adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57ea2a19-2e44-4f1b-b6f5-46bb950d210f.json

1038 lines
1.2 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--57ea2a19-2e44-4f1b-b6f5-46bb950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T09:05:05.000Z",
"modified": "2017-04-24T09:05:05.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57ea2a19-2e44-4f1b-b6f5-46bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T09:05:05.000Z",
"modified": "2017-04-24T09:05:05.000Z",
"name": "OSINT - Sofacy\u00e2\u20ac\u2122s \u00e2\u20ac\u02dcKomplex\u00e2\u20ac\u2122 OS X Trojan by Palo Alto networks",
"published": "2017-04-24T12:01:38Z",
"object_refs": [
"indicator--57ea2aca-d6b4-4a2a-8b7a-4835950d210f",
"indicator--57ea2aca-0c44-4905-8c5b-48ed950d210f",
"indicator--57ea2aca-d254-4810-ad80-4723950d210f",
"indicator--57ea2acb-0058-4cd4-ae6d-4b97950d210f",
"indicator--57ea2acb-5ed8-4d17-8ef7-40f0950d210f",
"indicator--57ea2acb-a1a8-4c60-bc5f-4e46950d210f",
"indicator--57ea2acb-c6a8-44ec-9129-420b950d210f",
"indicator--57ea2acb-84bc-4a82-96f9-4644950d210f",
"indicator--57ea2acc-0ce0-4327-826f-4044950d210f",
"indicator--57ea2acc-af3c-47ff-95ff-4ba2950d210f",
"observed-data--57ea2cb9-1050-4ac7-9fb2-4e90950d210f",
"file--57ea2cb9-1050-4ac7-9fb2-4e90950d210f",
"observed-data--57ea2cb9-1b0c-4920-a874-4a2b950d210f",
"file--57ea2cb9-1b0c-4920-a874-4a2b950d210f",
"observed-data--57ea2d24-d840-41a4-9525-4bf502de0b81",
"file--57ea2d24-d840-41a4-9525-4bf502de0b81",
"observed-data--57ea2d24-7208-4486-a21a-486402de0b81",
"file--57ea2d24-7208-4486-a21a-486402de0b81",
"observed-data--57ea2d24-6028-4d7a-8ace-4ac402de0b81",
"url--57ea2d24-6028-4d7a-8ace-4ac402de0b81",
"observed-data--57ea2d24-5000-459d-812e-414102de0b81",
"file--57ea2d24-5000-459d-812e-414102de0b81",
"observed-data--57ea2d24-a5a0-4ab8-900b-445f02de0b81",
"file--57ea2d24-a5a0-4ab8-900b-445f02de0b81",
"observed-data--57ea2d25-ef80-4362-af8b-432902de0b81",
"url--57ea2d25-ef80-4362-af8b-432902de0b81",
"indicator--57ea2d25-6524-490c-b6ea-4ced02de0b81",
"indicator--57ea2d25-91fc-4efb-bdcc-4b7902de0b81",
"observed-data--57ea2d25-ae24-489f-9b6c-423302de0b81",
"url--57ea2d25-ae24-489f-9b6c-423302de0b81",
"indicator--57ea2d26-c478-42c2-b5c8-4c0802de0b81",
"indicator--57ea2d26-b030-49e8-b586-4a3302de0b81",
"observed-data--57ea2d26-b180-4bd1-8471-487502de0b81",
"url--57ea2d26-b180-4bd1-8471-487502de0b81",
"indicator--57ea2d26-782c-4233-aeec-4ba402de0b81",
"indicator--57ea2d27-e538-4cab-9d01-4e1a02de0b81",
"observed-data--57ea2d27-2b78-4a59-b7f9-4b2f02de0b81",
"url--57ea2d27-2b78-4a59-b7f9-4b2f02de0b81",
"indicator--57ea2d27-3374-4f5a-a292-4f6702de0b81",
"indicator--57ea2d27-d5d0-463e-a83b-426702de0b81",
"observed-data--57ea2d27-d3f8-49b0-8bd6-4b0a02de0b81",
"url--57ea2d27-d3f8-49b0-8bd6-4b0a02de0b81",
"indicator--57ea2d28-53e0-41e1-8667-489402de0b81",
"indicator--57ea2d28-2430-4650-a2a2-400902de0b81",
"observed-data--57ea2d28-1634-49eb-b9dc-485102de0b81",
"url--57ea2d28-1634-49eb-b9dc-485102de0b81",
"x-misp-attribute--57f1f444-2d50-4219-9306-6a21bce2ab96",
"x-misp-attribute--57f1f444-e480-4b45-9f46-6a21bce2ab96",
"x-misp-attribute--57f1f444-6d24-48ee-9246-6a21bce2ab96",
"x-misp-attribute--57f1f444-9f18-4465-a66f-6a21bce2ab96",
"x-misp-attribute--57f1f444-7e9c-49ad-bed1-6a21bce2ab96",
"observed-data--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"file--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"artifact--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"observed-data--57f1f410-54e4-4578-a9a0-0c95bce2ab96",
"url--57f1f410-54e4-4578-a9a0-0c95bce2ab96"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2aca-d6b4-4a2a-8b7a-4835950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:10.000Z",
"modified": "2016-09-27T08:16:10.000Z",
"description": "Mach-O 64- bit executable x86_64",
"pattern": "[file:hashes.SHA256 = '2a06f142d87bd9b66621a30088683d6fcec019ba5cc9e5793e54f8d920ab0134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2aca-0c44-4905-8c5b-48ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:10.000Z",
"modified": "2016-09-27T08:16:10.000Z",
"description": "Mach-O executable i386",
"pattern": "[file:hashes.SHA256 = 'c1b8fc00d815e777e39f34a520342d1942ebd29695c9453951a988c61875bcd7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2aca-d254-4810-ad80-4723950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:10.000Z",
"modified": "2016-09-27T08:16:10.000Z",
"description": "Mach-O universal binary with 2 architectures",
"pattern": "[file:hashes.SHA256 = 'cffa1d9fc336a1ad89af90443b15c98b71e679aeb03b3a68a5e9c3e7ecabc3d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acb-0058-4cd4-ae6d-4b97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:11.000Z",
"modified": "2016-09-27T08:16:11.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acb-5ed8-4d17-8ef7-40f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:23:06.000Z",
"modified": "2016-09-27T08:23:06.000Z",
"pattern": "[file:name = '/Users/Shared/.local/kextd' AND file:hashes.SHA256 = '227b7fe495ad9951aebf0aae3c317c1ac526cdd255953f111341b0b11be3bbc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:23:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acb-a1a8-4c60-bc5f-4e46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:11.000Z",
"modified": "2016-09-27T08:16:11.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '45a93e4b9ae5bece0d53a3a9a83186b8975953344d4dfb340e9de0015a247c54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acb-c6a8-44ec-9129-420b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:11.000Z",
"modified": "2016-09-27T08:16:11.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'appleupdate.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acb-84bc-4a82-96f9-4644950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:11.000Z",
"modified": "2016-09-27T08:16:11.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'apple-iclouds.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acc-0ce0-4327-826f-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:12.000Z",
"modified": "2016-09-27T08:16:12.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'itunes-helper.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2acc-af3c-47ff-95ff-4ba2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:16:12.000Z",
"modified": "2016-09-27T08:16:12.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.58.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2cb9-1050-4ac7-9fb2-4e90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:24:25.000Z",
"modified": "2016-09-27T08:24:25.000Z",
"first_observed": "2016-09-27T08:24:25Z",
"last_observed": "2016-09-27T08:24:25Z",
"number_observed": 1,
"object_refs": [
"file--57ea2cb9-1050-4ac7-9fb2-4e90950d210f"
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2cb9-1050-4ac7-9fb2-4e90950d210f",
"hashes": {
"SHA-256": "1f22e8f489abff004a3c47210a9642798e1c53efc9d6f333a1072af4b11d71ef"
},
"name": "/Users/Shared/com.apple.updates.plist"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2cb9-1b0c-4920-a874-4a2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:24:25.000Z",
"modified": "2016-09-27T08:24:25.000Z",
"first_observed": "2016-09-27T08:24:25Z",
"last_observed": "2016-09-27T08:24:25Z",
"number_observed": 1,
"object_refs": [
"file--57ea2cb9-1b0c-4920-a874-4a2b950d210f"
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2cb9-1b0c-4920-a874-4a2b950d210f",
"hashes": {
"SHA-256": "d494e9f885ad2d6a2686424843142ddc680bb5485414023976b4d15e3b6be800"
},
"name": "/Users/Shared/start.sh"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d24-d840-41a4-9525-4bf502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:12.000Z",
"modified": "2016-09-27T08:26:12.000Z",
"first_observed": "2016-09-27T08:26:12Z",
"last_observed": "2016-09-27T08:26:12Z",
"number_observed": 1,
"object_refs": [
"file--57ea2d24-d840-41a4-9525-4bf502de0b81"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2d24-d840-41a4-9525-4bf502de0b81",
"hashes": {
"SHA-1": "827af860549b041baf8fa6c7bfe127d0bb8b2477"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d24-7208-4486-a21a-486402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:12.000Z",
"modified": "2016-09-27T08:26:12.000Z",
"first_observed": "2016-09-27T08:26:12Z",
"last_observed": "2016-09-27T08:26:12Z",
"number_observed": 1,
"object_refs": [
"file--57ea2d24-7208-4486-a21a-486402de0b81"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2d24-7208-4486-a21a-486402de0b81",
"hashes": {
"MD5": "368c912ea5463ead2ad4d35e4d3db640"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d24-6028-4d7a-8ace-4ac402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:12.000Z",
"modified": "2016-09-27T08:26:12.000Z",
"first_observed": "2016-09-27T08:26:12Z",
"last_observed": "2016-09-27T08:26:12Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d24-6028-4d7a-8ace-4ac402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d24-6028-4d7a-8ace-4ac402de0b81",
"value": "https://www.virustotal.com/file/d494e9f885ad2d6a2686424843142ddc680bb5485414023976b4d15e3b6be800/analysis/1474941093/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d24-5000-459d-812e-414102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:12.000Z",
"modified": "2016-09-27T08:26:12.000Z",
"first_observed": "2016-09-27T08:26:12Z",
"last_observed": "2016-09-27T08:26:12Z",
"number_observed": 1,
"object_refs": [
"file--57ea2d24-5000-459d-812e-414102de0b81"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2d24-5000-459d-812e-414102de0b81",
"hashes": {
"SHA-1": "0aaeecdbf1add900a0821fa9b3267d579455e874"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d24-a5a0-4ab8-900b-445f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:12.000Z",
"modified": "2016-09-27T08:26:12.000Z",
"first_observed": "2016-09-27T08:26:12Z",
"last_observed": "2016-09-27T08:26:12Z",
"number_observed": 1,
"object_refs": [
"file--57ea2d24-a5a0-4ab8-900b-445f02de0b81"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57ea2d24-a5a0-4ab8-900b-445f02de0b81",
"hashes": {
"MD5": "636a4249104acaaf6d76d7409dc3cb2d"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d25-ef80-4362-af8b-432902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:13.000Z",
"modified": "2016-09-27T08:26:13.000Z",
"first_observed": "2016-09-27T08:26:13Z",
"last_observed": "2016-09-27T08:26:13Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d25-ef80-4362-af8b-432902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d25-ef80-4362-af8b-432902de0b81",
"value": "https://www.virustotal.com/file/1f22e8f489abff004a3c47210a9642798e1c53efc9d6f333a1072af4b11d71ef/analysis/1474941224/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d25-6524-490c-b6ea-4ced02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:13.000Z",
"modified": "2016-09-27T08:26:13.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3",
"pattern": "[file:hashes.SHA1 = 'd9bcd2f745acca38c403dd9131b3d2cdf23c2b3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d25-91fc-4efb-bdcc-4b7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:13.000Z",
"modified": "2016-09-27T08:26:13.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3",
"pattern": "[file:hashes.MD5 = '4400ec9c4732a32149ca58e7c5806178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d25-ae24-489f-9b6c-423302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:13.000Z",
"modified": "2016-09-27T08:26:13.000Z",
"first_observed": "2016-09-27T08:26:13Z",
"last_observed": "2016-09-27T08:26:13Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d25-ae24-489f-9b6c-423302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d25-ae24-489f-9b6c-423302de0b81",
"value": "https://www.virustotal.com/file/96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3/analysis/1474940749/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d26-c478-42c2-b5c8-4c0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:14.000Z",
"modified": "2016-09-27T08:26:14.000Z",
"description": "Mach-O universal binary with 2 architectures - Xchecked via VT: cffa1d9fc336a1ad89af90443b15c98b71e679aeb03b3a68a5e9c3e7ecabc3d4",
"pattern": "[file:hashes.SHA1 = 'afb526cadb5370e1b78fa32e6310ecc97adc1a10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d26-b030-49e8-b586-4a3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:14.000Z",
"modified": "2016-09-27T08:26:14.000Z",
"description": "Mach-O universal binary with 2 architectures - Xchecked via VT: cffa1d9fc336a1ad89af90443b15c98b71e679aeb03b3a68a5e9c3e7ecabc3d4",
"pattern": "[file:hashes.MD5 = 'dee4ea5abaa73916909e9b5a64c8b2d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d26-b180-4bd1-8471-487502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:14.000Z",
"modified": "2016-09-27T08:26:14.000Z",
"first_observed": "2016-09-27T08:26:14Z",
"last_observed": "2016-09-27T08:26:14Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d26-b180-4bd1-8471-487502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d26-b180-4bd1-8471-487502de0b81",
"value": "https://www.virustotal.com/file/cffa1d9fc336a1ad89af90443b15c98b71e679aeb03b3a68a5e9c3e7ecabc3d4/analysis/1474963608/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d26-782c-4233-aeec-4ba402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:14.000Z",
"modified": "2016-09-27T08:26:14.000Z",
"description": "Mach-O executable i386 - Xchecked via VT: c1b8fc00d815e777e39f34a520342d1942ebd29695c9453951a988c61875bcd7",
"pattern": "[file:hashes.SHA1 = 'f5461c00de8bc819f86113f338e85470f5aae5ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d27-e538-4cab-9d01-4e1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:15.000Z",
"modified": "2016-09-27T08:26:15.000Z",
"description": "Mach-O executable i386 - Xchecked via VT: c1b8fc00d815e777e39f34a520342d1942ebd29695c9453951a988c61875bcd7",
"pattern": "[file:hashes.MD5 = 'e36e061f64536679fe48d2dcdb3ac4e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d27-2b78-4a59-b7f9-4b2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:15.000Z",
"modified": "2016-09-27T08:26:15.000Z",
"first_observed": "2016-09-27T08:26:15Z",
"last_observed": "2016-09-27T08:26:15Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d27-2b78-4a59-b7f9-4b2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d27-2b78-4a59-b7f9-4b2f02de0b81",
"value": "https://www.virustotal.com/file/c1b8fc00d815e777e39f34a520342d1942ebd29695c9453951a988c61875bcd7/analysis/1474922977/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d27-3374-4f5a-a292-4f6702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:15.000Z",
"modified": "2016-09-27T08:26:15.000Z",
"description": "Mach-O 64- bit executable x86_64 - Xchecked via VT: 2a06f142d87bd9b66621a30088683d6fcec019ba5cc9e5793e54f8d920ab0134",
"pattern": "[file:hashes.SHA1 = 'c7199fb8c605f4b76093cc88f1d80a59fac64ae2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d27-d5d0-463e-a83b-426702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:15.000Z",
"modified": "2016-09-27T08:26:15.000Z",
"description": "Mach-O 64- bit executable x86_64 - Xchecked via VT: 2a06f142d87bd9b66621a30088683d6fcec019ba5cc9e5793e54f8d920ab0134",
"pattern": "[file:hashes.MD5 = '81749e780d27ddd15973d19de77c9007']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d27-d3f8-49b0-8bd6-4b0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:15.000Z",
"modified": "2016-09-27T08:26:15.000Z",
"first_observed": "2016-09-27T08:26:15Z",
"last_observed": "2016-09-27T08:26:15Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d27-d3f8-49b0-8bd6-4b0a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d27-d3f8-49b0-8bd6-4b0a02de0b81",
"value": "https://www.virustotal.com/file/2a06f142d87bd9b66621a30088683d6fcec019ba5cc9e5793e54f8d920ab0134/analysis/1474944485/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d28-53e0-41e1-8667-489402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:16.000Z",
"modified": "2016-09-27T08:26:16.000Z",
"description": "- Xchecked via VT: 227b7fe495ad9951aebf0aae3c317c1ac526cdd255953f111341b0b11be3bbc5",
"pattern": "[file:hashes.SHA1 = '9e73b0457d28b0296befed65e2517ed7a9c1e61d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ea2d28-2430-4650-a2a2-400902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:16.000Z",
"modified": "2016-09-27T08:26:16.000Z",
"description": "- Xchecked via VT: 227b7fe495ad9951aebf0aae3c317c1ac526cdd255953f111341b0b11be3bbc5",
"pattern": "[file:hashes.MD5 = 'b09fe828904a38f37b7a6f6933188279']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-27T08:26:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ea2d28-1634-49eb-b9dc-485102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-27T08:26:16.000Z",
"modified": "2016-09-27T08:26:16.000Z",
"first_observed": "2016-09-27T08:26:16Z",
"last_observed": "2016-09-27T08:26:16Z",
"number_observed": 1,
"object_refs": [
"url--57ea2d28-1634-49eb-b9dc-485102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ea2d28-1634-49eb-b9dc-485102de0b81",
"value": "https://www.virustotal.com/file/227b7fe495ad9951aebf0aae3c317c1ac526cdd255953f111341b0b11be3bbc5/analysis/1474960828/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57f1f444-2d50-4219-9306-6a21bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:01:40.000Z",
"modified": "2016-10-03T06:01:40.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Sofacy"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57f1f444-e480-4b45-9f46-6a21bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:01:40.000Z",
"modified": "2016-10-03T06:01:40.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "APT28"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57f1f444-6d24-48ee-9246-6a21bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:01:40.000Z",
"modified": "2016-10-03T06:01:40.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Pawn Storm"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57f1f444-9f18-4465-a66f-6a21bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:01:40.000Z",
"modified": "2016-10-03T06:01:40.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Fancy Bear"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57f1f444-7e9c-49ad-bed1-6a21bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:01:40.000Z",
"modified": "2016-10-03T06:01:40.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Sednit"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:00:59.000Z",
"modified": "2016-10-03T06:00:59.000Z",
"first_observed": "2016-10-03T06:00:59Z",
"last_observed": "2016-10-03T06:00:59Z",
"number_observed": 1,
"object_refs": [
"file--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"artifact--57f1f41b-6628-4deb-8451-69fcbce2ab96"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"name": "Sofacy\u00e2\u20ac\u2122s \u00e2\u20ac\u02dcKomplex\u00e2\u20ac\u2122 OS X Trojan - Palo Alto Networks Blog.pdf",
"content_ref": "artifact--57f1f41b-6628-4deb-8451-69fcbce2ab96"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--57f1f41b-6628-4deb-8451-69fcbce2ab96",
"payload_bin": "JVBERi0xLjQKJdPr6eEKMSAwIG9iago8PC9DcmVhdG9yIChNb3ppbGxhLzUuMCBcKFdpbmRvd3MgTlQgNi4xOyBXT1c2NFwpIEFwcGxlV2ViS2l0LzUzNy4zNiBcKEtIVE1MLCBsaWtlIEdlY2tvXCkgQ2hyb21lLzUzLjAuMjc4NS4xMTMgU2FmYXJpLzUzNy4zNikKL1Byb2R1Y2VyIChTa2lhL1BERiBtNTMpCi9DcmVhdGlvbkRhdGUgKEQ6MjAxNjEwMDMwNTU4NTcrMDAnMDAnKQovTW9kRGF0ZSAoRDoyMDE2MTAwMzA1NTg1NyswMCcwMCcpPj4KZW5kb2JqCjIgMCBvYmoKPDwvVHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dpZHRoIDIyMAovSGVpZ2h0IDIyMAovQ29sb3JTcGFjZSAvRGV2aWNlUkdCCi9TTWFzayAzIDAgUgovQml0c1BlckNvbXBvbmVudCA4Ci9GaWx0ZXIgL0ZsYXRlRGVjb2RlCi9MZW5ndGggMTMwOTI+PiBzdHJlYW0KeJztfQdYU9nW9rn3+/6597t97p25U9TpYxcbLQTU0bkz43RHsXeRloRQpdeE5OQkoQZI6EUEQhGwl7FiV+yCioioSBEQQen475MwzlyV7HO2AkHPft5nHqed5JzzZq31rrX22hj2XMvUSc7iSwDMHEiYOBBmPMLMASf/Se8/xLX/isHLAJ5E80IBCDb5tzgL/JkjA38lwQP/XGRpafl8nEJfZnyC5SAh4RTCcgQMBFSUsAf9oTEYBODA/pBM4OOAkCRveRJTDj6QbDTlESwe+R3MHKUs7bfia39BDF5RsH79A7CfBIsLbCZJCWA5+5uNbK4YmGuNxSY0JCTIv3XoNZIMXnWQNCC00RrJTIdeZlpwpf3Bxun2/mY8kpDmPJz92EeD78CwkcET+IUVWuM5jSs1Ix2r1NJS/QIJae5AsnGGfQBpFTXKhc2XDv69M9Bn8AmSJBo3CrwqICQZZDqJnp+NYy39SWEFzCNJSzJuZDvJGNvIgCr4hLmTXGPHCJaTGHDJlCfG/P2fh5MgRp1qrTLjA1pK2I5SxjwyQABgTu+fgeQJCGBxJaaWToiE5IrY6yTakNXCNWzQb43BEAafsHDRUIhHzFgJaImix005InM7sfaCFi6hGj012PfFYIjDwjXcTJsvWicx5dGILaev8GdxxFOttfUX3Nw5hCEkgxcFrcMl00ROIWwu1aIPCB1n8yK0LpshJIMXjt44kCcOCAgwd5BACWn+q4rRBgAMIRm8eExzCydzOJqi+TSdtJzODwX/jYaWhNb1M2DQPyC01nKapiA41VrVt9cmZjiGAgKTOaXB/9oMXmpos9yaZKMp99mm0rS3bk6WLH9NKDFg0G8g6y+amjgJ+2fUxMnOCk3F3NyZMZIMBgi9IpojYz1lKrX9FWyyM3PwvyeDVwi9HlxjDB1k/8XJ3uZhCeO1GQwwNJQjACEBLR8Tks0Xa1uFB/3rMXgV8bilR9Pk08tJB9zckSwjspmGHwaDAS3x2KRVJOvgZLOuA/5rj+5gfz0GryJ+JR6uNZJks+6gfysGDBzI/TtmXAlpJLUsZYwkg0GE1n2TuyTIjTyD/30YMNDily2xTE6SgR6BJ7Hgycg/MI6bgX7AgidiMWlJBnoDdm9GiAEDPQKLHFbAeG0GegZmzg8DfQKbmYTGQK+gnXxF/plx3wz0BUwwyUDvwKQlGegbmFwQAz0DixHdDPQOjO9moE/QDn8e9K/BgMFvwPhuBvoGhpMM9A+M72agT+AxdpKB3oHhJAN9A8NJBvoHJp5koF9g7CQD/QNjJxnoFxg7yUDfwHCSgb6B4SQDfQPDSQb6BoaTDPQLTK8aA/0DYycZ6BsYTjLQPzC+m4G+geHkyw3CmCedaC8bZysba0v+dbydbLK9jMXT3xNnGN/98oIwsA+ZYC9aJnQNTl6lyJyryPw2csO34RvmBcSt/dzdZ4ytXB8nTjA9vS8pjLjyUfbidQq+LOXb0DTD6MxxKvUnquwPAJRZnygyDGSpFpKUVVN4wSye3tGS4eTLBwP70O98fP1VlopMQ6X6vZist6Mzh0dnjniMmMxhMVnvKtXj5Gk/mfGFpnrGAYaTLxmmcEKWCryCE76NzgQm8W0NCd/rA8Pict4XJS2f5Sw21SdryXDyZQKID/+zzl+c9HVM1ghgCftm42MMj8sZNdfXU6/O/mA4+TJhEgcPip8fnfkh8M4UCElCmfW6j2rpf1yD9cdUMpx8acBykKwUrVOqDWKyhlMkpNaDK3M//9FTYMJwksGLBpAqoenfRmV+qDOGfIb7Ti4wnucdaMxlOMngxQL/3DVQpR4LIkk6hCQ5mVo4WY84yeQnBxXGXHyCnehja+EH1oKPrIVjbYONuIhaw5wvsZHaKzI+oWkkSd+dWGAx1ztIXzjJ2MlBwmR70WQu/oN3pHNYKp6QE5KykUjM9YhMn+OjmGAvNubRZuY0Pi5KXhqV+TFdTgJ5Hqn+5nt9iieZevcAw4SHT+VJVgtVeEr+1mPnqhqaHv2yGppbdx6/IIjP/sEr0oSmwZzuiMdkfxeT9SFNIwl099u+cYsZ3f3KArjmL11DnCI3XLtV+6jvBbg6309B64yYGU7i+Dx2dOYHtDmpftMKt53mJNKfc2AZTg4YTHk4iPpy9p1s6+jUQUjtOlpy/Rv3MBZlJz7TOTgm6xO6hARQqf/5k5c7kzN/NTHKVrjvdElHZxeUkNolzdw+w0lGxXyxHfA5Pm5RGbSNJEBC3offrBPoj+M2Yzg5UJjCEcduOdja3kGRkGA1tDxcHhhtxBVDLz7NUcwJsYnOfJ8+J0cA0f3NumA9a8PQox/IS4wpzvKWh63UCaldTmFpRjD3DQzpLGdRcPJCNE5Gqr//yo3h5CsHQJuic1c6u6h67cdLmFzA5hO63TfwdF+6ipQ5s9E4CUQ3oLT+CBwzxncPAHiSGS4hD9va6RISrNCs7dOcISEleINfuYqS8k0QgsnozOFrcDvg+lHvjjAl91ZIjHgSU83fvpAnxnCyv2HuSDhGqbu6uxE4ia/fYu4khXPSTRCbQ7d8o8U737j7INyUERfHlvljC3wwG/F076hZvjH/4hLYQh9sub/pCzjpmPHd/QgWmaWRZe090Y3ESY+oDFPYR7D54nl+bsqsfyNwMj53zOcuQlqOG3wfzNLT1FOx/+TFyqqamvrGu41NALX1jeBvNx88hXEkf1wZYP4c53gydrJfAR7vbLeQK7dqenp6EDjJIRIMObo0DqDTDGeRQ+jamKx36HPy/YSN02c5iylyEvxnBnYizA4/fu7yrdr69mcltdo6Okuu35Kmb8YWeSPTkuFkv8KUh//gEQbeFAIjW9s7VwmUujlpyiO+dAsWpVjGZFFt4v0NPojImjPTiRInAU8MufhKWerVyqqubsjdVNbU+8XnjLEVoT43xnf3I8DrXugfRZ+P5LpUUWXpE6m7HwNw8jt3oSr3S80uMLqc/NA3bsV0J0oCB3zQaiL5RnUdlW8OKHv5RhW2WoD40Bg72Z9g8yX2oWlonARR6JduobozhyY84kcPQVLBFPotau9FZX68Ssw158OrilM44vn+UeW3ddXon1itbe1ExtbJ9miKnrGT/QVNsCcjsrajcVKYunkaTHSb8CQ/evrF5yIInBGKjE+/XOcLvQtjLv6DZ/iWQ6dofXng34GpfHNNIMpzY+xkvwEEk7PXhW46fBaNk9ayJPicCr54UYCLSv0HBNGtVE+2cIQbSQN7sZdiQ2sH7YR/84OH2Cr6nGTmT/YnTHi4pY/i2h1KMdjTa6GvwkRnMAkYO8slmB++UqV+gy4hY7I+jM37jzkfcgsgcvjMVZ656zDC92952IpZoYWUDCf7C0ZcfLVQ2QlTqU+vnp5HLa3tP3qE6+YkCCa/9RDgKXOUWW/RddzRmZ+EZc6HBpMT7UV2ROKVWzUInGxueYBmJxnf3X8AkplDJCC8zZ6enjNlN2eTAkcXZ4y5xFzvQFXu5zGZdJOTIJgc6a1
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57f1f410-54e4-4578-a9a0-0c95bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-03T06:00:48.000Z",
"modified": "2016-10-03T06:00:48.000Z",
"first_observed": "2016-10-03T06:00:48Z",
"last_observed": "2016-10-03T06:00:48Z",
"number_observed": 1,
"object_refs": [
"url--57f1f410-54e4-4578-a9a0-0c95bce2ab96"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57f1f410-54e4-4578-a9a0-0c95bce2ab96",
"value": "http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink