409 lines
540 KiB
JSON
409 lines
540 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5b9ba490-0e84-4127-916f-4f75950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:20:10.000Z",
|
||
|
"modified": "2018-09-14T12:20:10.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5b9ba490-0e84-4127-916f-4f75950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:20:10.000Z",
|
||
|
"modified": "2018-09-14T12:20:10.000Z",
|
||
|
"name": "OSINT - old njRAT activity",
|
||
|
"published": "2018-09-14T12:20:33Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5b9ba4a6-64b8-4561-a3c1-4d97950d210f",
|
||
|
"url--5b9ba4a6-64b8-4561-a3c1-4d97950d210f",
|
||
|
"indicator--5b9ba4d0-b15c-4860-b9b6-46d5950d210f",
|
||
|
"indicator--5b9ba4e9-ff3c-4024-98a4-4760950d210f",
|
||
|
"x-misp-attribute--5b9ba521-bde4-4769-806b-4f44950d210f",
|
||
|
"x-misp-attribute--5b9ba53f-6cfc-4071-b166-4fdd950d210f",
|
||
|
"observed-data--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"network-traffic--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"ipv4-addr--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"observed-data--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"network-traffic--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"ipv4-addr--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"observed-data--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"file--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"artifact--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"observed-data--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"file--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"artifact--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"observed-data--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"file--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"artifact--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"observed-data--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"file--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"artifact--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"x-misp-object--5b9ba5c1-9ee8-44e4-b15d-4d2e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:tool=\"njRAT\"",
|
||
|
"veris:action:misuse:vector=\"Remote access\"",
|
||
|
"circl:incident-classification=\"malware\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba4a6-64b8-4561-a3c1-4d97950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:08:06.000Z",
|
||
|
"modified": "2018-09-14T12:08:06.000Z",
|
||
|
"first_observed": "2018-09-14T12:08:06Z",
|
||
|
"last_observed": "2018-09-14T12:08:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5b9ba4a6-64b8-4561-a3c1-4d97950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5b9ba4a6-64b8-4561-a3c1-4d97950d210f",
|
||
|
"value": "https://www.symantec.com/connect/blogs/simple-njrat-fuels-nascent-middle-east-cybercrime-scene"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b9ba4d0-b15c-4860-b9b6-46d5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:08:48.000Z",
|
||
|
"modified": "2018-09-14T12:08:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'njr.no-ip.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-14T12:08:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b9ba4e9-ff3c-4024-98a4-4760950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:09:13.000Z",
|
||
|
"modified": "2018-09-14T12:09:13.000Z",
|
||
|
"pattern": "[domain-name:value = 'njratmoony.no-ip.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-09-14T12:09:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5b9ba521-bde4-4769-806b-4f44950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:10:09.000Z",
|
||
|
"modified": "2018-09-14T12:10:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Antivirus detection\""
|
||
|
],
|
||
|
"x_misp_category": "Antivirus detection",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Backdoor.Ratenjay"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5b9ba53f-6cfc-4071-b166-4fdd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:10:39.000Z",
|
||
|
"modified": "2018-09-14T12:10:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Symantec has observed the growth of indigenous groups of attackers in the Middle East, centered around a simple piece of malware known as njRAT. While njRAT is similar in capability to many other remote access tools (RATs), what is interesting about this malware is that it is developed and supported by Arabic speakers, resulting in its popularity among attackers in the region.\r\n\r\nThe malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cybercriminal activity, there is also evidence that several groups have used the malware to target governments in the region.\r\n\r\nSymantec analyzed 721 samples of njRAT and uncovered a fairly large number of infections, with 542 control-and-command (C&C) server domain names found and 24,000 infected computers worldwide. Nearly 80 percent of the C&C servers were located in regions in the Middle East and North Africa, including Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, the Palestinian Territories and Libya."
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:14:08.000Z",
|
||
|
"modified": "2018-09-14T12:14:08.000Z",
|
||
|
"first_observed": "2018-09-14T12:14:08Z",
|
||
|
"last_observed": "2018-09-14T12:14:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"ipv4-addr--5b9ba610-0314-4618-b854-4cb4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"dst_ref": "ipv4-addr--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5b9ba610-0314-4618-b854-4cb4950d210f",
|
||
|
"value": "204.95.99.26"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:15:15.000Z",
|
||
|
"modified": "2018-09-14T12:15:15.000Z",
|
||
|
"first_observed": "2018-09-14T12:15:15Z",
|
||
|
"last_observed": "2018-09-14T12:15:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"ipv4-addr--5b9ba653-5788-43a1-86b1-4de4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"dst_ref": "ipv4-addr--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5b9ba653-5788-43a1-86b1-4de4950d210f",
|
||
|
"value": "83.71.169.49"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:17:11.000Z",
|
||
|
"modified": "2018-09-14T12:17:11.000Z",
|
||
|
"first_observed": "2018-09-14T12:17:11Z",
|
||
|
"last_observed": "2018-09-14T12:17:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"artifact--5b9ba6c7-7a04-42c3-933f-4e63950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"name": "figure2_17.png",
|
||
|
"content_ref": "artifact--5b9ba6c7-7a04-42c3-933f-4e63950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5b9ba6c7-7a04-42c3-933f-4e63950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAb8AAADDCAIAAACd5ogrAAAACXBIWXMAAA7CAAAOwgEVKEqAAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJiRJREFUeNrsnXlsHFl+37ubpERdQ1GiRPGYGWk0WWdkJJvFArm8RhIDgZFAWRuYBIvEyB9G4AUC5EA2gY0ECDbxTIAg3sU6CAx7vYGTANkdLwIn2BnNjkYHKfGmeJPi2ffddd93NZk/Xnezye4uVjcpiiK/HzwIxepXr163mh/+3lmBHQAAAM0TwEcAAACwJwAAwJ4AAAB7AgAA7AkAAAD2BAAA2BMAAGBPAACAPQEA4EzZc3R09P79+z09PYFjp6en5/79+8PDw/gfAgC8Yfb8wQ9+0N7eHnittLe3f/TRR4d8hx989esffPXrPrNVknfmnz0erU5+qvGff/gT71crqal3V31hs9c2VdsjLByA02zPn/70pzdu3AicALq6uj755JNX/SnsU6e
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:17:14.000Z",
|
||
|
"modified": "2018-09-14T12:17:14.000Z",
|
||
|
"first_observed": "2018-09-14T12:17:14Z",
|
||
|
"last_observed": "2018-09-14T12:17:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"artifact--5b9ba6ca-7d00-4c71-a955-42e5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"name": "figure6_1.png",
|
||
|
"content_ref": "artifact--5b9ba6ca-7d00-4c71-a955-42e5950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5b9ba6ca-7d00-4c71-a955-42e5950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAApQAAAGiCAYAAABZBFYRAAAgAElEQVR4nOyd6ZcVx3n/v9Xd987CMAzDsCMQCASSECAQsrXZkuzIlrxEsZPYcbZz4pPjk7zNP5DXyav8AzknJ7ZkxSfOz/IuyXFsWZKRwaAFEDDsy8Aww+zLXbqf34uuqn66blXfi5gxw6jqnJnbt6vq+TxVXcu3q5cr9u3bR2ghEBGEEPa4JEk3BE8PqOR8u5iRpiPp0c3k+SjBlvdW7M0Hl9cJ/2xm21b/zY5JUR4ieXiFsLYD1T54Oyna12reZuF2c5v5BMDJ/Sh2PNdzFyPXtGFymvVLm52iOM/13I8Tt1wuI4oilMtlBEHg5N5qiFwFMUORiCh3dUsl0pI29eGODKmqrFdmkdRr2V5HJ1GNWX3y9K6JrGii4vsWItdMxzu42dltk3OzyVrZ8VzPXSxck9EsFE3CrfRLV9k813MXO7dWqyFJElSr1ZZ8+6ihQVCaoajQIIKIImx87BmUl3Yjqcdz7Z8PCyIQhAiQ1Ou4cuhNjF85jyDMNx3zTIlPODZxx7dtZ1dmnC3vQuCawSVWTdFrs2dO1jy/sw96rufewdyi/mfa4yxX33WVyeWf53rux4FLRKjX6zquGbdVEWvubxCUrRRGGUiSBIEIsP7hJ9C1dgOS2vyqXx9uU6D0und9dhY3zp7EyMUzEEHY0mSUmSiegIryqjyuuNvFtU2WvAPbJlKbXRVvS2/aNj8913PvdK454domWzOOfzfZ3CebfZt/nuu5nnvr3Iir1psNca0GCkIQBAIRgMT8XZv34fYFogSAAAGI63XUa3WIILzdbvnggw8++OCDDwskiJdeeqm1C/6WUK9WMTY1jcF7Hkbc3gUk6SVvrX6JQAIABIRStvJ7qnrVDlKLYAAJyNv1oB7y0Vqa9D+VGErocL1NoCyZLqnJVaZEmh6Nql0b4TUkhHQjdVho30VrXOJ+F3FtK2kk60U0xOozf+kjSFdlzqzJzGqQO0zZNhGSJEYSE+LKNLovHcdqUUVX9zKL3z744IMPPvjgw8cxCEpDY4SxXKq2eXytUsHFq9fwvQuTGI0JkUyXJIl88lsulcrVLKIkeyJc2WGXTimOteCBFE5B6MhLgAgy20mSAEmSU3JBGEAgvTSfrrLly1fkVxCEEEEAShIkiXFvqBAIgjDVW4mtTAECEYJASOIYhiLN8trqg/uVxFmdS40ZhCGECGQd2/yKAFDql1lmWddElM9LAALpF5DLK0QAogRxPUZSmcHjvSU8es8GrFy9Jve0mG0p3LXftgTP8/Bgu2TG091OrktQ2y4h2i752VhFlwg913MXK7donmnGb+aL7XKf53qu5849NzITmgBzkOHx9Xod1Wo1E4EyJHEd1dlpCBIIowhReweEEKhXq4hrNfAVsFJbG6JyGyhJUKvMpgJMLpIFUYRSWzuCMES9UkO9VskgBETlMkrtEYgIcbWS2lZ5wxCRzJvUa6hVq4wLhFEJpfZ2AAJxrYo6e/pJQKDU3oEgSIVbbWYmV8YwKiFoU3lrqFcNv9rbEZRDUJykT0Uz8RZGEYJyO4QIUa/JMrHqS/3qAADUK1XE9axMIgxQbu+ECJGWaXY2twQZhBHKHakojOs1WSbS4rvU1gFRKoHiOmqzs9CCk1KuaGuDCAKZtwIiQlQqIyyVQJSAiFCtVjE7W0nvnw2ChsnD1V5Um7HFNWvgNtsLgVtk3+xXNjtmv+N2TJsuG57ruXc6l9u0cXmcrc/y+GaToOd6rufOHzcyjXCACTMVrBkIUvskCYQIUG5vT1fFZHypXEYUlfKZgkBeeU5FHLhtIdJVQiKE5TLCKGrMK9NH5TZEpXJDXgiBsFRGEEXILxQKKDUWlcoIoxLTuWleASAIA5Q7Oy150xCWpF88XpZJBIG1TBACBEIYlRrzMttRWxuicmOZiAhBVEJbp3EfY2D4xZ/EFtArn6nw7Gysa8kOS2WIIEStKkUnAUjSJzYpIbni625ctonF1o7M0MokZOa9nVyXTc5t1mds5XD577meu5i4tknKDLY5ycxr9t2iCdI16Xqu53rurXMjnsAcBIoMW1zWwlEEAaKolL5aRl4WFQBIhDDfqalEKCAgwpDfvZfbFkKgITO3EYZ8sY7FERAECBA05lH/RQibZQIgRAARuh42IgBBKlxzZZFcAX3J3sYF8zmfN00jWF4dTyTFH4DA8tYnHS8yYWuLDy0P1ajEQiAAUvFPBFC2PkuqbCzYJgnXxMHbj0sc8m2zvdkmt9vFVX3GZBV1RJdPtrRF+T3Xc+90rq2vueYfWz7XvGT2VV4u7o/neq7nzi034kaLBgC+bZtweZogjCDUSiQriLYrs+qHRpjqETmJKaUV5YVCvoIAI4qJr9SKjje5EICRP1eJjvJlvijZa3HgJrm8IPnSG/Ui0rwk7RMR1IM/gjH0cUW+MQkhpDskfRBMSGa+CCH0rQhJwZsAzEbFG6it8RXZsLXBZp+3k2vatsWZfYn3NZdvto7O/fRcz/04cF37msWric/ms+mT53qu584dN7IlUgmVEXPbJSZhTO6NE7t8IjrdoZ7vtgxcBPVQDucKoXSXFFOwD2LZE+XSlnTN5HJRp+0ycUgywsqVT0ALIfT3uefysimbQilGLSoB7WDODrOmLQAEoeuWWJrMRu6YNXkVlCnEzAbG20GDsLWcbDSblGxnWreL6+wHhj+mb9wv019332k8y/Rcz72TuTxdUWjW9022y26RT57ruZ5761x9D2WzwcKceK3OC6RPVcd1xHGS3h8o7/kTeo1NIKd51OodF4ck0xLkihtpQOaaEkDMR/kqHqFFFgBVeAtXiGwVUIAayp5JLjsXQmR2aD64+UD8tgIh8nKQH7Oc0LaIb2HkYZ+6sSWEuF6FegLcFcy2YpsszLZj22/mNe25Pm8n1/bdZq+ZDVuwpTHL6LmeeydzW4kr4jazcbNl9VzP9dxb4wa2s0suItUfEeX+GkN2Z129nj69nKaTA5KAujKby6P2CSFSoQYl1gASJPc5KkvlUflFJrRI2WWMBi7zmwRnkNrr5qo0grQ4m2uusqf+BKDrQ38qkal35+P5kVLWVRVnEVkezSVCrVpFvVa1rHryrI2rEryNmMLPzKv+XI3W1e4WOtfF5HE2uy5WkX+e67l3IrfIpiudy3dbaNZ/PddzPXduuRGQHzRsE7FN0TYaZKtnZlq5j4uidOVRXS6Wl8KVUCN5mZmtDCrfSOZXog6CXTrXdx8qMUZNuGjIy1IXcomVOCv33HJV2bJ6VEvVhiAEUmGr9wudQJD6mopvkmpSk2W8ts380MewSdvj7cQm0GwTh5q8chxLMNsmb6O3m9uMZ+Pa7Jm+uMrouZ67mLjF80kWbPOTi2va434W+eO5nuu5t84NzEgVYU66NoMueK4QxBzPJYa6MoxMmnFRBC3PMj8IgpQgY2KM2SYLy8klJQvzg6oWhLrCGrlKHIJICrX54XID+Uv6mUiXVWA0CMtxEjKNqmMiLSCVLDclbCuhlYnB1ljVpGK2Ob5t2iuatG4Hl/cP235bfzJ5Nn6RTc/13MXAtQXXPMO5pk2+X/2ZE6arXJ7ruZ47d9xAgfmnLYNpsDGQ/atUPUIIpaYAbYegZBcpkaTTqYvGeYlGyqa8EZAotcdxQmT3a6bpHVxVWeAVx/IVcLNipnbmhUtZA1DXqgUvKKtoLajN42PqQzKjZcMDWdII5dicBLPtmI3dtY/HFcX/obl8MuUTbJEfraTzXM/9OHHNicsWf7M2XWnMbc/1XM+dO66+5G1GcuOmk87BQ+4PozKCMNHvZ9QLicYKmLCJxVR/5fj6VThSjJFKLdRlW50pi1dalQASDq7Ws0KbyAlrKQJtXOkNNzLnXMHqNPukvA3iHiB90lwYQlzvg9aIRq2zS+WUrioH6S8R5URtQeAnIhk2fxLCG54tr8sOjzN9WUhcM87Wh1qZeG08z/Xcxcgtmmds/dY2N9ls3Iw/nuu5njs33IanvF0GmwOEvlwbhAGAAMTEiLqHMA1yH9sj1MVXKbS0s0p
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:17:18.000Z",
|
||
|
"modified": "2018-09-14T12:17:18.000Z",
|
||
|
"first_observed": "2018-09-14T12:17:18Z",
|
||
|
"last_observed": "2018-09-14T12:17:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"artifact--5b9ba6ce-cd60-489a-8016-4f1f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"name": "figure4_8.png",
|
||
|
"content_ref": "artifact--5b9ba6ce-cd60-489a-8016-4f1f950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5b9ba6ce-cd60-489a-8016-4f1f950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAApQAAABTCAYAAAAhvZcZAAAgAElEQVR4nOy9d1gVR9s//lmqVAELKKgoihUbdo0RjSXGGGOJ5THGEkskYhc1EaMxajTGGI3GLljQqLGjxsTYjb2BEYJgF0QE6X1/f/DuvLtzZmb3AD7Pc31/731dXOfslLvN3WZ29yBlZmbKoECWZUiSpLkGAEmSSB89hh6rjGeBCJ96Pg8Ha74e7yycNK8sHmj6LHw8fo2M5cmtN8foNc0XS988HPQctUy8Pj06LL2w+DBqazyb4c2l8fP0RNOhcfN0UJo55gLPTkV6M6eNxitqF/EoigM8fykL3eitiREejdJi4WTRKgt6Ivw8fzSXrrnrb65MpV17PXq8WKSmYa4tm8tPWeqKxlNWuHlzePHKHH8uDb2Sgjm6Kil+PbsV5T4eHh4tFt8ieYzahSh+KG28GkHEt4VIGDrhKtesTzUxtWJ5c1jCqOfzlCgqJvWAFVx5xSULaBmVceprWm9qXLRc5hSnLB5ovPSi07T0ikgWXyy903LSMvMCN8um6HFq/CwbEK0TrQO9gpG1jiybpe1EpAOe0/HsQ+RTtAw0PZ6vsGRVr78a1Lag/uPZql4S5/GgZ+ss3KJ15OmH1aYXm2hfEAHLhnl6YrWLYqpevOTJwuOTZYMieVi2RfNgbsxkyayMZ/kZbx4v/rP61LLTeqD9nUeHxqe3biyZeTGYBSx8vHjC40UEIvuj9cBqE+Gk57D6aHnoMXqxnrcGItw8v2fxZYQ2rRcj62BUlyx5aFq8mMXzTzWwah81Hr24wosJNF8WPCF5BZNeIGPhoQWgBVRf85yOLjhYOERtrEKKlTxFgYNVsLAWhAeigELPpYtDWhYWbnqsEUNTj2UFWnrNaRloG2E5kJGATq8Nq/ii+eU5GE2TnkPrhrfGLCdk8UXLR+OnZaRxsnTPAiPFryhgi/ylpP7NwqXQZgVHdT9PV7xYwbM7ER+iYo83Tg94wVzdR9s+y6bofpZviHxf5GssO2XZC8umeDyq8dDXesmSBXr6Z/Wz4iLrkxd7RDRYfay4z8IrymfKp8i3eLLSMYcnl5H4L6LLy9E8PzO63jReXvxnzaHlEtklz19o+xfJy6LFyoEsOqy8wZvDygM08OIyj45eXmPFYhafPF5oXbL4BAAL3kAWU3rIeP2idpawJU1ovIApCi4sY+IZuHoca6yoaBAlC7qwYDmFSCeswpaWl6UfHn2ewfOSp8gYzQGenCI74xk7LxHQvIt0S+vKaKEgChgi22LJzOOJloMFLByiolrEp5GkpW7T82FRcNbjRa+dh7+kcUWEn+VjrBgmihssEMVdmgcWH0qbKKHRRQo9Ro+uKCGx7Jy+5sVcPd0Y8Q1zCiBWotfLH6y5LH70ihp1uxG/0eOb18+TgUdXz695eYq+5sUgHvAKIhbPLLpqGWn6In3x7FXEP51fRDbPyrv0WNqPRLpg+S8vp7N0w+NRFIv15gLULW+RcdFtrAQqcmgW0ElfFGj1ChdWole3q5VPG4GefDweePLqGbxe4GMtMs0vjze9IoouhOjvvHUQBTsRLb3kQM9hySdKrkaCpTn0lXks+1HrV80vTw4aL4tHI2DEr+hAr5dAWcFDlDx5+HhBi04+LDwinObqjJWc9eiY00/rReT/LGAVXSJe9GyMx7ue3LT98pIYq00Um9X4ab5ZBbaRNTbHd9U0WTzz1o01n+ZHtLaiwoNVfIl8jLfWevlCjzf1PJavsvxTJA+PFi9+6+HmFaN6fND5nI7ferGSxRfLXtSf6nGsGCCax5or0okRG1T7MGs8q0/hi5UDaN55c1k0AMCK7uBNUhMAADkjHXmHDiL77GkUJiZCzs0FZBluu/fBwt6eKTwLj1oYvUKpNIZCt9F06QTIK6yMAF2gsfihF40Geiz9KdKVXlAqKxAVU0b5MKpjI0mAp0uRvfDWR8QD7YR0YGPNMyInzy9oHKKCjYeH9h0aL4ue+lrPRo3KJNItLZceiPAaiQXqdh7Q/OjJzIuX6msjdmKOzlj0RTbAa+PFQjVuXsJl4Rfxose/UdDTlZF4YI7NsebwbIRHk8eTKH4Z5dFoDDGHj9L4pJqWyI94cUfEJ4s/I3lVxBetK17804t59DiWXsrC1kVxjVc7sOocWja9uoTHmxXNqJ6gclERspctQeb+XyHJhbBt1QRWvp6QrCyREb4fKCwUBi6esYqMWFQpswqKkjh4UVERioqKYGFh+p6SXgJn4VQCs4KPV1QYSYQsGXk8sopW1jWLH9a1HvBk0gts6k9z6YoKWSNzWMmQBawgxyvmRbhph2aNLSoqYtoXL/DqJSBlrp498YKOiI+ioiJi2zQfLF9Vj2fxrvQD0PgLS5+FhYUEP+1jRgIlSy+8ZEbLxfNpWres70bXRQ/oRKgXD9R0eXiMyE7rlpeYWHbFk5PFIy/O8mySh0OEk7U2ar3RNFm4RDlLL5fyYq5IFh6PorhnNA7zZGP1sUDkBzS/RtaRN1akb1bcYdlHSfxCZMMse+flOZEueDZpJE7R+GicIhvg4eTNp+MhzYeFejJLAYTZzEwUHD2ClF7dkXP2BBx7tEH5IQFw8AUc3GNQvrU1qoy3goWNlsDLly8RHx+P/Px8AEBubi7i4uLw6tUrjfJ5i2sk0Cp4Xr16hbi4OOTl5Wna1X80bkXW999/H87OztyAwZqr1hXdNmTIEDg7OyMtLU1oYOpreh3UdHkGQPPGcjD1XFYwV/PBSxz0eGVcVlYW4uPjkZqaajKHZ3Q0X6KAyNI/3VZQUIC4uDi8fPnSZL5aLlawZzmaLMvIyclBXFwc4uLiEB8fT2xYPSc1NZX0FRYWAgCys7M1c+Lj48l1QkKChg9ZLi4kjx49Cg8PD3z33XdCHah1pXymp6cjLi4O6enpAIBHjx5p+E5JSdHoIj8/n/S9fv2a4Hnw4IGGV+V7XFwcKXYVHAsWLIC7uztOnTqlm5AlSUJYWBicnZ2xa9cuk7VLS0vDhAkTULt2bTRp0oTwRMstSRKSk5Ph7OyMTz75BAAwefJkODs7459//mHqjWe/vGQnAkmSMGjQIDg7OyMjI8NkPXh4WUUpDcqYrKwsxMXF4fXr16Tv4cOHePLkiQavXlKkx6qvaZ3Q43l4eNesPt54XnHESoysOMjLESw5eWvBKnZEeFn80niMrIUaL02X9119rbfOrO9G+kT2QY9j5Tq1XLy5eutIy25Uv7x1YxVHrNzKAlFeEuUyUeFPx3xWXWHUJnn2TtNRrnkFMUsmkZ+w4jwrP5scx7EMuOjVK2RvXI+07xbBpnYVOHaqB1v7WNjaXoON62NYV7OG5FYOUmVHQMW7LMtYsGAB/Pz8EB8fDwC4efMm/Pz8sGrVKqGQLEXT42kjX7JkCfz8/BATE6NRDP1dLStLWSK+RLzwDEuhxQucLGOnv9OFBM07L1GJkhjNH2uOyLkkScLFixfh5+eHDRs2CJ2KJR/LaNW64BXXtMxJSUkICgrCzp07dYMJS5esIHjnzh34+fmhV69eCAoKwttvv41ffvkFRUVFZNyaNWvg5+cHPz8/PHv2DAAQHR2NoKAgBAUF4Z133oGfnx/GjRuHoKAg/Pzzzyayp6enY8CAAejSpQumT5/ODSS0DpTPK1euICgoCJcuXQIAdO/eHa1atUJQUBAGDBiA2bNnIzExkcyPi4sjPG/ZsoXoZ9asWQgKCsKQIUPg5+eHvn37Ejlyc3M1fMyZMwft2rVDr169yEaRx3NKSgqio6NRs2ZNuLu7m4zZtWsXtmzZgmXLluHOnTsoX768EB+tB3qMyF5oW2P5lJGiQJnDSj48HtTXvEB9/vx5+Pn5YdOmTaR91qxZWLx4sQl9XoIUxQMjMvHw8a6VNpYeWMUEC4+RQpOXBEWy0PNEOFljWcmbV+jw+BPFRB6vrNgnymWs73rrzxqnlx9F+UskE0vnenzyCmwWfSP1Agu3Ggfru3osK0+z8iQLL02bZxeiHM7jm4WLp2P1WtF6Y42h9cWzM/V3K3Wn2omUz6LUVGRvC0XOgb0o16o
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:17:21.000Z",
|
||
|
"modified": "2018-09-14T12:17:21.000Z",
|
||
|
"first_observed": "2018-09-14T12:17:21Z",
|
||
|
"last_observed": "2018-09-14T12:17:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"artifact--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"name": "figure5_6.png",
|
||
|
"content_ref": "artifact--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5b9ba6d1-6394-4ff2-b5a7-4b26950d210f",
|
||
|
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAGlCAIAAACp4B/RAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwQAADsEBuJFr7QAAABR0RVh0QXV0aG9yAEVsbHluZSBQaG5lYWhay0tlAAAAIHRFWHRDcmVhdGlvblRpbWUAMjAxNDowMzoxOCAxNToyNjo0OK4mwwkAAAAadEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My41LjEwMPRyoQAA/0BJREFUeF7M/XV07Hl+HYo64Lzn9xxD/BzbsW+S68SO7YkpHg83TDN3nz6MOiBmxlJVqZiZmRkklZiZmaGYVCiVWAd65n5OT/Je7lp3ru2/Xtb6La2SWi2VdFS//d37s/f+/IphLKMbO/9f4TKPXLBVPY8f3y199uDTN9+49dV7laVZmIZqYlMZpjYfU5PXUJJFbCymt1TRMdWUlgomsZZFquGQamjoksaSe2x8hYqLEpArCPUP8dX3Wcg8EaGSgijANxU01zyltRShKh+QETnVedeayx7K6C3NJXnoiiK7VmjXChw6oYyNM8pZSj6JS0ZoeBSHnNtlUTqNEouWp5FSLVqOVkKhYmoFNIxexLSImUp6i0vD6zGLXHq+lk82SZgdekm/VdVrkndohHYpa7rbPDdgWRqxr462TnbounRCE5/CQlSqCA2TRtFqn2mhTz/sECz1ajb6tAtO8dawfbHHsDFqH2+XtSpJnQZ6n43dbWR0aWhqWq2MWDlg5Mx0KBa61Z4Z1+aYY8Klnu02zvaYN8c7ErvTuzPt+/Ptc72m0VbV9lT73kybb9614FL2q1jjJtFUq2SxS7k1ZFjtUW0MGiKrg/7loe3xjr3Rzr2JrtUhR2R9LLw8uNyl3x20L7tUK93qxW7VsIULT2+mTdKrJO8OmbZH9eHljvU+XWy5PzjfvT5q1XCbqIinSkqliYdW83B7axPnR+FUzHN6GEpH9y/S/uTeXK+GZWIhPXP9pzHPyWF4YdgpxpbKkPkaVB677JaoOcfIR61NdWSS/tN0+CQeuEyFIpuzIzaZllbPR+azm3Mt/BYzB6ekop1KoXt14cV55puL05enmcuT48NUMhE7uDzPXJwmj+P+oHf5xWXsOO07Pw4fpwKZZOA8c3B8GL44T52eJI4P4+eZ5Hn6IHPgPU35r47iL04zmczB4WEoE/edHQRO49HLk6OLi9PTs6PnV6dHR9FQaOcwHTjOBI8zgavz6Nlx8DQTODn0R3yrOyvjh9Hdo7gnFnFHgruHydDL5ycvrk4uz44uzzLHqfjVeeriLHR2FozF3Ilk5OQ0fXgUOT+O/+ybi/PzI3j3/Ozw9Ojg8ihykvafnQSjofVMcv846TnPRF5eHSdi4ZPj5Pl58vw0fpqJwm81Ft5NRfZPU8GTePDqKHqW9J8k9k+T7ph/Hd69SIePontXxwfwLZ5fHj+/OMnAN02HX5zGrzKRk4z3PLOf9s9H10YjG2PejdGjg52r49DL8+jFSeD5Wfg47T4/9j+/iGTS/ufnscujYCq4cRTePI5tvzjxvzoLXmU8R/GdkGclkw5cZKLfXKQOI7sp31rCvXh8sPXyxH+W2j3wzp1E17459jw/2glujx94VgLbq0cHwdNUNJOC35sv5J7ptgll9BoVq84mxZrE2FYd266hMfHFchZqY7IvvDF/5Fs/9C32WbmkqttKYokEW6qh14iJhRxMbmhjJLQ+cxxZm+rRcjBFTFTufL/mKDAX3BzZWehaGTVlAjPx3SFW89Onn/8tMu9Tes1tETZ/bdgw0yUecTDdc5bJDv5Uh2ixXz3VoxhwsJzqhgE7sl1Tzmu5buWXTVgZ063iuQ75ar9mpl08bGbMukTLvbKVXum4lcFFPBu1CjeGrVPtCvjj7zYw+gwMWuMzMrKgwymZHW+d7bcOGUUdIqKeVuMQtjil1Il2o2d5yr+5sDI1OD3UsbU4NjfS2eNQ99jlnSbxRLdhfbJjrFPfa5evTnYujLTNDDhmB1s3pweG2wwyJqnDpJCxWvjkBgWnpb9VYZJTrSpWu1XU26rscSoXxzsnum09VlWHQdbnUE0PWobbVVo+lo+vFOGr2hXUAQPXKSXpOCiXhmWXUtrV7G6TaKhVtTzaNuxUdun5Y22aQausWydoV7AMbKyJR7TJGAYB0SyhstCVQmKjSyto0/AlFHRLRZ6EihSRGiWUJgUTreEQxCSUjkPUMPEcdK2YgJSRMXIKjo9BsBH1mKLCZ19+evv9N5pKnzZXZLMJTTRMvVbEoqIb0VXFTaW5NFQtBVGBrynCVedzsA0MVK1BRNfx4KniKfWF5Pp8Sl0Brbmc1FCCqc6ryr7TVJyFrc7DVOVVP7uVf/2j2sc3C65/1Jz/EFeZi60rQNflt1Rm1+feqXj0demDr4rvfVX95E5z0TNSbSmyKrexPLuh+Fl90TNESUFTUcHbf/3XP/iLP31y54sndz4venLz0fUPs29/kn/v819Rj18pxr/5X+HSjjzn6Abv3r9x/cO3/+IP/+Av/uPv1pdmFT68XZL1dXNpVsWTr+vz7+KqcxDFDxsK72GqnokoDfiGPEZLKZ9Yia64z0TnsVvyUWU3iHX3peQyHateQiin1GdTm/L5xBpy41NC3aPyJx8W3Hu3oeAWvjq3ueixXcruMovMMqpBTGrX8yxympqHVXExFgkFXmcaHqbbKjQpSHoZ3qalmuQEJQ9nlXOcSq5ZQJps1zrlVLMIp+O36Pl4p4LZqeMu9pvmerQzXaqZLuV8r6pDT6I0PrLLMT0G+nK/dswmmLALl1vF80bWklOw1iObsrN05CJh7T0TvnDUxF4b0M93KhZ71dMuyUyXbLxdMNUu7JJjHLzGCQtrwsJc6ZJ6JyxbA5rVXoWFUz/tFCy4ZGt92nEre8rBHjFTl3q10y7Var9uc8jQJceb6LUDSsq0mTfr4LpHtJ4RdXDScDBn2x3RhRZc6d2x3fHWtQHzUo9upV+f3hkNzXV4xmyrndKtfrl/0rg9qPSN62dMNE+vwj+gDs6ZvdPG4Ix9Z0i/1CEb0FFM3Foju8rGqtbRql1qetK3fJLwvL6tHwaTgbXE/ox3vpNd/0SJL42u9GeCK8ngmk2MYdXc02KyJTU3JTU3LNRiA7My5R4/im1fpL1HwY35PptdQGwTYO2sBiO10sapbxWi2kT4NhlzotN2Eg9fZFIXR8kXx4en6cTVWeY8k0rHglfHsRensbB38cC3dJLcu8wEjhP7hwe7B7413/bcUXw3HYGvH4TrDBBlF+62S5cxz2HAnY55T46C+2vT7uWpmeHuUGDn8ur46ur45CQRi3mjoZ1UzB32rR7Dz3XkvzqLXJ1G4sGNwO7Cecr3/CR6dRw9TgfOjw+uzpLHqchxKhoLeY8S0dPD2MVJ9CCyGj9YP0x5z06SJ8fx87PYy8vUi6vU86vDFy+O4S188eOEe3d19Ci+fXHie34WODnYcq+OJQNb8fD+cTqUONg/PQrFwlsnKe/LM0C1UCK0HvMux72Lga2Ji9ROzDt3mdq/THuj8EMF118eh0+SvrB3I+zdzCT8qfBedG/uOLK4v961PmWa7xTHFjvD8x0H28NXx/sAjcepzcP4ylF8KRGeOU0tnh+uPb8IXwIiptxnobUT33xieyTtHk97J6+O9xLBpbBn/jTtOYxte7cmE77FQ8/MsXviyD32PLZ4Fp6+iMycByYO9wYzgTn38lBkd/E46oXDDZwz4ABxeRY6T+3vLPR2GV+f8FwaklWC1nIbrZIWE7+ZgypSUhFL/fZj//JJaGl1zCTBZ6uIeXpquZldraEXURtveZfazyLrp+Hldg2VWPuQi84z8ppS+xNJ74xvuSvtHYpsdkY32yfaaAZ2oZKcpaE8VpOzDYzilR7eQidjwkaYbaXvDKumHawpJ23Mhp1pR1q5dwf1BX2K/GF15WIrea6NO9PKHjGR+jQtUw7aer9oqYs772LOtNKXugRzbbxuFXbEQh+3M5Z6xaNmmoZe2a4lb8y12zXU6S4lHBM3utWjRvKCS7g9bFnus3jmhsbajNO9zql
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5b9ba5c1-9ee8-44e4-b15d-4d2e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-09-14T12:12:49.000Z",
|
||
|
"modified": "2018-09-14T12:12:49.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"microblog\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "post",
|
||
|
"value": "njRAT v0.7d",
|
||
|
"category": "Other",
|
||
|
"uuid": "5b9ba5c1-2a0c-4b9f-94e6-4843950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "Twitter",
|
||
|
"category": "Other",
|
||
|
"uuid": "5b9ba5c3-da00-419a-be68-4c2b950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "username",
|
||
|
"value": "njq8",
|
||
|
"category": "Other",
|
||
|
"uuid": "5b9ba5c3-a768-4922-a9bb-4413950d210f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_comment": "The main reason for njRAT\u00e2\u20ac\u2122s popularity in the Middle East and North Africa is a large online community providing support in the form of instructions and tutorials for the malware\u00e2\u20ac\u2122s development. The malware\u00e2\u20ac\u2122s author also appears to hail from the region. njRAT appears to have been written by a Kuwait-based individual who uses the Twitter handle @njq8. The account has been used to provide updates on when new versions of the malware are available to download.",
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "microblog"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|