{"Event":{"info":"OSINT - Enhanced Analysis of GRIZZLY STEPPE Activity","Tag":[{"colour":"#12e000","exportable":true,"name":"misp-galaxy:threat-actor=\"Sofacy\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"}],"publish_timestamp":"1487014190","timestamp":"1487070284","analysis":"2","Attribute":[{"comment":"The following YARA rules detect X-Tunnel, referred to as IMPLANT 5 with rule naming convention.","category":"Artifacts dropped","uuid":"589f4869-c3fc-4d12-9b76-0ab502de0b81","timestamp":"1487005072","to_ids":true,"value":"RuleIMPLANT_5_v2\r\n{\r\nstrings:\r\n$key0={987AB999FE0924A2DF0A412B14E26093746FCDF9BA31DC05536892C33B116AD3}\r\n$key1={8B236C892D902B0C9A6D37AE4F9842C3070FBDC14099C6930158563C6AC00FF5}\r\n$key2={E47B7F110CAA1DA617545567EC972AF3A6E7B4E6807B7981D3CFBD3D8FCC3373}\r\n$key3={48B284545CA1FA74F64FDBE2E605D68CED8A726D05EBEFD9BAAC164A7949BDC1}\r\n$key4={FB421558E30FCCD95FA7BC45AC92D2991C44072230F6FBEAA211341B5BF2DC56}\r\n$key5={34F1AE17017AF16021ADA5CE3F77675BBC6E7DEC6478D6078A0B22E5FDFF3B31}\r\n$key6={F0EA48F164395186E6F754256EBB812A2AFE168E77ED9501F8B8E6F5B72126A7}\r\n$key7={0B6E9970A8EAF68EE14AB45005357A2F3391BEAA7E53AB760B916BC2B3916ABE}\r\n$key8={FF032EA7ED2436CF6EEA1F741F99A3522A61FDA8B5A81EC03A8983ED1AEDAB1A}\r\n$key9={F0DAC1DDFEF7AC6DE1CBE1006584538FE650389BF8565B32E0DE1FFACBCB14BB}\r\n$key10={A5D699A3CD4510AF11F1AF767602055C523DF74B94527D74319D6EFC6883B80D}\r\n$key11={5951B02696C1D5A7B2851D28872384DA607B25F4CEA268FF3FD7FBA75AB3B4B3}\r\n$key12={0465D99B26AF42D8346001BB838595E301BAD8CF5D40CE9C17C944717DF82481}\r\n$key13={5DFE1C83AD5F5CE1BF5D9C42E23225E3ECFDB2493E80E6554A2AC7C722EB4880}\r\n$key14={E9650396C45F7783BC14C59F46EA8232E8357C26B5627BFF8C42C6AE2E0F2E17}\r\n$key15={7432AE389125BB4E3980ED7F6A6FB252A42E785A90F4591C3620CA642FF97CA3}\r\n$key16={2B2ADBBC4F960A8916F7088067BAD30BE84B65783FBF9476DF5FDA0E5856B183}\r\n$key17={808C3FD0224A59384161B8A81C8BB404D7197D16D8118CB77067C5C8BD764B3E}\r\n$key18={028B0E24D5675C16C815BFE4A073E9778C668E65771A1CE881E2B03F58FC7D5B}\r\n$key19={878B7F5CF2DC72BAF1319F91A4880931EE979665B1B24D3394FE72EDFAEF4881}\r\n$key20={7AC7DD6CA34F269481C526254D2F563BC6ECA1779FEEAA33EC1C20E60B686785}\r\n$key21={3044F1D394186815DD8E3A2BBD9166837D07FA1CF6A550E2C170C9CDD9305209}\r\n$key22={7544DC095C441E39D258648FE9CB1267D20D83C8B2D3AB734474401DA4932619}\r\n$key23={D702223347406C1999D1A9829CBBE96EC86D377A40E2EE84562EA1FAC1C71498}\r\n$key24={CA36CB1177382A1009D392A58F7C1357E94AD2292CC0AE82EE4F7DB0179148E1}\r\n$key25={C714F23E4C1C4E55F0E1FA7F5D0DD64658A86F84681D07576D840784154F65DC}\r\n$key26={63571BAF736904634AFEE2A70CB9ED64615DE8CA7AEF21E773286B8877D065DB}\r\n$key27={27808A9BE98FFE348DE1DB999AC9FDFB26E6C5A0D5E688490EF3D186C43661EB}\r\n$key28={B6EB86A07A85D40866AFA100789FFB9E85C13F5AA7C7A3B6BA753C7EAB9D6A62}\r\n$key29={88F0020375D60BDB85ACDBFE4BD79CD098DB2B3FA2CEF55D4331DBEFCE455157}\r\n$key30={36535AAB296587AE1162AC5D39492DD1245811C72706246A38FF590645AA5D7B}\r\n$key31={FDB726261CADD52E10818B49CAB81BEF112CB63832DAA26AD9FC711EA6CE99A4}\r\n$key32={86C0CAA26D9FD07D215BC7EB14E2DA250E905D406AFFAB44FB1C62A2EAFC4670}\r\n$key33={BC101329B0E3A7D13F6EBC535097785E27D59E92D449D6D06538725034B8C0F0}\r\n$key34={C8D31A78B7C149F62F06497F9DC1DDC4967B566AC52C3A2A65AC7A99643B8A2D}\r\n$key35={0EA4A5C565EFBB94F5041392C5F0565B6BADC630D9005B3EADD5D81110623E1F}\r\n$key36={06E4E46BD3A0FFC8A4125A6A02B0C56D5D8B9E378CF97539CE4D4ADFAF89FEB5}\r\n$key37={6DE22040821F0827316291331256A170E23FA76E381CA7066AF1E5197AE3CFE7}\r\n$key38={C6EF27480F2F6F40910074A45715143954BBA78CD74E92413F785BBA5B2AA121}\r\n$key39={19C96A28F8D9698ADADD2E31F2426A46FD11D2D45F64169EDC7158389BFA59B4}\r\n$key40={C3C3DDBB9D4645772373A815B5125BB2232D8782919D206E0E79A6A973FF5D36}\r\n$key41={C33AF1608037D7A3AA7FB860911312B4409936D236564044CFE6ED42E54B78A8}\r\n$key42={856A0806A1DFA94B5E62ABEF75BEA3B657D9888E30C8D2FFAEC042930BBA3C90}\r\n$key43
