2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5e05dbcc-074c-40d1-884b-2a2402de0b81",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T11:07:05.000Z",
|
|
|
|
"modified": "2019-12-27T11:07:05.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5e05dbcc-074c-40d1-884b-2a2402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T11:07:05.000Z",
|
|
|
|
"modified": "2019-12-27T11:07:05.000Z",
|
|
|
|
"name": "OSINT - The #BronzeUnion/#LuckyMouse/#APT27 infection checker",
|
|
|
|
"published": "2019-12-27T11:08:07Z",
|
|
|
|
"object_refs": [
|
|
|
|
"x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"x-misp-object--5e05dd38-b9ec-482d-be27-7d2f02de0b81",
|
|
|
|
"x-misp-object--5e05dd58-1b74-45da-8f3e-7d3802de0b81",
|
|
|
|
"x-misp-object--5e05dd70-9208-40c5-b67c-4c5702de0b81",
|
|
|
|
"observed-data--a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"file--a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"x-misp-object--e70083a4-bcfb-4e83-99ed-1cd8d96c271a",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--a7aba9ae-c8b0-44e3-b126-4bfa0e898017",
|
|
|
|
"relationship--aa358273-5513-4622-9f55-1325c0e7b335",
|
|
|
|
"relationship--d825caa6-bd35-4ef4-a66a-c27fbfe198a8",
|
|
|
|
"relationship--89b4ec3c-6db6-428d-aafc-2598de26100e",
|
|
|
|
"relationship--4ba34302-e489-4c53-a0ef-635fca7dfce6"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390\"",
|
|
|
|
"misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"",
|
|
|
|
"misp-galaxy:threat-actor=\"Emissary Panda\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:40:47.000Z",
|
|
|
|
"modified": "2019-12-27T10:40:47.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"microblog\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "Twitter",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-8e54-4ab5-a504-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "post",
|
|
|
|
"value": "The #BronzeUnion/#LuckyMouse/#APT27 infection checker. Possibly from http://cert.ir\r\nMD5: 86c9e95dcf69f6eca2a176407dcb99ff\r\nRahaSecIOC-x86.exe",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-dbd8-4d65-8cf0-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "link",
|
|
|
|
"value": "https://twitter.com/Vishnyak0v/status/1210476931143098368",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e05dc58-bd40-482c-8e53-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"value": "#BronzeUnion",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-2b84-4691-bd5b-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"value": "#LuckyMouse",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-20a4-42b4-a09b-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "hashtag",
|
|
|
|
"value": "#APT27",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-4a18-45ae-8c3a-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "verified-username",
|
|
|
|
"value": "Unverified",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-25e8-4910-a5b8-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "state",
|
|
|
|
"value": "Informative",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-e6a4-451f-9e5a-783502de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "username",
|
|
|
|
"value": "Vishnyak0v",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5e05dc58-5d50-41f9-b821-783502de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "microblog"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5e05dd38-b9ec-482d-be27-7d2f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:30:16.000Z",
|
|
|
|
"modified": "2019-12-27T10:30:16.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "attachment",
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"value": "EMx6WdSXUAEgz_A.jpeg",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e05dd39-0684-485f-b50a-7d2f02de0b81",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAEAArADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAgEI/8QAGgEBAQEBAQEBAAAAAAAAAAAAAAIBAwQFBv/aAAwDAQACEAMQAAAB/VIK7rTMZ9KYO+wnnc57P3aO9cwXmZ9RvP7tuZozzCXiG/PZo+5rx0mEsOtIbennwbTpy+55cseTNvw0l6PVp49/B6GGOl9Fu7IQE/xBGgAAAAAAAAAAAAAAAAAAAAAAAAAAYK7Yozrs0+feWHj2ADW3dkZgAA1t3Zam20aydkYAGjWbwnQADHkAAAAAAAAAAAAAAAAAAAAAAAAAISOtmH1+ytRtydu1U9WOROfydtTtJ82nbtSs1jkMU+I6Fj26nH9C+so69R+ZD6V11ufOJpnUoXfHz6S6S9Pn5JM9CY5r46azeMb/AFh2nj+z1fSVQMvR3DKlub+TxXvDhoAAAAAAAAAAAAAAAAAAAAAAAGlozev3ylal23vVlJj+lNnmOp1nS77Q9Pqujjnfi75O8VerdU0KutSdi1vHkxynpsh4b5Y6bq9Jok3u+6rxY/Hvy4aO7lfUbi6ZLoT7qaQEtLZILhk61BttLd3RGEm18ub7V+XqNkLAAAAAAAAAAAAAAAAAAAA0o2a1PTkTOQ9gvKXdoPT1UfVrfWnxr6uzwVaZt+bnNbguja3G+fzdh28RWtPbvgutaVs07zkO/wBSwfVjnknf88OTdW91/jtZ+dG+25ha7I5uWTt2aD511KL6C48Ob5uhIigStqdKps1MF+OadJy+nrp7hEhlAAAAAAAAAAAAAAAAAAARtWuVL986kvNeOuVjB0io9sjNa3x1q5s3bQ5NORiNTintjShOV7U3qbW5GW2v2DzojzGSvqYInYlzVn4+s812c7sFZZFNz5trfKT5bu7xV7i1oiNtaULIc62lOjPXPRFRxRlzVmzeeiEm4BOgAAAAAAAAAAAAAAAAAAAa9RtUf2mcrdkc6Uy5uuUzHd3oyoY7mxUPFyZlYjrwbXvU+4VWrKc8p2K7PZlT1rqKtguCVDlLQrKTnt5vygdAeW/FVtqoos3Pu2UGVtKlQw3U2l+Lu3Kbcfrz1WrKcgToAAAAAAAAAAAAAAAAAAAGGFsCsK987+2xIT7MTShWLr3m1c8TFmV/7kz6tYKu2KznmZ9UtTr2vCDj+fK2KXuXdoViPjw3dQJDryt6mY23dWa+dGUD5boCle+eXJUsGVdFUs/lZBGgAAAAAAAAAAAAAAAAAAAAAAAYtJG+u97NC1v0XfsFRydYuHmsI2ye6bsWtutSZTdsOSkSjbL4o/QeDBv5uL+eeva/OrHeWJAfOfOQyzpkZqTydgcNkVkDgspsVE2syA9zidqdj2XMEaAAAAAAAAAAAAAAAAAAAAAAABjxacT65ltuuWyNjMUHbWaHqKi/Nxs/umT25M+ZDmq7NI16L3nedKtaXHOoRG3V762bRh7PlRXyv4c8/Q83PZKbuCiRcOlqPYelTanVuY6q57sNu2Tm9xqpdSdCM6K5rP1lrUW6111/lT1vPy6F95zefVu6ovnkvjUpdXf1A9zzuO3yOcmOgOfyldbZjpuzm2z7T7T2Z1DlueWZqU3avqg6McumOZzm7cFFsldJbFSonny6b7otm69JRySQ5celua5VdFcj8c56+5vj7umfOd7cdLjsxet6ust52atVWkRoAAADDmY1Ns3AaAAAAABjyGA0A1dpmBugAAAAAREuTIVQAAAAAAAAAAAAAGDzstYIrWq3fek5eZxfTn2B59eOgaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4idqK65ZBy0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDSOj7fobnyKzmnJx+x17ZfevrxEj41M2Zt6OL5fTdzRWTJyaez86dZaG9y3HhCyXnRu8+hJfOfzNHdhNn18N/NpRc1O6vqDrJjNoaFpjb+QPNZI/W3orLOUy3eJsjhQAAAAAAAAAAAAAAAAAAAAAAAGtEyfn05HQk1675G+/fr0Tg3skdO42fcrISW8+Gx0tF715o3Ku+vLtm5j06qeWvWn69dc3/ej4lcB5aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0tCUw+mY2f092NpVo3UZVfNm0/LxiNjJK6z0m7Qq9eNl9meUTo2H7LfhZ6M79NaTw7s7W4izZ44V+5R2a+u7BTvm+ujIQE/wBdCNAAAAAAAAAAAAAAAAAAAAAAAAAAA//EAC4QAAIDAAEDAwQCAQMFAAAAAAMEAQIFBgATFBESFRAgUGAWMCMhMTIkJTM1QP/aAAgBAQABBQL6bOoTMG1u+MH5dlN0hKiHXmXvJlOOsNUacPxPUeagZt50ohNk0dMeeWj2W41K86jI1L6LQuo1zk6Be9w3KWGi1tYSOldSzBLP2TWstXo7vj3tctXh3JGggYgtVIxzj/NuoCfq1xzOcHfCTI3Q+rJCIgKUWGoAVeOpURtx9OwTcfQPQqNo0+g5Cy8XWGQDSYnaBQAD6XUFdq1fdX4ZP3J5i6F9hC2pmgDC4CrjNYiQimhIUMJokExi5MZC35k4Bsi41eZyP1Q8EsJUYsXNifWOq3rafsMyFefvOyJWhXAA+tmRU+5Z5d37xkoWv5PZr3M5kQ8zFnVEKb6hKLXuYDaF1e58mbxbnYBaulN1W36/D6WkbymPA/kC7LPkr6jBUWG/lKtXAZFJ2EQ1qZ3qy953U3mTaebDBRVrN+INsE97L6a0M6endNzWsvvK6xi6ItoPl0fYcz13181lpomjmamxYBm+QFXKjEK8mR/w8gxGvKB+TKYYKlbCFajQyHY0lEy/V10WeuO8FozoKpX6qWl7rL1UWveo6VtFq9M6KqROoZFLHWXRbs/01UpV36LIDVhNIKAfyTlL3XqS3YdpI195FgzKRpztVXyZ0clZxbpWzdczuWFj6RGWVJoRWLEfUomiJLkebZtvMJBt2c1tfLwAGhgHJVGbvlG8F1eNGNHDacM5jf8Ak44wNrE/QDsDWG7KxER+nb+rjdEg9PPAzVmdxNSZ2FodjVXl1DTzhCR1VtHqWUtHNhz1U671e8J4ZW83bFqkDRL1rWKV6ecpnpRPrFtFer62qu2zG0nZSNcErW3U4AswNtfoeuIjyrNWxNNDSAq4J0f0s97H6MUKW9vZRXaG4usyNxf8U4DyF7DL4Z1WGllq3ou5hNMafQMZj2NpPaE4CNk+uRZLelRzD0bQbKMJy6xmNwib+1A8hw4tElHeMadYdUeQs70VCldJj3H5HnY2up1TEYEWcRyLr4Pejf49ctKR6VFiaS+zdZ6zNsN8QWE6p55clyiw9A2SD6PLFiWMO4+mMhuy58n/ALY+q7YDPkRqL5YlNlIHaaveB1rcIeGpT7k/xJS0AMGiq0NncVUYraL1c2AJu05AC7iu/RhSeQDGFt5DSGm9nJZLj/i9S3HmQ4CSK6a7s5+lV1aZoCE7Dut13qegSj8kbtCsZ2hDywDjZF9C8eyjliPSP7yDoYf4vSX8tGudqeODG0FJTfzsBNjBs+dXjJgvr8enzK8bY8e3GWbL3zL5SOjPZ0ziZs9TPtSywirEy1/ODCxIWeK3mZ/RU7Xa7LEur59lGcu/+DAg0Y/59g0LAPyOyfGMoxWE33rgP0jyEJyfMqSPN5Gu/nJvhfps60ZKmlvXzwn5P2dlPSY0DL8mKbrD1p2F9tgimNrtFWQ6ryAItH5ZWaZvI19CEtNd+z7tUFy8hvTF0eWSiWNJhl0e8Qmtk7sa5+q6LH8MpPrVvfFn6dtZWlFOQCb0ldhV0zTI01xbpS5TPLJAtTaYbs
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "Screenshot of IDA from the tweet",
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "file"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5e05dd58-1b74-45da-8f3e-7d3802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:30:48.000Z",
|
|
|
|
"modified": "2019-12-27T10:30:48.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "attachment",
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"value": "EMx6WdRXYAAAazi.jpeg",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e05dd58-a590-4321-ad0d-7d3802de0b81",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAHVAvEDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAQFBgMHAgEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAH+qae4rOvXjZVED1e7RRYseS06U3zrV4qPzObKTQ/GtW3eFnrrYxqjpJNnUUXe7NY/nLj1+c1bZzDlQKz1/L1fTL/kar8z3HNuvzM9fRnV1tR1zdPI89sM26mwa/y3W96C/wDIDGgAAAAAAAAAAAAAAAAAAAAAAAAAAAHHtF0iRZtN6c/kj4+fXO33SW1SqyN96zd08WUXlJ8R3S7jQujnqJWU1fy+mD0Of795Kt8faRPvMZruaSOGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEeRH0qLaLM75q7uku+NynLrx+vm6gfPxxtBLm2fr5V8HQ1XLcC2PPZnf86fO1w42VTtj7f9l/Xx16fFhyZzeZrtiwucn87yrndr7DCbem5ya6ivXx95+LZfXLjRTZH7nETTZbU9emf0NDftQq2/iLl5fb45efvI4dd9IPbn9Yz93NNP6dKdYfOOfx0nwtdK/r8Scc5cC5revSP3++ecw/2T8YlfN/P2SLO/frb5+fqRdftZdxlqJv53ziv1VFYb6TYRrdX9TaH0tgOOwAAAAAAFPcQ+sqMprOX1c6LzHZW3neW2Gv+vdjDcN/ztobvp2+Vr9j2HbxbqY1vx9E+bH5qNTR1VrG5Wi+bis7rWdT3HngY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhTY+lN9Svz2YtsTsevl1Cz+ridvdnpV7W9u1R86Vd13G3/OfGLn9lB1vP8A3pIs4+X+vx4/LwcMt6RUZthUzP2yFwvo3j50/wAWcjnnHfOy+c4oNJJq/V1uKK9qe/SqhbaD4OOc+tJ9GNvrDtuZSXbc+bO9NRxsyMrURWaWXby3TDdtPNzMly0P5vGXm7Lld+Zd9/145yv3f/HZztqe47+nxj1+PH9DhlvSKjNsKSxamTgbn8+hmw8X9LvOd8xsdVx75y+e9W+q+LKnuPi7wky0/O972tdY8IGNAAAAAAAMlrY+r5p6dzk9eWV1MGfjeeh613lJA1Vfzs37OAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZPWcNu37G4NWCvsJQzgoLPcmKrmXKhVfOHziyRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMaer9Hqg1WwrvT68VZaP77ejIUnpvTzfEw83R2GOfmlV6t9dLl6fZ2nKcph5gTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqKt83e9+vWi+rtrrR12ta3mOGua1jLy3cvDS/VwZxdrfsg5UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTXNDqzbHz+/7c9CxO25aDFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVNtm9vnnoZO85/QHOhmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKi3VFlKjct2V1On6xV5etyw8jv7tgqajlx1qgrda2LJTpL9neBqWV+eXi1inuOcCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEl+e9Zq7fzz0Ozn+5i9mvjpRWXo326ZqPm639meSYvpkzweH6+Xvvfxn1jzI/3Ua3nKe4OQJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFdY5LpNaOdgTyggAAACvsCggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABX2Ch5/6M7SX5DqPdNjSvPz0btiLi5v+NHSW+g/uNuPm71LLQ+F2vHP/AEmkjs4urY/6NdAlcjj1zv16sye91kPn8dg8x9Btmxc3FzNw8ouZnfVmMlxu3LA9evobzqxxz2imy+t7mR55uiHa5arxjevNpNbT9zN7rdpRZ7eWQbDJc/X22I4UAAAAAAAAAAAAAAAAAAABTXOQ6TXvz951CmtKu0LAxQOboAAAAAOXUAAAAAAAAAAAAAOXUAAAAAAAAAAAAAAAAAAAAAFLdYfqs59Xx6ZtbLIbDFxWmoNtvNLdZvSctQ4fbl3k2ptqnjbSrtKOocS3qe8/dFnraS0kR/nz6tBzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL6jM9ZphyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL6in9OcpoOXX6E+MH6dFszV32+8yDnNl9201n+d/nb6QLTp57F42H0nakv4CwFh9kiquhmZX7++rMak30H5/HMauDa25mTymYzSzLDqfVbac+moOgp7i6yfS4488QbR31vNfNzx58uVZeKtc3d8d9a2HqaztZNlntDrQY0AAAAAAAAAAAAAAAAAAAAAyGvpukuP2DOwCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5Z6nXdpj+XozU8s9TM0ONAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZLW1/SWA50hy9P1xpdzQKXtVoq+JdK/95p4zRxOxHJABAJ6v61LZy4xzlo8Jq1fn7rQBE/ZmUiR4syHbMI6yET9ZlGdk0Sss7SJLUor2QfGtfaukakkZoAAAAAAAAAAAAAAAAAAApqufP8A0B6M+QajbwvdKzz/ANMtMvNLjZsTE0nqJfPrjSvHrNQ9q43M/WkJHzmrLj/rXDlylDJfWm6+nNLVa94cYOL6M54857egN4x/XS9HTP1G5S+fXGpaz579egMyiy/oqbw3LfN4+cB6Cu8PP1LKszu1W1cPQO+vzOaRvVDj/Seu0OYcIE0AAAAAAAAAAAAAAAAAKirfIajvufn6c6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAprmn6de9jmrHt0tFXV5uoUH6t8oJMzbM9+a3olHGTSqSPGjZSbrV8y63UMxKxzvWI/e3i2zL883WM9zy0rEcO03zK12bu2Vl87fslLy0SDO4AlAAAAAAAAAAAAAAAAAAAAAAAAAAAAR5ETV4QetZ7O9x+5Sb6M2/1npNt9Fq4KaSRnq6thXfNNOmm/aaMxo49xK8W4ry7WXz28nzjbt/Mb8098+bkaBm5z40wyMvRqynXTDEzdS0pYOoee09wYBmgAAAAAAAAAAAAAAAAAAAAAAAAAAAOXWFp+18eN7c3XC1x3NZWM/B9l/8AmX1vefP3jKn049GjUfXlu864HpvGt1ceR8TpR89AmqmFoyZPRyQGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+PsRfyW3Axfistm5TQ/x3W6jcVtAg+W/Qnssjyuy93P1H78+ovNv2Nz8r8c9YeQw/e9qYHF4e5Mhr/l6DloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACujW1Vjncwcf358dHaYiil9UjZq86bndKKfrVbYz8Rqbd5rx83H1DhmY2ul5defSNY3LzH0l0h8qDhwxufvzvb+qzWL++d2PPFVmM+mPK9rtYzMpAjeMzN31uYfnsjz8vQ/vA0fXHrTL096egIGKut50xnHnnbd/KL3fPdMfBdN9A+aSdNL3wW06YkxMPacs33TPdV0vTNVNu7j+fdpz9DPOt9vRXm9fz4+qcMLPt2zy+wPQOEWD0737zTZTlcsBFxn0XhlI81vufnPa43kjIaDr1noS9P2FafEnTp5xu/TqYONAAAAAAcSOv6WAoAAAFNcmchrQCESTRaAAAA
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "Screenshot of IDA from the tweet",
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "file"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5e05dd70-9208-40c5-b67c-4c5702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:31:12.000Z",
|
|
|
|
"modified": "2019-12-27T10:31:12.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "attachment",
|
|
|
|
"object_relation": "attachment",
|
|
|
|
"value": "EMx6WdXWoAA5Vuc.jpeg",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5e05dd70-3670-47cb-bfc8-4d6502de0b81",
|
|
|
|
"data": "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAEjAakDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAQFBgMCBwEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAH+qTGd5s4Xzv8APpY+pVFn8o82tx7x3b3c9jyyldb9Lra7I/N19ero7Ntu2S03K94uesOsu2f0HltfJyfXd1EXPeU1dVB1dxA/YfLyZ/bDrUdroIE/K76aplufO6zjnayt4xPI2UnHbEj9Mn3luIHL577MfZImck7l3Nobfz6jz4M7mHz/ALz6A+X/AFDR491vn1z7Vfv2YaH8xfC6yDNwudfQvUSXyzz6E0AAABz6A5dQAAA59AA4dxz6AABy6gAArbJpmruU6QONce1ftFuqyy3mltaq7xrL3VbI6ZuBw0AAAAAAAAAAAAAAAAAAAAAAjSYe1RN6ePVi1pbql8uudHp6Ps1fSNJ88CaAAAAAAAAAAAAAAAAAAAAAQpsfam6W/H0Zl4vavPcxTbWg7NN0jSfPAmgAAAAAAAAAAAAAAAAAAAAFbZc9sv3vXrx3xe1eTUHF72Duze3HtyyE0AAAAAAAAAAAAAAAAAAAAAqrVtmI2k9+zEjF7V49VmJ+iVnSzpXj3xyE0AAAAAAAAAAAAAAAAAAAAAqrVtScNFC75mYva1HO1OX3EP1S9mZ7vxl0r63hrRPyDE9HkQR6rMvRdCLJKRJYFp5o85vlDe6foaAAAAAAAAAAAYzZw/TPnX5sIv2eeo+UW91ytBH2/bEw/H6Fxtosj9HuvBcw08aXM6iovObMaf0lxXHc8/Dwy37rm786lbtmQMtuG9ZbppUtfgfpPX19A40AAAAAAAAAABn9Bx6zH0+1ufo4z/nvd+Tp8/vvc64rudj1zaHW1Fn59Y/RcPzczO2rvBfuFZyXSkznZvkSoNEqLfmDNAAAAAAAAAAAAAAV9hmOkm3GD3fSU93QXPPWWuJEPpPcS0i83ewpbzFy1hlt30lTGmXXOx5BJlKX6K7qrvOZZLWkBzoAAAAAAAAAAAAACivVVFuq9yJf5a/6OHuh0NkqtjRNJl1X2PnuV0fcU1yQGaAAAAAAAAAAAAAAAAAAK3Syj53U9c8+uJ22K5Yy2W58Z+RJ70P5TRdMNbd/To2Q89PTsXzzSVfqPjx46Jh5vbvq2Z8456hipc5apn+U8mlcM9x1qFXS4a5jhsWUGrV9UaVRZ6XfMla6zcMb7l17I8jZsdhfVPtbNek0bDXvO3g41z6VW5NkYvZdp6YnYcrXTM/G9edT2xm48ug5WnsuzVhfsxd8YtgPEWakhdJK2s92DWosS1Y5c+MpJXebNZCk9GbG4WAi+JorJcgQusgQOVoI/rsOceYKnxctzj4koqfNwoMUVW0mXS3W5+sTsMvXmhsOs6z8Zq+d8yvn+/j9YCz20XTG0O59WHl0AAAAAAAAAAAAAAAAAAKraR+00n1YvH5i/LraxudZ0XnT5/8AQJA46ARpIAAAAAAAAAAAAAAAAAAAcO8Pc/fdN39EtYUKQSJ9bD5W+51f6e+/mP0k+RltTwoYoAAAAAAAAAAAAAAAAAADj2r9oPXrG9mL2luqXx6tOPWDtHm+K7pNIPLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/8QALBAAAgMAAQMEAgEEAgMAAAAAAwQBAgUABhMUEBESUBUxIBYhJEAiMCMzYP/aAAgBAQABBQL1A3Rg3Pyynk16gRssZpJzPPsKrrMbyK3DOjCwvuCY0b2+FfyQPYRYNX08off9FnRucAXviIaopO8NdmjFLmHriI8FuDrQ4OVI2QWTSbq8rwzowMek8AXvi9GD1XpwZe5chIENx4aSertDyh0vBKEdEMg3BlLxN8GgP+XUyHnB1EtG6reMY2kSLSO3TOnxbHIaws/VIGaa6Oc9hsW4sLwd1LL01d9NUgy1Wm6zL18XKASSg2EzNXN3fNBreRs8wYr/AE8BK5U7Zf8AibntZT5MKbHBUstpLL/AgFhK02tb8Qtz/wBPU9AMeQpmSrxJWQLkoSucnniPQmYYlWECXa5VYnwnJrytwZuToYWgxkLLukUMobyqr3q8cNWQhSCuX06jzyNNN4Zj9Q+nzr8z6Qw8K6MJqdO5QycYP4wVNQDWZW0Wry46E/6qjpW/p26dz+dx0J/AwBsUGOoqfxuOhY/k5mKaPP6Zx+LKBSD6ur3NxrNvaTZd7EmPeMnpRXHcZsaoRgczOlVPn4v10lrBWNHtU5TcziNGkkCz9Rk7iTodFT69xXyqMK2MKI9opjgo1xNO2TnY9HB5n192KjMXU95ZOYJeKa4HTbehbNSy+oSMJjt86fXNK1bGdKprfj/8n98UxM5A2lnC1VDYxg5qwrAX+uMz2CskLdZq5gGmfaMnqtXYc6i0LZ2bkab91hzNqfXHXGzSwaWJZUdy+jSonQM4ArZSwKqr/XNNeKQ5j2sb5hZn+0ZO61oOOhGdbL7quGG3zD9dcdSQVcR58YXe9CioceghXQSCGi4frnWLKWbWqcbnchuf1ktbBXNOil0c9OmV06qSDLfXlcXBbyRQT0KWgBz4e6lWsUr9c7YobFESQM3rdqf1kq7AnOpwmNlpiuDLSJUyf2AG6MG5+WU8kG0qyI+nmupW30aru7CmeUzowsL7gmNGZ9oh4MjCejFeeRTyDa4gu+pmKguyx4wvW0+1Y2KfjrbIaJRPvH+z1Mh5wdRLRuq3jGNpEi0jt0zp8z0GRntlNwkVV8fT2xmOPMLC8HdSy9NXfhAtxUWJajDU4eYAklA7LC2tWfeokL02s1aSWwlSIj0BGeUPmFjI08q2nzuGqwNVvzMvJEiDF79I0GRJpNxGf0n/ALJWqhO/tURNbqMVWRBw4lfek10tKWgoveYsZ2orE0hDAZqn5L0YN44U9kLK9bRavpasXqINFx/9Fx0LH+1prtXOZHR7teliCdFlVHufjiey2FemMuT8lmlz7yMuSUgHolrXmPeMnpRXHc0vL8GQM5/Tynz8X6eS1grGnQQ+U3M4jXM/S8tTzwwO2otWsvhjk6VIeLftiNqDCIj5VgxqULUmnf4gNDACvEo8N68a2F1AbQvc3976lxDPphTT+gcV8qjOUI9a1+NaY4KNczEiRkXVOSA5/bvfKtICLX8u0fKtMKPh4ZyjLlQdmcIRJXHYQOXVvobWV0nbN0F0pXFUFgLaCzq+d9B1A6VJPqHSdC5SPagGitaxi9kUn70gKyYaJSHWf0YzZLsriY5hbrWk+elyBx3raCH1Gvlfl1/x0XJwCpVdbgUqgDdOllf1xnPE4c2HnMMzHvGd08LOMe9xhyEbZ6H1V3fhemrUui0xVRbF6jX3LnP2JMeSKmu0vFzmhz66y47GsKtiehRVMOVhzUyg2JNk+RtfWNNeKRvv1pE+8B3WiavMlmR4LVWIm2mfxxuMtxH6GiSj1LSk6gseiypyizK6bBxKCKwEsTG0uZs5lmmSFFZucBlcosXVEMma8+5Rwr961U929quiSaZjE2MA42RbtpvWP+L96nK8F616GH2F17kMyG0UVQoUajlCm0CgidSjRaRnzIyanv492exy0+TnaDHjkJoT2yljN3+lS3XeNoXKCsjhfWDdfp5tsg7+tx1JF1hFJ6pZ8JDEoAEXTASKipT1UzoXuQIzCCiuvFkwXigaD4TPVKatIpwCS6s0SXHJ1hNUtmJ2HfOVLWyobTCPw0ajrSTA7g85AOWloIxoLFTCzytK054wYmmeqPhFQl5ZJewpWIGBDtEWSXubxxe1VKLj8YpuUXEKOyPnbrEwmCKiQ+GgvjZ6heyOKVWFQe
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_comment": "Screenshot of IDA from the tweet",
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "file"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:34:13.000Z",
|
|
|
|
"modified": "2019-12-27T10:34:13.000Z",
|
|
|
|
"first_observed": "2019-12-27T10:34:13Z",
|
|
|
|
"last_observed": "2019-12-27T10:34:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--a205acac-b463-4e5a-8362-6cf764f34d83"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"False\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"hashes": {
|
|
|
|
"MD5": "86c9e95dcf69f6eca2a176407dcb99ff",
|
|
|
|
"SHA-1": "5933884f3ed5d98c0bf0158d262d9f3142c4d052",
|
|
|
|
"SHA-256": "caa63ee08af3716c6dc7495a448daa923ac8e8992f6cab3b7ec3f3e6e087bb02"
|
|
|
|
},
|
|
|
|
"x_misp_state": "Harmless"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e70083a4-bcfb-4e83-99ed-1cd8d96c271a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-12-27T10:32:16.000Z",
|
|
|
|
"modified": "2019-12-27T10:32:16.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-12-24T18:47:46",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6edbd36a-1f7e-43af-ab42-663c45666546"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/caa63ee08af3716c6dc7495a448daa923ac8e8992f6cab3b7ec3f3e6e087bb02/analysis/1577213266/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "bc334003-d71c-46af-b865-5ee28c66e97b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "10/70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "98a2f33e-c7ef-4d0b-a993-a5973224115b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a7aba9ae-c8b0-44e3-b126-4bfa0e898017",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-27T10:38:26.000Z",
|
|
|
|
"modified": "2019-12-27T10:38:26.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"target_ref": "x-misp-object--5e05dd70-9208-40c5-b67c-4c5702de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--aa358273-5513-4622-9f55-1325c0e7b335",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-27T10:40:02.000Z",
|
|
|
|
"modified": "2019-12-27T10:40:02.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"target_ref": "x-misp-object--5e05dd38-b9ec-482d-be27-7d2f02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d825caa6-bd35-4ef4-a66a-c27fbfe198a8",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-27T10:40:23.000Z",
|
|
|
|
"modified": "2019-12-27T10:40:23.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"target_ref": "x-misp-object--5e05dd58-1b74-45da-8f3e-7d3802de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--89b4ec3c-6db6-428d-aafc-2598de26100e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-27T10:40:47.000Z",
|
|
|
|
"modified": "2019-12-27T10:40:47.000Z",
|
|
|
|
"relationship_type": "references",
|
|
|
|
"source_ref": "x-misp-object--5e05dc58-f414-4b69-ad6c-783502de0b81",
|
|
|
|
"target_ref": "observed-data--a205acac-b463-4e5a-8362-6cf764f34d83"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--4ba34302-e489-4c53-a0ef-635fca7dfce6",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-12-27T10:32:16.000Z",
|
|
|
|
"modified": "2019-12-27T10:32:16.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "observed-data--a205acac-b463-4e5a-8362-6cf764f34d83",
|
|
|
|
"target_ref": "x-misp-object--e70083a4-bcfb-4e83-99ed-1cd8d96c271a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|