74f07b0e-0245-4131-b4d8-577f39b52cbf\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-13T11:23:59.000Z\",\"end_time\":\"2021-07-13T11:32:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-be7c5b569cb74eb04c577b68a13e4fda\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e80bb81f-decf-408d-a50d-1d0239cb4a0e\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-19T16:27:52.000Z\",\"end_time\":\"2021-07-19T16:41:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0445534795da304113a1d18b330d0acb\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-323b2c66-96f3-49ce-bf7b-c549306ee521\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-12-07T20:41:28.000Z\",\"end_time\":\"2020-12-07T20:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-38de421c1eace15dc5211066a8978488\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-30bb7f60-1b5c-44bc-8c9c-972034f7ea87\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-16T16:42:43.000Z\",\"end_time\":\"2021-07-16T17:03:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-831f917866630085e85c7262f5a8dd0e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-6a89d429-7f1f-4446-8ae8-7f2d529ff9bb\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-18T05:29:25.057Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-22T17:52:51.000Z\",\"end_time\":\"2022-11-22T18:04:19.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-2fdbe8cc2fb6c28ce264b6e2460406ca\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8195773c-9f8c-46e7-9de8-c345b1b01804\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-01-14T00:21:20.000Z\",\"end_time\":\"2021-01-14T00:31:07.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-02b2eb94a8e359fedbfab93f564046e6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7d602aa1-04a1-48fa-a708-3ee6510e4d76\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-09-27T07:46:55.000Z\",\"end_time\":\"2021-09-27T07:56:50.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-72e42c51b430a9773587d712679f493f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ee09afaf-8b06-4cc3-92b5-35008e7221f7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-21T16:55:23.000Z\",\"end_time\":\"2020-10-21T16:59:21.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-77f8083ab7f37854dc327b96cd8a83c9\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-c650af4a-0685-4d52-b741-86b96eb70c40\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T17:59:15.000Z\",\"end_time\":\"2021-06-28T18:12:06.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-4c7f39a0d9e2e7345a6584369ebed9df\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-d6d6e8a3-57e5-4a03-b382-493b7794d496\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-27T16:34:04.000Z\",\"end_time\":\"2021-07-27T16:48:10.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3abc1aece07243f578cdf080c88707e5\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-a3f6e62e-a2b6-4a62-add0-8f322946aaf7\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-05-09T17:40:55.571Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-01-12T15:27:30.000Z\",\"end_time\":\"2022-01-12T15:48:28.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-a32fadde91bc210cc020097a48b5799b\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-014c6359-2b6b-4e45-9e45-372e3700e36d\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-07-18T07:15:49.440Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-24T14:55:02.000Z\",\"end_time\":\"2023-03-24T15:11:41.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-95a0cca274f886726d0228e3c8249446\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-08298ca2-af15-4dfb-a969-fc0a582c81f3\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-06-28T15:48:24.000Z\",\"end_time\":\"2021-06-28T16:08:49.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-f489dacdb747ea733a4a8ea91a1678ba\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-558b8d53-e78d-4baf-a7f1-f7a2e6272d20\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-18T18:28:17.000Z\",\"end_time\":\"2020-11-18T18:35:55.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-49eba74c4c65fea92943dafcc9c3e281\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-aa92d487-e097-4998-8968-349c7b497897\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-11T16:22:11.000Z\",\"end_time\":\"2021-11-11T16:41:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.11\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-7d8ec9066482428eec4357deebfde0d6\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-015be142-56ba-49b7-b3d6-2b305141fedc\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2019-08-02T14:15:15.824Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-04-07T17:17:06.000Z\",\"end_time\":\"2022-04-07T17:23:16.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-83edd7f6e489f4db9c324d7a55d5bf6f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-620c8d59-3dbb-4835-aecb-a3af44071c8d\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-10-15T15:47:58.000Z\",\"end_time\":\"2020-10-15T15:51:57.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-104fdd3a7b6735940a061217a1a2870f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-1a0eea14-dc2b-4eda-bb9c-b42c2819bb7c\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-03-16T07:10:42.666Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-20T20:35:53.000Z\",\"end_time\":\"2022-11-20T20:53:44.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.8\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-73b2b49cc3c97e3de4b2969fa0ef852f\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-e60b840d-d7e0-4c71-9833-78201de0d3c7\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-10-14T07:23:34.000Z\",\"end_time\":\"2021-10-14T07:38:09.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.9\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-0a32e8d5ac10c5a1750c62880e9946e0\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-bca11019-6769-4ad8-8062-d6e186416b7a\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-11-16T08:05:23.000Z\",\"end_time\":\"2021-11-16T08:21:24.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-decb8b9ca273839b23592123ccc9c216\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-ebfd4285-1b13-47d3-8a91-1452af7443e2\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-24T08:36:41.000Z\",\"end_time\":\"2020-11-24T08:43:33.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.16\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-04287f919a3def5f1d2bd9eecfc2ffac\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-2d74708a-4bd3-43e0-ad0b-01b9f79adcc6\",\"count\":1,\"tlp\":\"green\",\"timestamp\":\"2020-06-25T00:20:34.857Z\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-03-01T04:56:32.000Z\",\"end_time\":\"2023-03-01T05:00:03.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.0\",\"relations\":[],\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-eb00b006329e50beb56d36e711a4d127\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-639194c0-596e-44fe-ada5-077ae39455ac\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-11-16T15:33:10.000Z\",\"end_time\":\"2020-11-16T15:39:54.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-3381fc9baf8e6e7a24e6ff9ab28d5ddd\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-8b30e35a-f457-4608-a2bd-fc473dbd0483\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-07-01T09:21:21.000Z\",\"end_time\":\"2021-07-01T09:31:22.000Z\"}},{\"description\":\"AMP Threat Grid Sample Analysis\",\"schema_version\":\"1.0.4\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"AMP Threat Grid File Dispositions\",\"external_ids\":[\"TG-file-sighting-de8f372d27de40bb198879437c30ec4e\"],\"source_uri\":\"https://panacea.threatgrid.com/artifacts/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa\",\"id\":\"https://intel.amp.cisco.com:443/ctia/sighting/sighting-7bce8c41-0a5c-4fcf-b8db-1b02e803f44b\",\"count\":1,\"tlp\":\"green\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2021-08-18T08:25:02.000Z\",\"end_time\":\"2021-08-18T08:33:04.000Z\"}}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:05:34.000Z\",\"end_time\":\"2023-11-10T09:05:34.000Z\"},\"producer\":\"Jane Ginn\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WannaCry\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-11T09:05:34.000Z\",\"end_time\":\"2023-11-10T09:05:34.000Z\"},\"producer\":\"Nick Bradley\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"WCry2 Ransomware Outbreak\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-6925f0a5-7ea1-5ab7-b76f-ec4801a6665f\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"id\":\"transient:relationship-876e0dfc-5a91-41d4-9e3a-c84a97a624a0\",\"relationship_type\":\"member-of\"},{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-565ba63f-407c-5d48-8b0c-00205b7829e3\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"id\":\"transient:relationship-36ea4478-230f-4173-8063-99effc0fa137\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WCry2 Ransomware Outbreak\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"id\":\"transient:sighting-42ce168a-6719-5a49-be15-03d7edbe4dc0\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2020-02-04T15:29:21.215Z\",\"end_time\":\"2020-02-04T15:29:21.215Z\"}},{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467\",\"type\":\"sha1\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"62eece6bd7e7399a7366cd5d8e910182\",\"8b186bc4459380a5606c322ee20c7729\"],\"title\":\"Contained in Collection: WannaCry\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"external_id\":\"62eece6bd7e7399a7366cd5d8e910182\"},{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/WCry2 Ransomware Outbreak-8b186bc4459380a5606c322ee20c7729\",\"external_id\":\"8b186bc4459380a5606c322ee20c7729\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/WannaCry-62eece6bd7e7399a7366cd5d8e910182\",\"id\":\"transient:sighting-a208cbfa-711e-50c3-ad82-701e3136500f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-07T19:42:53.350Z\",\"end_time\":\"2022-10-07T19:42:53.350Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-52c6fd37\",\"uuid\":\"6c40bfba-e788-47ca-b267-3cfa6894de1f\"}]", "short_description": "Snapshot @ 20210203 09:05:53", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-efd07322-e0b8-45e1-a92e-6c9bfc9ea917", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:06:02.273Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-SHA256.json b/IBM_X-Force/Snapshot-with-SHA256.json
index 3d8d864d..544623ab 100644
--- a/IBM_X-Force/Snapshot-with-SHA256.json
+++ b/IBM_X-Force/Snapshot-with-SHA256.json
@@ -1 +1 @@
-{"description": "IBM X-Force SHA256 Unknown", "schema_version": "1.0.23", "type": "investigation", "search-txt": "sha256:\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":3003105000.000687,\"updated-perf\":3003110000.0005608,\"type\":\"collect\",\"created\":\"2021-02-03T09:46:38.065Z\",\"state\":\"ok\",\"arg\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"result\":[{\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"type\":\"sha256\"}],\"id\":\"collect-f808b1c1\",\"uuid\":\"5738d40c-f711-4ce2-af2c-711de710371a\"},{\"created-perf\":7042065000.000548,\"updated-perf\":7042065000.000548,\"type\":\"investigate\",\"created\":\"2021-02-03T09:46:42.104Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\"},\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]},\"judgements\":{\"count\":0,\"docs\":[]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:46:39.000Z\",\"end_time\":\"2023-11-03T09:46:39.000Z\"},\"producer\":\"IBM X-Force\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"guid:6861e492801e939401389febcf4da062\"],\"title\":\"XorDDoS Analysis Report\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"external_id\":\"guid:6861e492801e939401389febcf4da062\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"id\":\"transient:indicator-2bb1dcad-1d5a-522b-985b-1808027a9c9c\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-2bb1dcad-1d5a-522b-985b-1808027a9c9c\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e3a7e519-7d15-52c8-b353-c15766e9fd2f\",\"id\":\"transient:relationship-c7979bde-630f-4bff-a271-764c7e709183\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"guid:6861e492801e939401389febcf4da062\"],\"title\":\"Contained in Collection: XorDDoS Analysis Report\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"external_id\":\"guid:6861e492801e939401389febcf4da062\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"id\":\"transient:sighting-e3a7e519-7d15-52c8-b353-c15766e9fd2f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-05-04T08:21:09.000Z\",\"end_time\":\"2023-05-04T08:21:09.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-c2c86434\",\"uuid\":\"1d183dc9-2b27-46c6-94ee-954f8ffc4144\"}]", "short_description": "Snapshot @ 20210203 09:48:36", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-6b5d22dd-bf52-4866-9a07-442b4d03534e", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:49:01.899Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force SHA256 Unknown", "schema_version": "1.0.23", "type": "investigation", "search-txt": "sha256:\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":3003105000.000687,\"updated-perf\":3003110000.0005608,\"type\":\"collect\",\"created\":\"2021-02-03T09:46:38.065Z\",\"state\":\"ok\",\"arg\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"result\":[{\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"type\":\"sha256\"}],\"id\":\"collect-f808b1c1\",\"uuid\":\"5738d40c-f711-4ce2-af2c-711de710371a\"},{\"created-perf\":7042065000.000548,\"updated-perf\":7042065000.000548,\"type\":\"investigate\",\"created\":\"2021-02-03T09:46:42.104Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\"},\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]},\"judgements\":{\"count\":0,\"docs\":[]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:46:39.000Z\",\"end_time\":\"2023-11-10T09:46:39.000Z\"},\"producer\":\"IBM X-Force\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"guid:6861e492801e939401389febcf4da062\"],\"title\":\"XorDDoS Analysis Report\",\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"external_id\":\"guid:6861e492801e939401389febcf4da062\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"id\":\"transient:indicator-2bb1dcad-1d5a-522b-985b-1808027a9c9c\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-2bb1dcad-1d5a-522b-985b-1808027a9c9c\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-e3a7e519-7d15-52c8-b353-c15766e9fd2f\",\"id\":\"transient:relationship-c7979bde-630f-4bff-a271-764c7e709183\",\"relationship_type\":\"member-of\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"f7beb7acc7510ddf7d02ba5406527c4c37cdcee937bae50cc997b3557c5578c4\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"external_ids\":[\"guid:6861e492801e939401389febcf4da062\"],\"title\":\"Contained in Collection: XorDDoS Analysis Report\",\"internal\":false,\"external_references\":[{\"source_name\":\"IBM X-Force Exchange\",\"url\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"external_id\":\"guid:6861e492801e939401389febcf4da062\"}],\"source_uri\":\"https://exchange.xforce.ibmcloud.com/collection/XorDDoS Analysis Report-guid:6861e492801e939401389febcf4da062\",\"id\":\"transient:sighting-e3a7e519-7d15-52c8-b353-c15766e9fd2f\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-05-11T08:21:09.000Z\",\"end_time\":\"2023-05-11T08:21:09.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-c2c86434\",\"uuid\":\"1d183dc9-2b27-46c6-94ee-954f8ffc4144\"}]", "short_description": "Snapshot @ 20210203 09:48:36", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-6b5d22dd-bf52-4866-9a07-442b4d03534e", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:49:01.899Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/IBM_X-Force/Snapshot-with-URL.json b/IBM_X-Force/Snapshot-with-URL.json
index 47a2c898..3826adf4 100644
--- a/IBM_X-Force/Snapshot-with-URL.json
+++ b/IBM_X-Force/Snapshot-with-URL.json
@@ -1 +1 @@
-{"description": "IBM X-Force URL Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "url:\"https://digisails.org/qzcxjq76.rar\"\ndomain:\"digisails.org\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":5332829999.999376,\"updated-perf\":5332835000.000159,\"type\":\"collect\",\"created\":\"2021-02-03T09:21:03.826Z\",\"state\":\"ok\",\"arg\":\"https://digisails.org/qzcxjq76.rar\",\"result\":[{\"value\":\"digisails.org\",\"type\":\"domain\"},{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"}],\"id\":\"collect-e916583e\",\"uuid\":\"64e5e692-9a54-4c9a-b1d4-064db062a81a\"},{\"created-perf\":8067390000.000159,\"updated-perf\":8067395000.000033,\"type\":\"investigate\",\"created\":\"2021-02-03T09:21:06.560Z\",\"state\":\"ok\",\"arg\":{\"type\":\"url\",\"value\":\"https://digisails.org/qzcxjq76.rar\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"judgement_id\":\"transient:c158a34b-5c22-4de8-9850-79e5c7670283\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.161Z\",\"end_time\":\"2023-11-03T09:21:04.161Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.161Z\",\"end_time\":\"2023-11-03T09:21:04.161Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=https%3A%2F%2Fdigisails.org%2Fqzcxjq76.rar\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:c158a34b-5c22-4de8-9850-79e5c7670283\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"True\"],\"valid_time\":{\"start_time\":\"2023-10-04T09:21:05.000Z\",\"end_time\":\"2023-11-03T09:21:05.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Malware\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/https://digisails.org/qzcxjq76.rar\",\"id\":\"transient:indicator-c002281e-3419-54b9-b1cd-703caeaf5b8e\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:05.000Z\",\"end_time\":\"2023-11-03T09:21:05.000Z\"}}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-c002281e-3419-54b9-b1cd-703caeaf5b8e\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-b78d83ed-3716-550c-bd30-af8e64c60ba9\",\"id\":\"transient:relationship-21676d56-4934-42b2-ada6-a5c268eb7aef\",\"relationship_type\":\"sighting-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:21:05.000Z\",\"end_time\":\"2023-10-11T09:21:05.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-fca4b2eb-8016-475d-8639-fb158f067777\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Malware\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/https://digisails.org/qzcxjq76.rar\",\"id\":\"transient:sighting-b78d83ed-3716-550c-bd30-af8e64c60ba9\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T09:21:05.000Z\",\"end_time\":\"2023-10-04T09:21:05.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-7ffd2e7d\",\"uuid\":\"4a88fb3c-8669-4cf4-a571-ed3bf4cbd8a4\"},{\"created-perf\":8404854999.99977,\"updated-perf\":8404854999.99977,\"type\":\"investigate\",\"created\":\"2021-02-03T09:21:06.898Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"digisails.org\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"judgement_id\":\"transient:ca1c9c78-068a-44d4-870d-22bba1fdebdc\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.181Z\",\"end_time\":\"2023-11-03T09:21:04.181Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.181Z\",\"end_time\":\"2023-11-03T09:21:04.181Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=digisails.org\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:ca1c9c78-068a-44d4-870d-22bba1fdebdc\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"IPv4 addresses that digisails.org resolves to\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"103.50.162.157\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.11\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.15\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.21\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.22\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.23\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.6\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.7\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.74\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.10\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.15\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.20\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.22\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.29\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.78\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.8\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.9\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"digisails.org\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"SecurityTrails\",\"title\":\"Found in SecurityTrails\",\"internal\":false,\"source_uri\":\"https://securitytrails.com/domain/digisails.org/dns\",\"id\":\"transient:sighting-47b1dd8b-0016-407a-b253-f382d8b029e7\",\"count\":18,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-04T09:21:06.000Z\",\"end_time\":\"2023-10-04T09:21:06.000Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.000Z\",\"end_time\":\"2023-11-03T09:21:04.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-04T09:21:04.000Z\",\"end_time\":\"2023-10-11T09:21:04.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":5,\"disposition_name\":\"Unknown\",\"priority\":85,\"id\":\"transient:judgement-b9df64d9-134f-465c-9170-29d688bccb4f\",\"severity\":\"Unknown\",\"confidence\":\"High\"}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-80bb5b12\",\"uuid\":\"b4e1902b-0966-46c2-85d7-35ce4f492970\"},{\"created-perf\":16226490000.000013,\"updated-perf\":16226490000.000013,\"type\":\"deliberate\",\"created\":\"2021-02-03T09:21:14.720Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"184.168.221.17\"},{\"type\":\"ip\",\"value\":\"184.168.221.22\"},{\"type\":\"ip\",\"value\":\"50.63.202.20\"},{\"type\":\"ip\",\"value\":\"103.50.162.157\"},{\"type\":\"ip\",\"value\":\"184.168.221.74\"},{\"type\":\"ip\",\"value\":\"184.168.221.23\"},{\"type\":\"ip\",\"value\":\"184.168.221.7\"},{\"type\":\"ip\",\"value\":\"50.63.202.8\"},{\"type\":\"ip\",\"value\":\"184.168.221.11\"},{\"type\":\"ip\",\"value\":\"184.168.221.21\"},{\"type\":\"ip\",\"value\":\"184.168.221.6\"},{\"type\":\"ip\",\"value\":\"50.63.202.78\"},{\"type\":\"ip\",\"value\":\"50.63.202.10\"},{\"type\":\"ip\",\"value\":\"50.63.202.29\"},{\"type\":\"ip\",\"value\":\"50.63.202.22\"},{\"type\":\"ip\",\"value\":\"184.168.221.15\"},{\"type\":\"ip\",\"value\":\"50.63.202.9\"},{\"type\":\"ip\",\"value\":\"50.63.202.15\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-9968f16b-398c-4f36-a924-185d8ce46b2a\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-05T00:07:06.476Z\",\"end_time\":\"2023-10-05T00:07:06.476Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"APIVoid\",\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"verdicts\":{\"count\":18,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.23\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.21\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.10\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.74\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.20\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.29\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.22\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"184.168.221.15\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"184.168.221.11\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.7\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.6\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.15\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.78\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.22\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:11.000Z\",\"end_time\":\"2023-11-03T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"103.50.162.157\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:12.000Z\",\"end_time\":\"2023-11-03T09:21:12.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.8\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:10.000Z\",\"end_time\":\"2023-11-03T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.9\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-04T09:21:14.000Z\",\"end_time\":\"2023-11-03T09:21:14.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-63865b6\",\"uuid\":\"c100aa81-ed0a-4b04-b6b4-e7bafbbbf148\"},{\"uuid\":\"36057e40-03e7-40c0-85e9-bc2d9c93efc2\",\"id\":\"aggregate-2e7318e\",\"state\":\"new\",\"created\":\"2021-02-03T09:21:15.056Z\",\"created-perf\":16562675000.000126,\"updated-perf\":16562675000.000126,\"type\":\"aggregate\",\"arg\":{\"aggregate\":true}}]", "short_description": "Snapshot @ 20210203 09:21:56", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-04994812-12c9-4656-9714-1abc0e1fda61", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:22:06.383Z", "nodePositions": {"9f179197": {"x": -124.80554589788862, "y": 206.37358761908396, "id": "9f179197"}, "6ca8119": {"x": 369.6255412501319, "y": -576.7749617619338, "id": "6ca8119"}, "26f7b07d": {"x": 14.965005678484097, "y": 200.30838217419515, "id": "26f7b07d"}, "579549ff": {"x": -60.15152378637541, "y": 82.27801452164518, "id": "579549ff"}, "175a49b0": {"x": -199.9336218885314, "y": 88.35362116425057, "id": "175a49b0"}}, "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "IBM X-Force URL Malicious", "schema_version": "1.0.23", "type": "investigation", "search-txt": "url:\"https://digisails.org/qzcxjq76.rar\"\ndomain:\"digisails.org\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":5332829999.999376,\"updated-perf\":5332835000.000159,\"type\":\"collect\",\"created\":\"2021-02-03T09:21:03.826Z\",\"state\":\"ok\",\"arg\":\"https://digisails.org/qzcxjq76.rar\",\"result\":[{\"value\":\"digisails.org\",\"type\":\"domain\"},{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"}],\"id\":\"collect-e916583e\",\"uuid\":\"64e5e692-9a54-4c9a-b1d4-064db062a81a\"},{\"created-perf\":8067390000.000159,\"updated-perf\":8067395000.000033,\"type\":\"investigate\",\"created\":\"2021-02-03T09:21:06.560Z\",\"state\":\"ok\",\"arg\":{\"type\":\"url\",\"value\":\"https://digisails.org/qzcxjq76.rar\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"judgement_id\":\"transient:c158a34b-5c22-4de8-9850-79e5c7670283\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.161Z\",\"end_time\":\"2023-11-10T09:21:04.161Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.161Z\",\"end_time\":\"2023-11-10T09:21:04.161Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=https%3A%2F%2Fdigisails.org%2Fqzcxjq76.rar\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:c158a34b-5c22-4de8-9850-79e5c7670283\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"tags\":[\"True\"],\"valid_time\":{\"start_time\":\"2023-10-11T09:21:05.000Z\",\"end_time\":\"2023-11-10T09:21:05.000Z\"},\"producer\":\"IBM X-Force Exchange\",\"schema_version\":\"1.0.22\",\"type\":\"indicator\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Malware\",\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/https://digisails.org/qzcxjq76.rar\",\"id\":\"transient:indicator-c002281e-3419-54b9-b1cd-703caeaf5b8e\",\"confidence\":\"High\"}]},\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:05.000Z\",\"end_time\":\"2023-11-10T09:21:05.000Z\"}}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"target_ref\":\"transient:indicator-c002281e-3419-54b9-b1cd-703caeaf5b8e\",\"type\":\"relationship\",\"source_ref\":\"transient:sighting-b78d83ed-3716-550c-bd30-af8e64c60ba9\",\"id\":\"transient:relationship-21676d56-4934-42b2-ada6-a5c268eb7aef\",\"relationship_type\":\"sighting-of\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:21:05.000Z\",\"end_time\":\"2023-10-18T09:21:05.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":2,\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-fca4b2eb-8016-475d-8639-fb158f067777\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.22\",\"observables\":[{\"value\":\"https://digisails.org/qzcxjq76.rar\",\"type\":\"url\"}],\"type\":\"sighting\",\"source\":\"IBM X-Force Exchange\",\"title\":\"Malware\",\"internal\":false,\"source_uri\":\"https://exchange.xforce.ibmcloud.com/url/https://digisails.org/qzcxjq76.rar\",\"id\":\"transient:sighting-b78d83ed-3716-550c-bd30-af8e64c60ba9\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T09:21:05.000Z\",\"end_time\":\"2023-10-11T09:21:05.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-7ffd2e7d\",\"uuid\":\"4a88fb3c-8669-4cf4-a571-ed3bf4cbd8a4\"},{\"created-perf\":8404854999.99977,\"updated-perf\":8404854999.99977,\"type\":\"investigate\",\"created\":\"2021-02-03T09:21:06.898Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"digisails.org\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"judgement_id\":\"transient:ca1c9c78-068a-44d4-870d-22bba1fdebdc\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.181Z\",\"end_time\":\"2023-11-10T09:21:04.181Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.181Z\",\"end_time\":\"2023-11-10T09:21:04.181Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":2,\"reason\":\"Poor Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=digisails.org\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:ca1c9c78-068a-44d4-870d-22bba1fdebdc\",\"severity\":\"High\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"SecurityTrails\",\"module_instance_id\":\"6e906027-29c3-44db-a2a2-af3abba0c269\",\"module_type_id\":\"80b90eb0-a856-4251-b857-ab9ebdf917ae\",\"data\":{\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"IPv4 addresses that digisails.org resolves to\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"103.50.162.157\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.11\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.15\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.21\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.22\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.23\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.6\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.7\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"184.168.221.74\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.10\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.15\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.20\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.22\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.29\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.78\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.8\",\"type\":\"ip\"}},{\"origin\":\"SecurityTrails Enrichment Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"related\":{\"value\":\"50.63.202.9\",\"type\":\"ip\"}}],\"observables\":[{\"value\":\"digisails.org\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"SecurityTrails\",\"title\":\"Found in SecurityTrails\",\"internal\":false,\"source_uri\":\"https://securitytrails.com/domain/digisails.org/dns\",\"id\":\"transient:sighting-47b1dd8b-0016-407a-b253-f382d8b029e7\",\"count\":18,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2023-10-11T09:21:06.000Z\",\"end_time\":\"2023-10-11T09:21:06.000Z\"}}]}}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.000Z\",\"end_time\":\"2023-11-10T09:21:04.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-11T09:21:04.000Z\",\"end_time\":\"2023-10-18T09:21:04.000Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"digisails.org\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"IBM X-Force Exchange\",\"disposition\":5,\"disposition_name\":\"Unknown\",\"priority\":85,\"id\":\"transient:judgement-b9df64d9-134f-465c-9170-29d688bccb4f\",\"severity\":\"Unknown\",\"confidence\":\"High\"}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /observe/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"},{\"module_instance_id\":\"4dc06f5c-a85d-4e79-9a72-d86901169b87\",\"module_type_id\":\"44606d8d-fc66-4ac7-815b-4448e096180f\",\"code\":\"invalid-json-response\",\"message\":\"The server response is not properly JSON encoded\",\"type\":\"fatal\",\"module\":\"Pulsedive\"}]},\"id\":\"investigate-80bb5b12\",\"uuid\":\"b4e1902b-0966-46c2-85d7-35ce4f492970\"},{\"created-perf\":16226490000.000013,\"updated-perf\":16226490000.000013,\"type\":\"deliberate\",\"created\":\"2021-02-03T09:21:14.720Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"184.168.221.17\"},{\"type\":\"ip\",\"value\":\"184.168.221.22\"},{\"type\":\"ip\",\"value\":\"50.63.202.20\"},{\"type\":\"ip\",\"value\":\"103.50.162.157\"},{\"type\":\"ip\",\"value\":\"184.168.221.74\"},{\"type\":\"ip\",\"value\":\"184.168.221.23\"},{\"type\":\"ip\",\"value\":\"184.168.221.7\"},{\"type\":\"ip\",\"value\":\"50.63.202.8\"},{\"type\":\"ip\",\"value\":\"184.168.221.11\"},{\"type\":\"ip\",\"value\":\"184.168.221.21\"},{\"type\":\"ip\",\"value\":\"184.168.221.6\"},{\"type\":\"ip\",\"value\":\"50.63.202.78\"},{\"type\":\"ip\",\"value\":\"50.63.202.10\"},{\"type\":\"ip\",\"value\":\"50.63.202.29\"},{\"type\":\"ip\",\"value\":\"50.63.202.22\"},{\"type\":\"ip\",\"value\":\"184.168.221.15\"},{\"type\":\"ip\",\"value\":\"50.63.202.9\"},{\"type\":\"ip\",\"value\":\"50.63.202.15\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-9968f16b-398c-4f36-a924-185d8ce46b2a\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-09-12T00:07:06.476Z\",\"end_time\":\"2023-10-12T00:07:06.476Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"APIVoid\",\"module_instance_id\":\"786b0472-3e25-4499-a796-4682a6b98df5\",\"module_type_id\":\"7564fde0-5d68-49a3-b195-54ebc215754b\",\"data\":{}},{\"module\":\"IBM X-Force Exchange\",\"module_instance_id\":\"a5735994-e2ed-40d5-bb77-c381e270706a\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{\"verdicts\":{\"count\":18,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.23\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.21\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.17\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.10\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.74\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.20\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.29\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.22\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"184.168.221.15\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"184.168.221.11\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.7\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.6\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.15\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.78\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"184.168.221.22\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:11.000Z\",\"end_time\":\"2023-11-10T09:21:11.000Z\"}},{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"103.50.162.157\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:12.000Z\",\"end_time\":\"2023-11-10T09:21:12.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.8\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:10.000Z\",\"end_time\":\"2023-11-10T09:21:10.000Z\"}},{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"50.63.202.9\",\"type\":\"ip\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-10-11T09:21:14.000Z\",\"end_time\":\"2023-11-10T09:21:14.000Z\"}}]}}}],\"errors\":[{\"module_instance_id\":\"2ee56aba-c4f3-4863-8814-15e6712a9cf6\",\"module_type_id\":\"bb2689d9-c9f2-4d45-b5a3-7ed006a0709f\",\"code\":\"client-error\",\"message\":\"There was a client error in the module: {:message \\\"Forbidden\\\"} [403]\",\"type\":\"error\",\"module\":\"Palo Alto AutoFocus relay\"},{\"module_instance_id\":\"3e613872-8a0e-43cb-88b3-3acf41263dc6\",\"module_type_id\":\"2fdd8988-4b4c-4114-adf9-36dacce4c103\",\"code\":\"malformed-api-url\",\"message\":\"Malformed API URL /deliberate/observables\",\"type\":\"fatal\",\"module\":\"Tokio1\"}]},\"id\":\"deliberate-63865b6\",\"uuid\":\"c100aa81-ed0a-4b04-b6b4-e7bafbbbf148\"},{\"uuid\":\"36057e40-03e7-40c0-85e9-bc2d9c93efc2\",\"id\":\"aggregate-2e7318e\",\"state\":\"new\",\"created\":\"2021-02-03T09:21:15.056Z\",\"created-perf\":16562675000.000126,\"updated-perf\":16562675000.000126,\"type\":\"aggregate\",\"arg\":{\"aggregate\":true}}]", "short_description": "Snapshot @ 20210203 09:21:56", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-04994812-12c9-4656-9714-1abc0e1fda61", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2021-02-03T09:22:06.383Z", "nodePositions": {"9f179197": {"x": -124.80554589788862, "y": 206.37358761908396, "id": "9f179197"}, "6ca8119": {"x": 369.6255412501319, "y": -576.7749617619338, "id": "6ca8119"}, "26f7b07d": {"x": 14.965005678484097, "y": 200.30838217419515, "id": "26f7b07d"}, "579549ff": {"x": -60.15152378637541, "y": 82.27801452164518, "id": "579549ff"}, "175a49b0": {"x": -199.9336218885314, "y": 88.35362116425057, "id": "175a49b0"}}, "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file