misp-circl-feed/feeds/circl/misp/2ec1f538-1915-4636-8b38-101cb1efce5e.json

{
    "type": "bundle",
    "id": "bundle--2ec1f538-1915-4636-8b38-101cb1efce5e",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-26T12:39:46.000Z",
            "modified": "2022-04-26T12:39:46.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--2ec1f538-1915-4636-8b38-101cb1efce5e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-26T12:39:46.000Z",
            "modified": "2022-04-26T12:39:46.000Z",
            "name": "A22-108A TraderTraitor North Korean State-Sponsored APT Targets Blockchain Companies",
            "published": "2022-04-26T12:40:52Z",
            "object_refs": [
                "x-misp-attribute--26037bec-9923-48ed-9243-2fb493e14ca7",
                "indicator--7996a879-2015-4978-b428-4504812f1cfb",
                "indicator--dbd3ad19-23ea-4be1-bee3-1003e226deeb",
                "indicator--2e3713bb-cf7a-46ad-bedc-5afa639e23bd",
                "indicator--243da19b-2f73-4629-bf4a-d8e34f83ef9b",
                "indicator--5d624335-16b2-4ada-8628-25466817873b",
                "indicator--6db08035-8790-451e-96f3-1e2b6f035aa8",
                "indicator--715a7786-5f1f-4f81-90b4-8eee729512cb",
                "indicator--f7a2638d-221b-41d8-beb9-626694e88b11",
                "indicator--489cff95-9bef-4d3e-9985-fbf95229d146",
                "indicator--72651b1a-ae81-4ecf-90e0-80739fc13e2d",
                "indicator--36778e65-f837-4dbb-91ce-977cefd0764b",
                "indicator--adb9916c-b61e-4ce8-8cb0-515d4f65fffa",
                "indicator--cf1cb653-434b-470b-a245-126bd3478fff",
                "indicator--399bdc0f-5734-4f39-890d-c0e647d1749c",
                "indicator--84b39b96-5d13-49c7-bd6b-0a8469eb69f6",
                "indicator--bc022016-fb5d-45f9-9372-b3c43a9330f7",
                "indicator--7245b9dc-5913-4b90-b8fc-1a8e61c8eae2",
                "indicator--11e7a976-b7a7-43a8-8c0b-ac54e1fa198e",
                "indicator--fb1ccce0-70f7-40f6-b8c3-326a1e9de71d",
                "indicator--d062a3a9-5378-4a45-8725-0349cf73165b",
                "indicator--73c81e64-4c76-45a1-84a3-62ac4d328983",
                "indicator--71ad21b3-c3d8-4d15-9003-b29fc1f7cd0e",
                "indicator--5ed6e693-2f43-4f4b-a5b9-31da49a95e69",
                "indicator--3638076a-1226-417a-b353-66b300a01a77",
                "indicator--c039c944-a64f-4999-b621-b611b14084d3",
                "indicator--528afb1b-5401-440f-8da9-30f9c891e337",
                "indicator--5f9b3790-8f7e-4502-ad06-c97b93bea86f",
                "indicator--830ff7b0-9256-44d5-927c-7ab83552af3d",
                "indicator--59065e13-838f-46ac-9aec-254145111c62",
                "indicator--7aed108b-795d-4262-a796-912a107a8657",
                "indicator--8ffff14f-e41a-4105-993e-04e114299f75",
                "indicator--1a3fc021-4199-4c1e-a651-1a44d7f13bf8",
                "indicator--c640e02e-e9fc-4a5f-90f8-2f43d16cd256",
                "indicator--5f15774e-c038-44b6-be0b-8f0a13cb36a3",
                "indicator--f6a8edf3-95d8-43dc-80e7-96e9d984f4f1",
                "indicator--5a05da9e-a3ea-4ae5-b7a2-2bbe48efdb75",
                "indicator--2eca7f18-97d1-4fca-8dce-e864f318c4a3",
                "indicator--4a8e5e68-b307-41cc-9c19-9830a8df094a",
                "indicator--5352c2b0-dcaa-4896-9e86-c819ae4e25e7",
                "indicator--5294493f-c628-4b25-8479-5bd982d7e3ba",
                "indicator--b829dfe6-4757-42cd-902f-f7cc427e4496",
                "x-misp-object--6dd9b46f-56f9-457d-9787-7f4d5dd33857"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:mitre-attack-pattern=\"Private Keys - T1552.004\"",
                "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"",
                "misp-galaxy:threat-actor=\"Lazarus Group\"",
                "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"",
                "type:OSINT",
                "osint:lifetime=\"perpetual\"",
                "osint:certainty=\"50\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--26037bec-9923-48ed-9243-2fb493e14ca7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "labels": [
                "misp:type=\"comment\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Imported from STIX header description",
            "x_misp_type": "comment",
            "x_misp_value": "This STIX file provides indicators of compromise (IOCs) associated with malicious activity reported in CISA joint Cybersecurity Advisory (CSA), A22-108A TraderTraitor North Korean State-Sponsored APT Targets Blockchain Companies. \n\nThe Federal Bureau of Investigation (FBI), the Cybersecurity and CISA, and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.\n\nThe U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The activity described in this advisory involves social engineering of victims using a variety of communication platforms to \nencourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems."
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7996a879-2015-4978-b428-4504812f1cfb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[url:value = 'https://github.com/dafomdev']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dbd3ad19-23ea-4be1-bee3-1003e226deeb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[url:value = 'https://aideck.net/board.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2e3713bb-cf7a-46ad-bedc-5afa639e23bd",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[url:value = 'https://www.esilet.com/update/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--243da19b-2f73-4629-bf4a-d8e34f83ef9b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[url:value = 'https://www.alticgo.com/update/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d624335-16b2-4ada-8628-25466817873b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'dafom.dev']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6db08035-8790-451e-96f3-1e2b6f035aa8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'tokenais.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--715a7786-5f1f-4f81-90b4-8eee729512cb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'cryptais.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f7a2638d-221b-41d8-beb9-626694e88b11",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'aideck.net']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--489cff95-9bef-4d3e-9985-fbf95229d146",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'infodigitalnew.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--72651b1a-ae81-4ecf-90e0-80739fc13e2d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'vinoymas.ch']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--36778e65-f837-4dbb-91ce-977cefd0764b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'sche-eg.org']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--adb9916c-b61e-4ce8-8cb0-515d4f65fffa",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'creaideck.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--cf1cb653-434b-470b-a245-126bd3478fff",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'alticgo.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--399bdc0f-5734-4f39-890d-c0e647d1749c",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'haciendadeclarevot.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--84b39b96-5d13-49c7-bd6b-0a8469eb69f6",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'greenvideo.nl']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bc022016-fb5d-45f9-9372-b3c43a9330f7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'dafnefonseca.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7245b9dc-5913-4b90-b8fc-1a8e61c8eae2",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[domain-name:value = 'esilet.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--11e7a976-b7a7-43a8-8c0b-ac54e1fa198e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.154.160.132']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fb1ccce0-70f7-40f6-b8c3-326a1e9de71d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.16.62.238']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d062a3a9-5378-4a45-8725-0349cf73165b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.66.41.17']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--73c81e64-4c76-45a1-84a3-62ac4d328983",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.101.64.119']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--71ad21b3-c3d8-4d15-9003-b29fc1f7cd0e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.84.240.140']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5ed6e693-2f43-4f4b-a5b9-31da49a95e69",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.4.151']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3638076a-1226-417a-b353-66b300a01a77",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.188.103.115']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c039c944-a64f-4999-b621-b611b14084d3",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.14.227.58']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--528afb1b-5401-440f-8da9-30f9c891e337",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.102.31.14']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5f9b3790-8f7e-4502-ad06-c97b93bea86f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.168.98.156']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--830ff7b0-9256-44d5-927c-7ab83552af3d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.132.124.161']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--59065e13-838f-46ac-9aec-254145111c62",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.235.20']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7aed108b-795d-4262-a796-912a107a8657",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.170.55.202']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8ffff14f-e41a-4105-993e-04e114299f75",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:07.000Z",
            "modified": "2022-04-25T07:11:07.000Z",
            "pattern": "[file:hashes.MD5 = 'c2ea5011a91cd59d0396eb4fa8da7d21' AND file:hashes.SHA1 = 'b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8' AND file:hashes.SHA256 = '60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18' AND file:hashes.SSDEEP = '1572864:LGLBnolF9kPEiKOabR2QEs1B1/LuUQrbecE6Xwijkca/pzpfaLtIP:LGVnoT9kPZK9tVEwBxWbecR5Faxzpf0M' AND file:name = 'DAFOM-1.0.0.dmg' AND file:size = '92182575']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1a3fc021-4199-4c1e-a651-1a44d7f13bf8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '930f6f729e5c4d5fb52189338e549e5e' AND file:hashes.SHA1 = '8e67006585e49f51db96604487138e688df732d3' AND file:hashes.SHA256 = '5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03' AND file:hashes.SSDEEP = '3145728:aMFJlKVvw4+zLruAsHrmo5Vvw4+zLruAsHrmob0dC/E:aUlKtw4+/r2HNtw4+/r2HnMCM' AND file:name = 'TokenAIS.app.zip' AND file:size = '123728267']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c640e02e-e9fc-4a5f-90f8-2f43d16cd256",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '4e5ebbecd22c939f0edf1d16d68e8490' AND file:hashes.SHA1 = 'f1606d4d374d7e2ba756bdd4df9b780748f6dc98' AND file:hashes.SHA256 = 'f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b' AND file:hashes.SSDEEP = '1572864:jx9QOwiLDCUrJXsKMoGTwiCcKFI8jmrvGqjL2hX6QklBmrZgkZjMz+dPSpR0Xcpk:F9QOTPCUrdsKEw3coIg2Or6XBmrZgkZw' AND file:name = 'CryptAIS.dmg' AND file:size = '84259810']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5f15774e-c038-44b6-be0b-8f0a13cb36a3",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '855b2f4c910602f895ee3c94118e979a' AND file:hashes.SHA1 = 'ff17bd5abe9f4939918f27afbe0072c18df6db37' AND file:hashes.SHA256 = 'e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad' AND file:hashes.SSDEEP = '786432:LptZmVDkD1mQIiXUBkRbWGtqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yH:LpzKDgzRpWGwpAU6JXnJ46X+eC6cySiI' AND file:name = 'alticgo_r.exe' AND file:size = '46745505']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f6a8edf3-95d8-43dc-80e7-96e9d984f4f1",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '1c7d0ae1c4d2c0b70f75eab856327956' AND file:hashes.SHA1 = 'f3263451f8988a9b02268f0fb6893f7c41b906d9' AND file:hashes.SHA256 = '765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819' AND file:hashes.SSDEEP = '786432:optZmVDkD1mZ1FggTqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yVPUXi7:opzKDginspAU6JXnJ46X+eC6cySihWVX' AND file:name = 'alticgo.exe' AND file:size = '45656474']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5a05da9e-a3ea-4ae5-b7a2-2bbe48efdb75",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '9578c2be6437dcc8517e78a5de1fa975' AND file:hashes.SHA1 = 'd2a77c31c3e169bec655068e96cf4e7fc52e77b8' AND file:hashes.SHA256 = 'dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156' AND file:hashes.SSDEEP = '384:sdaWs0fDTmKnY4FPk6hTyQUitnI/kmCgr7lUryESll4yg9RpEwrUifJ8ttJOdy:sdayCkY4Fei9mhy/L9RBrny6y' AND file:name = 'Esilet-tmp60nxh; esilet-tmpg7lpp' AND file:size = '39156']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2eca7f18-97d1-4fca-8dce-e864f318c4a3",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '5d43baf1c9e9e3a939e5defd8f8fbd8d' AND file:hashes.SHA1 = 'd5ff73c043f3bb75dd749636307500b60a436550' AND file:hashes.SHA256 = '867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36' AND file:hashes.SSDEEP = '24576:y3SY+/2M3BMr7cdgSLBjbr4nzzy95VV7cEXV:ESZ2ESrHSV3D95oA' AND file:name = 'win32.bin' AND file:size = '2198684']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4a8e5e68-b307-41cc-9c19-9830a8df094a",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '8397ea747d2ab50da4f876a36d673272' AND file:hashes.SHA1 = '48a6d5141e25b6c63ad8da20b954b56afe589031' AND file:hashes.SHA256 = '89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957' AND file:hashes.SSDEEP = '49152:KIH1kEh7zIXlDYwVhb26hRKtRwwfs62sRAdNhEJNDvOL3OXl5zpF+FqBNihzTvff:KIH1kEhI1LOJtm2spB' AND file:name = 'darwin64.bin' AND file:size = '6757832']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5352c2b0-dcaa-4896-9e86-c819ae4e25e7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '9a6307362e3331459d350a201ad66cd9' AND file:hashes.SHA1 = '3f2c1e60b5fac4cf1013e3e1fc688be490d71a84' AND file:hashes.SHA256 = '8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925' AND file:hashes.SSDEEP = '786432:AptZmVDkD1mjPNDeuxOTKQqqLGAU6JXnjmDQ4YBXpleV0RnJYJKoSuDySLGh7yV7:ApzKDgqPxeuLpAU6JXnJ46X+eC6cySiG' AND file:name = 'alticgo.exe' AND file:size = '46745644']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5294493f-c628-4b25-8479-5bd982d7e3ba",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '1ca31319721740ecb79f4b9ee74cd9b0' AND file:hashes.SHA1 = '41f855b54bf3db621b340b7c59722fb493ba39a5' AND file:hashes.SHA256 = '9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa' AND file:hashes.SSDEEP = '6144:wAulcT94T94T97zDj1I/BkjhkbjZ8bZ87ZMSj71obV/7NobNo7NZTb7hMT5ETZ8I:wDskT1UBg2lirFbpR9mJGpmN' AND file:name = 'Esilet-tmpzpsb3; top.php' AND file:size = '522620']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b829dfe6-4757-42cd-902f-f7cc427e4496",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "pattern": "[file:hashes.MD5 = '53d9af8829a9c7f6f177178885901c01' AND file:hashes.SHA1 = 'ae9f4e39c576555faadee136c6c3b2d358ad90b9' AND file:hashes.SHA256 = '9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598' AND file:hashes.SSDEEP = '1572864:lffyoUnp5xmHVUTd+GgNPjFvp4YEbRU7h8cvjmUAm4Du73X0unpXkU:lfqHBmHo+BPj9CYEshLqcuAX0I0' AND file:name = 'esilet.dmg' AND file:size = '81688694']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-04-25T07:11:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--6dd9b46f-56f9-457d-9787-7f4d5dd33857",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2022-04-25T07:11:08.000Z",
            "modified": "2022-04-25T07:11:08.000Z",
            "labels": [
                "misp:name=\"original-imported-file\"",
                "misp:meta-category=\"file\""
            ],
            "x_misp_attributes": [
                {
                    "type": "attachment",
                    "object_relation": "imported-sample",
                    "value": "A22-108A.stix.xml",
                    "category": "External analysis",
                    "uuid": "fcfd21b0-22a5-47bb-95db-3919d8e53040",
                    "data": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0ZWQgYnkgTVBFIDAuNC43QSBvbiAwNC8yMC8yMDIyIC0tPgo8c3RpeDpTVElYX1BhY2thZ2UgeG1sbnM6RG9tYWluTmFtZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0RvbWFpbk5hbWVPYmplY3QtMSIgeG1sbnM6RmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiIgeG1sbnM6VVJJT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIiIHhtbG5zOkFkZHJlc3NPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNBZGRyZXNzT2JqZWN0LTIiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6dGxwTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIiB4bWxuczpzdGl4Vm9jYWJzPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSIgeG1sbnM6Y3lib3hWb2NhYnM9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczptYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEiIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOkNJU0E9Imh0dHA6Ly93d3cudXMtY2VydC5nb3YvbmNjaWMiIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6c2NoZW1hTG9jYXRpb249Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNEb21haW5OYW1lT2JqZWN0LTEgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9Eb21haW5fTmFtZS8xLjAvRG9tYWluX05hbWVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1VSSU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvVVJJLzIuMS9VUklfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FkZHJlc3NPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0FkZHJlc3MvMi4xL0FkZHJlc3NfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1Rlcm1zX09mX1VzZS0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZXh0ZW5zaW9ucy9tYXJraW5nL3Rlcm1zX29mX3VzZS8xLjAuMS90ZXJtc19vZl91c2VfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLzEuMS4xL3N0aXhfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL3N0aXgubWl0cmUub3JnL0luZGljYXRvci0yIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvaW5kaWNhdG9yLzIuMS4xL2luZGljYXRvci54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9UVFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL3R0cC8xLjEuMS90dHAueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9kYXRhX21hcmtpbmcvMS4xLjEvZGF0YV9tYXJraW5nLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jb21tb24tMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb21tb24vMi4xL2N5Ym94X2NvbW1vbi54c2QgIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9jb3JlLzEuMS4xL3N0aXhfY29yZS54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY3lib3gtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9jb3JlLzIuMS9jeWJveF9jb3JlLnhzZCAgaHR0cDovL3N0aXgubWl0cmUub3JnL2NvbW1vbi0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29tbW9uLzEuMS4xL3N0aXhfY29tbW9uLnhzZCIgaWQ9Ik5QRy0xNTQ1NzU3NCIgdmVyc2lvbj0iMS4xLjEiIHRpbWVzdGFtcD0iMjAyMi0wNC0yMFQwMjo1NDo1OSI+CiAgICA8c3RpeDpTVElYX0hlYWRlcj4KICAgICAgIC
                },
                {
                    "type": "text",
                    "object_relation": "format",
                    "value": "STIX 1.1",
                    "category": "Other",
                    "uuid": "797c3aea-2ed9-437c-8c1f-d081950cfb19"
                }
            ],
            "x_misp_meta_category": "file",
            "x_misp_name": "original-imported-file"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}