misp-circl-feed/feeds/circl/misp/5d01f1fa-cc24-4adb-b6b6-4c88950d210f.json

{
    "type": "bundle",
    "id": "bundle--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-06-13T07:37:43.000Z",
            "modified": "2019-06-13T07:37:43.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "grouping",
            "spec_version": "2.1",
            "id": "grouping--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-06-13T07:37:43.000Z",
            "modified": "2019-06-13T07:37:43.000Z",
            "name": "OSINT - TA505 once again launched an offensive",
            "context": "suspicious-activity",
            "object_refs": [
                "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",
                "file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
                "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",
                "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
                "indicator--5d01f7ef-5530-4732-abf6-4795950d210f",
                "relationship--0615dd96-4cd5-42f3-a31e-89429e05d729"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:threat-actor=\"TA505\"",
                "workflow:todo=\"expansion\"",
                "osint:source-type=\"microblog-post\"",
                "type:OSINT",
                "osint:lifetime=\"perpetual\"",
                "osint:certainty=\"50\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-06-13T07:16:00.000Z",
            "modified": "2019-06-13T07:16:00.000Z",
            "first_observed": "2019-06-13T07:16:00Z",
            "last_observed": "2019-06-13T07:16:00Z",
            "number_observed": 1,
            "object_refs": [
                "file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
                "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"
            ],
            "labels": [
                "misp:type=\"attachment\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "file",
            "spec_version": "2.1",
            "id": "file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
            "name": "D820AnRUcAAso9o.jpeg",
            "content_ref": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"
        },
        {
            "type": "artifact",
            "spec_version": "2.1",
            "id": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",
            "payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wgARCALYBNkDASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAQFAgMGAQf/xAAZAQEBAQEBAQAAAAAAAAAAAAAAAQIEAwX/2gAMAwEAAhADEAAAAe/R5CAoAAAAAAAAAAAAAAAAAAAAGuNsouT1u9tNb+bLGmi+mOictvro8eYxOtQssWVopp+pN2U0Cuox5v0u5fN9Dm5jJr2eeseb6TozaRa8XOVLsLX3mejM8ZGjFyHLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnhnuZjrzE07qi5nquzmvSrLSw5vojaArdZbKnyLdVeFtriaCao72zZshFmq/CLNEl0AAAAAAAAABrp7bTzbi2Gn3Fwx2rmPntVrw3o9ywGjPYNeO4ac8xhl6NrUNuvxptj5vXOnb6HnojzdQ26jN2tTyu1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG3OPt03DpzEqLeoucek5m7mpfPXFIYdFzvRG0GjPX6Z46thl5hmZ69404SRG3ZjW2DXsaDeA1+mZrNgBiZMMwAAADTpmaTS34GtszNCWIiWIiWIfu3UHnoZSSIliIliIliIliIl6zQ37CH6lkRLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLETdt9AIlTbVtzb+b01FkZDnryrtDaCo8tY8R9mW2uftt5Mddjplgez8Khey8yuThD12Gg1LDEg6rIQsJqIibhUaVllFbJkbrGQoAAHlDe+RF1zNSMcszcLQECeNOrbqMM/PTKTGkkXbs9ANeqT4PQVNtqI80IkuJLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHvnoBExyl3ITQESRmANKn0xbzeT6ywFAAAAAAAAAAAAAAA06d0Q2tQ2tPptavDc1ayS1eG33VgSGrw3NXhuR8za0+m1G2G1p9NqPkbmrw2+6sCQ1eG5q8NzV4bmobWobWn02tPptafTa0em5p9NrUNrV4bmrE3tXhuavDc0+m1p9NqPmbWn02o2w2tPptafDe1eG5q1klq8NzVgSGrw3NXhuRthtafTa0+m1p9NrSNzV4bmnw3tXhuasTfuiSCSCJLiS7kJoAADR7uGjeAAAAAAAAAAAAAAAAEWju6OZ2eSBXyd6zRjJS6IlkTRjJLo0zRGSRowlCDukWqUOXRl5KV0ZOay6MvLbekJzmPSl5uN1pOcx6UvNx+sJzmPSl5zHpRzWXRq5rLo0ctu6Mc1l0Y5Tf0g5rLoxzeHTq5zHpUc5G6wc5j0o5zT1I5fb0auay6NHKb+kHNZdGOUkdGOay6Mcxh1ROcx6UvORetJzmPSl5yP1Y5p0qucdGjmc+jHNZdHBKKRvJGy3lieyhoxkiPGsRoxkjRonCPZRZxOF1EhTcmYOqz2tRZWJN0SXpWPhIzislbvahbpGJ7Dl5kfLZ4RNc7M0sxXytmyInkrOtGEnwi792RXbpGJqSIcYJvle6duZuAAABEo7ukmZYugAAAAAAFrVWpvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgzoJBAAAAAAAnQZxOBEliAoAAAAAAAAAAAAAAAAAAAAEOku6SZli6AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4BRYb8ugc+roHPi/wDeft86kjOwAAAAAAAAAAAAAAAAAIdJd0kzLF0AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwDTWlwpxcKcXCtsgYmTV6bGvIyavDc8jEpHxJTHE2McDaAAAAAAAAAACJR3dJMyxdAAAAAAALWqtTeAAAAAAAc/jd/wCfPMObv+jPnKX6M+cj6Nl83maz3iJL6vnhYAAAARthtI5IadwNBvaMzYAAAj7jJr2AAAAAAACDOgkEAAAAAACdBnE4EWivaI3XEO1KaDf0BKvaK9GjeKdcCp3WGEVui5zqHW3grJmWAg2mwrPbIeegAAAAAAAAABDpLukmZYugAAAAAAFrVWpvAAAAAABH+e97wPD9UWHL9Gvy6ez6OLlIfcSvTn+cLyj5Pp3XY8H3nd8hg+YdPF0lDt7I4a66Lkzudvyf6obOD7v4yWXYdDmchy2r6iUbqRV8r31SclZ2e09p7naUuyVvIeufkcH1+2aQb6FNAAAAAAAEGdBIIAAAAAAE6DOJwItFe1x5ZStBBr+j0lVe0V6NW3Sa/YWZuyh5RKk8p0tkhWZS2Ktj1cZUUiLXGqzsnKwtyocy5xgxYvNUOJV5q8qIvVV7VopMy4RK8u1diWYAINNb1ExLF2AAAAAAAtaq1N4AAAAAAIXA99wPB9d9C+e/QrnmaS1qfHrveu5Hru35PL850fOcX1J/ecH3nVwcxyVhb9XB1eQPPR8zv86AvOA+lfNjuE30+d9lyHdlzZQeFPpDTHJsX5nIPo0n5X3pb6ud4s+ny/mcM+so0kAAAAAAAAQZ0EggAAAAAAToM4nAixp+JuABRXsWUPPdY1akZ7cZFmncK1bRqzyGvHcNPu0R9mwQt+4a2wavdgxx2DTlsGn3aMPchq2gABX1FrVMSw2AAAAAAAtaq1N4AAAAAAIPBd9wPB9d9C+e9PLXVM2J49V313JdZ3/H5jnOj5zi+pP7zg+86uD5r0dbp6uDvwAc1zU/M7f419l+NH2X3z0+PfWfk31kkfKPq/yg+ofOfo3yA73qdW0R5FOfNfrXxy1Pq3EUGg6jteD7wAAAAAAAAQZ0EggAAAAAAToM4nAAAAARZQ56J1iKS7LAUAAAAAAAAAAAAAACtqreoYlhsAAAAAABa1VqbwAAAAAAQuB+kcDxfTiji+rOt+aevP3Efj3p4T4B4dtj3XNdL9D4kH5N9npOjk9ufkmR9ZqfnnhG+rwro8+NfZfkB9f989Pj31n5Z9TJHyj6v8oPqHyX61y50E/5P250NdTXJ8z+ufK7g73yjqDtFdYgAAAAAAACDOgkEAAAAAACdBnE4DDVVF2q/Us8q2yVj7URcKzKrFXSo25VWVWavrzoFfiWGVXmWKs9LJAE9XCxQsCwAAAAAAAABW1VtUsSw2AAAAAAAtaq1N4AAAAAAEWUl5fR17x6eQdemuQdeORsL5rGOR68wU0bxp3AA89AHnoOR64a9gUNJ3I4/q9o08t144Wz6cY5AAAAAAAAAgzoJBAAAAAAAnQZxOA0bxr82jBmGncNfuY0eSBqbRqwkDXjuGptGGiUMMNw1+5jTnmAAAAAAAAAK6puKeYli7AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4HnmNVFuqPC5UqrpS+lyprAkteskMfT1jmePR49HjzI8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PPMhXVNtUsSw2AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwNdHeUub7XWOrGuVnXG71xT23uaa7Wusl5udZ5TzjVXQ6npwfRXWdUeXR60qNtiWlst+wqIPTaythdJHip6GPIoAAAAAAAACuqbeoYlhsAAAAAABa1VqbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIM6CQQAAAAAAJ0GcTgeeZDFkMffR49Hj0ePRiyHnmQxZ
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-06-13T07:16:34.000Z",
            "modified": "2019-06-13T07:16:34.000Z",
            "labels": [
                "misp:name=\"microblog\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "text",
                    "object_relation": "post",
                    "value": "#TA505 once again launched an offensive. This time, the bill-themed email was launched for Chinese users. This time, the Excel 4.0 macro and the back door of the same family are still used.\r\n\r\n(link: https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection) virustotal.com/gui/file/d538b\u2026",
                    "category": "Other",
                    "uuid": "5d01f635-a958-4d5a-8a9d-40b8950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "type",
                    "value": "Twitter",
                    "category": "Other",
                    "uuid": "5d01f635-b3ac-49cd-adc1-45d9950d210f"
                },
                {
                    "type": "url",
                    "object_relation": "url",
                    "value": "https://mobile.twitter.com/RedDrip7/status/1138764217123655680",
                    "category": "Network activity",
                    "to_ids": true,
                    "uuid": "5d01f635-dc30-49c2-b45c-4383950d210f"
                },
                {
                    "type": "url",
                    "object_relation": "link",
                    "value": "https://t.co/2RTo3djsqt?amp=1",
                    "category": "Network activity",
                    "to_ids": true,
                    "uuid": "5d01f635-be8c-4f63-a126-4117950d210f"
                },
                {
                    "type": "url",
                    "object_relation": "link",
                    "value": "https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection",
                    "category": "Network activity",
                    "to_ids": true,
                    "uuid": "5d01f635-82e4-48a6-a760-41f8950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "username",
                    "value": "RedDrip7",
                    "category": "Other",
                    "uuid": "5d01f635-03e8-475f-b619-49a9950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "state",
                    "value": "Informative",
                    "category": "Other",
                    "uuid": "5d01f635-a488-49c7-81ce-4ad1950d210f"
                },
                {
                    "type": "datetime",
                    "object_relation": "creation-date",
                    "value": "Jun 12, 2019 1:05 PM",
                    "category": "Other",
                    "uuid": "5d01f635-225c-4350-b0df-4984950d210f"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "microblog"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d01f7ef-5530-4732-abf6-4795950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-06-13T07:14:55.000Z",
            "modified": "2019-06-13T07:14:55.000Z",
            "pattern": "[file:hashes.SHA256 = 'd538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-06-13T07:14:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--0615dd96-4cd5-42f3-a31e-89429e05d729",
            "created": "2019-06-13T07:16:34.000Z",
            "modified": "2019-06-13T07:16:34.000Z",
            "relationship_type": "contains",
            "source_ref": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
            "target_ref": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [feed] feed updated 2023-06-14 17:31:25 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-06-13T07:37:43.000Z",`
			`"modified": "2019-06-13T07:37:43.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "grouping",`
			`"spec_version": "2.1",`
			`"id": "grouping--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-06-13T07:37:43.000Z",`
			`"modified": "2019-06-13T07:37:43.000Z",`
			`"name": "OSINT - TA505 once again launched an offensive",`
			`"context": "suspicious-activity",`
			`"object_refs": [`
			`"observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"file--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",`
			`"indicator--5d01f7ef-5530-4732-abf6-4795950d210f",`
			`"relationship--0615dd96-4cd5-42f3-a31e-89429e05d729"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"misp-galaxy:threat-actor=\"TA505\"",`
			`"workflow:todo=\"expansion\"",`
			`"osint:source-type=\"microblog-post\"",`
			`"type:OSINT",`
			`"osint:lifetime=\"perpetual\"",`
			`"osint:certainty=\"50\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-06-13T07:16:00.000Z",`
			`"modified": "2019-06-13T07:16:00.000Z",`
			`"first_observed": "2019-06-13T07:16:00Z",`
			`"last_observed": "2019-06-13T07:16:00Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"file--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"attachment\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "file",`
			`"spec_version": "2.1",`
			`"id": "file--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			`"name": "D820AnRUcAAso9o.jpeg",`
			`"content_ref": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"`
			`},`
			`{`
			`"type": "artifact",`
			`"spec_version": "2.1",`
			`"id": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",`
			"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wgARCALYBNkDASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAQFAgMGAQf/xAAZAQEBAQEBAQAAAAAAAAAAAAAAAQIEAwX/2gAMAwEAAhADEAAAAe/R5CAoAAAAAAAAAAAAAAAAAAAAGuNsouT1u9tNb+bLGmi+mOictvro8eYxOtQssWVopp+pN2U0Cuox5v0u5fN9Dm5jJr2eeseb6TozaRa8XOVLsLX3mejM8ZGjFyHLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnhnuZjrzE07qi5nquzmvSrLSw5vojaArdZbKnyLdVeFtriaCao72zZshFmq/CLNEl0AAAAAAAAABrp7bTzbi2Gn3Fwx2rmPntVrw3o9ywGjPYNeO4ac8xhl6NrUNuvxptj5vXOnb6HnojzdQ26jN2tTyu1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG3OPt03DpzEqLeoucek5m7mpfPXFIYdFzvRG0GjPX6Z46thl5hmZ69404SRG3ZjW2DXsaDeA1+mZrNgBiZMMwAAADTpmaTS34GtszNCWIiWIiWIfu3UHnoZSSIliIliIliIliIl6zQ37CH6lkRLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLETdt9AIlTbVtzb+b01FkZDnryrtDaCo8tY8R9mW2uftt5Mddjplgez8Khey8yuThD12Gg1LDEg6rIQsJqIibhUaVllFbJkbrGQoAAHlDe+RF1zNSMcszcLQECeNOrbqMM/PTKTGkkXbs9ANeqT4PQVNtqI80IkuJLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHvnoBExyl3ITQESRmANKn0xbzeT6ywFAAAAAAAAAAAAAAA06d0Q2tQ2tPptavDc1ayS1eG33VgSGrw3NXhuR8za0+m1G2G1p9NqPkbmrw2+6sCQ1eG5q8NzV4bmobWobWn02tPptafTa0em5p9NrUNrV4bmrE3tXhuavDc0+m1p9NqPmbWn02o2w2tPptafDe1eG5q1klq8NzVgSGrw3NXhuRthtafTa0+m1p9NrSNzV4bmnw3tXhuasTfuiSCSCJLiS7kJoAADR7uGjeAAAAAAAAAAAAAAAAEWju6OZ2eSBXyd6zRjJS6IlkTRjJLo0zRGSRowlCDukWqUOXRl5KV0ZOay6MvLbekJzmPSl5uN1pOcx6UvNx+sJzmPSl5zHpRzWXRq5rLo0ctu6Mc1l0Y5Tf0g5rLoxzeHTq5zHpUc5G6wc5j0o5zT1I5fb0auay6NHKb+kHNZdGOUkdGOay6Mcxh1ROcx6UvORetJzmPSl5yP1Y5p0qucdGjmc+jHNZdHBKKRvJGy3lieyhoxkiPGsRoxkjRonCPZRZxOF1EhTcmYOqz2tRZWJN0SXpWPhIzislbvahbpGJ7Dl5kfLZ4RNc7M0sxXytmyInkrOtGEnwi792RXbpGJqSIcYJvle6duZuAAABEo7ukmZYugAAAAAAFrVWpvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgzoJBAAAAAAAnQZxOBEliAoAAAAAAAAAAAAAAAAAAAAEOku6SZli6AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4BRYb8ugc+roHPi/wDeft86kjOwAAAAAAAAAAAAAAAAAIdJd0kzLF0AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwDTWlwpxcKcXCtsgYmTV6bGvIyavDc8jEpHxJTHE2McDaAAAAAAAAAACJR3dJMyxdAAAAAAALWqtTeAAAAAAAc/jd/wCfPMObv+jPnKX6M+cj6Nl83maz3iJL6vnhYAAAARthtI5IadwNBvaMzYAAAj7jJr2AAAAAAACDOgkEAAAAAACdBnE4EWivaI3XEO1KaDf0BKvaK9GjeKdcCp3WGEVui5zqHW3grJmWAg2mwrPbIeegAAAAAAAAABDpLukmZYugAAAAAAFrVWpvAAAAAABH+e97wPD9UWHL9Gvy6ez6OLlIfcSvTn+cLyj5Pp3XY8H3nd8hg+YdPF0lDt7I4a66Lkzudvyf6obOD7v4yWXYdDmchy2r6iUbqRV8r31SclZ2e09p7naUuyVvIeufkcH1+2aQb6FNAAAAAAAEGdBIIAAAAAAE6DOJwItFe1x5ZStBBr+j0lVe0V6NW3Sa/YWZuyh5RKk8p0tkhWZS2Ktj1cZUUiLXGqzsnKwtyocy5xgxYvNUOJV5q8qIvVV7VopMy4RK8u1diWYAINNb1ExLF2AAAAAAAtaq1N4AAAAAAIXA99wPB9d9C+e/QrnmaS1qfHrveu5Hru35PL850fOcX1J/ecH3nVwcxyVhb9XB1eQPPR8zv86AvOA+lfNjuE30+d9lyHdlzZQeFPpDTHJsX5nIPo0n5X3pb6ud4s+ny/mcM+so0kAAAAAAAAQZ0EggAAAAAAToM4nAixp+JuABRXsWUPPdY1akZ7cZFmncK1bRqzyGvHcNPu0R9mwQt+4a2wavdgxx2DTlsGn3aMPchq2gABX1FrVMSw2AAAAAAAtaq1N4AAAAAAIPBd9wPB9d9C+e9PLXVM2J49V313JdZ3/H5jnOj5zi+pP7zg+86uD5r0dbp6uDvwAc1zU/M7f419l+NH2X3z0+PfWfk31kkfKPq/yg+ofOfo3yA73qdW0R5FOfNfrXxy1Pq3EUGg6jteD7wAAAAAAAAQZ0EggAAAAAAToM4nAAAAARZQ56J1iKS7LAUAAAAAAAAAAAAAACtqreoYlhsAAAAAABa1VqbwAAAAAAQuB+kcDxfTiji+rOt+aevP3Efj3p4T4B4dtj3XNdL9D4kH5N9npOjk9ufkmR9ZqfnnhG+rwro8+NfZfkB9f989Pj31n5Z9TJHyj6v8oPqHyX61y50E/5P250NdTXJ8z+ufK7g73yjqDtFdYgAAAAAAACDOgkEAAAAAACdBnE4DDVVF2q/Us8q2yVj7URcKzKrFXSo25VWVWavrzoFfiWGVXmWKs9LJAE9XCxQsCwAAAAAAAABW1VtUsSw2AAAAAAAtaq1N4AAAAAAEWUl5fR17x6eQdemuQdeORsL5rGOR68wU0bxp3AA89AHnoOR64a9gUNJ3I4/q9o08t144Wz6cY5AAAAAAAAAgzoJBAAAAAAAnQZxOA0bxr82jBmGncNfuY0eSBqbRqwkDXjuGptGGiUMMNw1+5jTnmAAAAAAAAAK6puKeYli7AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4HnmNVFuqPC5UqrpS+lyprAkteskMfT1jmePR49HjzI8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PPMhXVNtUsSw2AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwNdHeUub7XWOrGuVnXG71xT23uaa7Wusl5udZ5TzjVXQ6npwfRXWdUeXR60qNtiWlst+wqIPTaythdJHip6GPIoAAAAAAAACuqbeoYlhsAAAAAABa1VqbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIM6CQQAAAAAAJ0GcTgeeZDFkMffR49Hj0ePRiyHnmQxZ
			`},`
			`{`
			`"type": "x-misp-object",`
			`"spec_version": "2.1",`
			`"id": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-06-13T07:16:34.000Z",`
			`"modified": "2019-06-13T07:16:34.000Z",`
			`"labels": [`
			`"misp:name=\"microblog\"",`
			`"misp:meta-category=\"misc\""`
			`],`
			`"x_misp_attributes": [`
			`{`
			`"type": "text",`
			`"object_relation": "post",`
			`"value": "#TA505 once again launched an offensive. This time, the bill-themed email was launched for Chinese users. This time, the Excel 4.0 macro and the back door of the same family are still used.\r\n\r\n(link: https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection) virustotal.com/gui/file/d538b\u2026",`
			`"category": "Other",`
			`"uuid": "5d01f635-a958-4d5a-8a9d-40b8950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "type",`
			`"value": "Twitter",`
			`"category": "Other",`
			`"uuid": "5d01f635-b3ac-49cd-adc1-45d9950d210f"`
			`},`
			`{`
			`"type": "url",`
			`"object_relation": "url",`
			`"value": "https://mobile.twitter.com/RedDrip7/status/1138764217123655680",`
			`"category": "Network activity",`
			`"to_ids": true,`
			`"uuid": "5d01f635-dc30-49c2-b45c-4383950d210f"`
			`},`
			`{`
			`"type": "url",`
			`"object_relation": "link",`
			`"value": "https://t.co/2RTo3djsqt?amp=1",`
			`"category": "Network activity",`
			`"to_ids": true,`
			`"uuid": "5d01f635-be8c-4f63-a126-4117950d210f"`
			`},`
			`{`
			`"type": "url",`
			`"object_relation": "link",`
			`"value": "https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection",`
			`"category": "Network activity",`
			`"to_ids": true,`
			`"uuid": "5d01f635-82e4-48a6-a760-41f8950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "username",`
			`"value": "RedDrip7",`
			`"category": "Other",`
			`"uuid": "5d01f635-03e8-475f-b619-49a9950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "state",`
			`"value": "Informative",`
			`"category": "Other",`
			`"uuid": "5d01f635-a488-49c7-81ce-4ad1950d210f"`
			`},`
			`{`
			`"type": "datetime",`
			`"object_relation": "creation-date",`
			`"value": "Jun 12, 2019 1:05 PM",`
			`"category": "Other",`
			`"uuid": "5d01f635-225c-4350-b0df-4984950d210f"`
			`}`
			`],`
			`"x_misp_meta_category": "misc",`
			`"x_misp_name": "microblog"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5d01f7ef-5530-4732-abf6-4795950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-06-13T07:14:55.000Z",`
			`"modified": "2019-06-13T07:14:55.000Z",`
			`"pattern": "[file:hashes.SHA256 = 'd538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2019-06-13T07:14:55Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
			`"id": "relationship--0615dd96-4cd5-42f3-a31e-89429e05d729",`
			`"created": "2019-06-13T07:16:34.000Z",`
			`"modified": "2019-06-13T07:16:34.000Z",`
			`"relationship_type": "contains",`
			`"source_ref": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",`
			`"target_ref": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f"`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`