misp-circl-feed/feeds/circl/misp/5d9aedea-94c8-4c33-a80d-2bc1950d210f.json

310 lines
35 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5d9aedea-94c8-4c33-a80d-2bc1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T09:30:17.000Z",
"modified": "2019-12-10T09:30:17.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5d9aedea-94c8-4c33-a80d-2bc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T09:30:17.000Z",
"modified": "2019-12-10T09:30:17.000Z",
"name": "OSINT - #EmissaryPanda #APT older sample (2018)",
"published": "2019-12-10T09:30:36Z",
"object_refs": [
"indicator--5d9afa3f-1dcc-4d8d-ab0c-4d53950d210f",
"observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"file--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f",
"indicator--5d9af96f-24e0-4014-be2f-4265950d210f",
"indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4",
"x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0",
2023-12-14 13:47:04 +00:00
"relationship--11557c3e-b39f-4c24-b017-ad012c867d10",
"relationship--309ca599-e059-4951-8e2a-ffa34a5cd90b"
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"",
"misp-galaxy:mitre-intrusion-set=\"Threat Group-3390\"",
"misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"",
"misp-galaxy:threat-actor=\"Emissary Panda\"",
"misp-galaxy:threat-actor=\"LuckyMouse\"",
"misp-galaxy:threat-actor=\"Threat Group-3390\"",
"osint:source-type=\"microblog-post\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d9afa3f-1dcc-4d8d-ab0c-4d53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-10-07T08:41:35.000Z",
"modified": "2019-10-07T08:41:35.000Z",
"pattern": "[domain-name:value = 'tdjsyqty0takah2x.gitoos.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-07T08:41:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-10-07T08:42:55.000Z",
"modified": "2019-10-07T08:42:55.000Z",
"first_observed": "2019-10-07T08:42:55Z",
"last_observed": "2019-10-07T08:42:55Z",
"number_observed": 1,
"object_refs": [
"file--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"name": "EF9924EW4AA9T0J.jpeg",
"content_ref": "artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAG2AsADASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAQFBgMHAgEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAIBAwQF/9oADAMBAAIQAxAAAAH2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE9U2R0ApO3l3bhr+uTi9/P7F2x2x8XuBoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGWyHOR7PFV3/1SVHrffP6Dw/QznnvqfmXq8d3Aicamx9P849H4+joOPYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzes9E869fjsM9YWd89LpYE/w/QZnTVnSMrJ2idq7QmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACurjRfFdaEHrJFRZwsl0jVRYvGK1v7iNnm9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKq1yRn5s3QeiMTrqmFO75Wfs5nKuZF53JmU8sj6XGXRuwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3pOZibHhSdpsfqPqI23/SNx1Ltc7WJfDnO0cyXc7mkVNlWdBFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOfQc+nPHGxjefyek7ebBnRsT4nM3n0BWWapgTeOUrLvjwzPXl6FJ803fDtYKu0mj8qi2QpoIRNQvwnOPySELkWTl9n0AAh/hNAAAAAAAAAAAAAAAAAAAAAAABns5fw+szoF1CuazcedehcL+xmgAPOvRcFuS6znz+v8vhqsXa/P933ewZPn78UyBufkiwrYrjOq724j0mj/V0Vbe8py+z1r1rPnlMixvHhZZ2n7p6uFiLd02irIHGFbZt/OGA0AAAAAAAAAAAAAAAAAAAACHhfRo+5g+GuXlXsOXbnQAACtsh5p8+mce/DB6S8+5vn0q5ObLHOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfYNyum8MDWazhW2MVY2nm2kNKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACozWhqTIXVd1NpjPRsCej/UaSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR/OPT6065qp4l7mLCfWbXpHkSBoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4+x8/QVM6RU9udsjyOVhmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU1VP5+nnwspGHivSHn19xq7kYfpjaM521es0NK841hdsZwzd0yPWp0XfF3U7dcKGoN4ztNubtn5TbZn6Fu+YW4Tomdg5uwZu33JrN/ubo2egGwYvXbnYNAAAAAAAAAAAAAAAAAAAAAAAovq4xnSZmL6SKWEvYd+FYyNr+Jlaz0is3KT92tOqhp/Q4LKXrrk757E9NXOA+94nfPL7StYeP6AZh5urN8+530ttXy2pOG+N4zcL12qsxX1s07j+msGI1E9UhlAAAAAAAAAAAAAAAAAAAAAAAPn6Eb5liot8V5ef0KgRC6QJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx8n9V88Pu3vhidFwoj0xGkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfktz5obC/wAtanzmNV56egWsOWfqL3PsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACtsh5lI9EjHnGtve5Q0Fh536M1feo0Hm9+msMfsHkDYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzNPssXPq7dK/wDefsm7bLavr8wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy6in/bcfH2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH//xAAwEAACAwABAgUBBgcBAQAAAAADBAECBQATYAYQERIUFRYgISIwUCMkMTI0NTaQM//aAAgBAQABBQL/AM12nqjkumWsr7FfURKkp2cVoApq+vPKXrevlpG6S8NXmKJzbnshZjLN0y9m67vSk7Xtkl24jMOYfBXgg+bXEI9jHHorIMu8zQc+tOzNm03umGtB2iLVF/LtZF/ycfD1gP1iLUer7JgrVskFo4OPSnZmmv8AmSN+BC0pW1rlPkx+PlpJhKW2V05GmTii0C7O0FfkUZQYgo0vxkdawmLpj8o/Podo2rW0fFDyAjiBTKxLWrWLPLxxJgPr2cdsQefU+AcCX7j1hwtHynCDyI4XJJWFWTLGpaL17L0D9EdrXtYKJiySChJmMSSnltFvJbx8UyRQ2s3dCF60uZDGN7qdl60/zWaL356YqDjXr+RP1knxOfDpw0QPS05rXQTLn1u2fGldDSgTHh71rTsvXHPuzG4VI2SkE0G+uNKvqWP6c215maWaZKlDISO3KZUIKpq5JjG2+y71rerSF6zK1fUYLTxJbpx5Nz1bsqHXLTTdrwmg+WAKWvzPygKpdUq/K2ravZc0rPIpWPKb0jjJukNUPSpy64bchUUcrStfOy8jsFiLW/pwr4acrpU9QmGWOx72rSjj17z1fxAx7CKMVOP75hULV4pIhdZOubqe2VM9q/IaDAPqCHmPRQISjArM+VTilpVgLQTNLAsIgy1sUdSGZWBNHU73vatKR+P3W2BKr3YFVj9w2L/guDr8QHMzrAj35hfab9Ak+vJs5C64Luug68NoiAyIaCGlpOaVs99yuhoYGe5lFLHy/tEtpmGIz+gsmD/qPCn+k1joA8S4ECLqvDI6Xoo6IfCqSf0jxL/oHG2F5G1oC1lXHniN/UZ8UOfUPfoNlc8KM/8AR0ddbtOsxdJT5XR/bdiPz4tqepTStZ8g/jJ19vKf2ffcH0iA0GhZUhNGlnR6Gdro2SWY0lgPoG1GVb6i+e5R3TIsAtdomcU9wK19owFjewAGVzPjm+0HReRur4ayqr4K7Ca/h9cquRthIxkNLGu00AxNnWWK9V0TYdc6ZLan05uPDp1zW2hZ8KXMoW0ftzQYOEwiDKVly9Z6hOIhm14/CPvuLVYpfPOAXsY96SNouEZEa0tW9OxiiGWL51OUQiJGOtI/SkVJ5Wta+Vw3FZc1DV7XOD32CeZte1aVJojiY0p4B0JO1GRjIN9w1rrYAbVvhZF6v57GbXIcg1O0tS/tV8MC6jAt7R+1virRYg2FVqmStT4OrWfWO0deP4Hha/8AK+KMxlZ+PF2Z0lTiZXZv1N5f/wCPaJxwUXuLmaCjIGwveG8lwrba2QolYarA49KdpNq0PB8m4yyu5aA51ghzcs2fwRKlp2p7a8iIjyLS4SCJQo+1yjuIgiUKPtdqsrzL7Jp6uiKibtDx5dQcE/Tgg5J5DIO89hbE+vLL+rDNYqsS3Qe13XKcZ0DBrS7V/Eq7qyeeRrSCBjREPILoH+So+0UuVp6FMZ9+i2fSltPTXO0tHh9h0uPbQcAf5AldsTLZERPsxoZ5maOIszqZzq/wHSaEA0c1q7gCuns6y/LONqNPi2mHzQ0po+4n1RyUy6U2OrZiw7vsEbZfMHirxpf
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-10-07T08:43:41.000Z",
"modified": "2019-10-07T08:43:41.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#EmissaryPanda #APT older sample (2018). Signed by same company as my prior post \"Hangzhou Bianfeng Networking technology Co., Ltd.\" + previously unreported C2.\r\n \r\nIOCS:\r\n931017406b4718d81d2c776165e6ddf0\r\ntdjsyqty0takah2x[.]gitoos[.]com\r\n \r\n#threatintel #apt27",
"category": "Other",
"uuid": "5d9aeef4-595c-414b-96ea-42a1950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://mobile.twitter.com/MeltX0R/status/1179800013150527488",
"category": "External analysis",
"uuid": "5d9aeef4-3d00-4b6c-9bc1-42a1950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5d9aeef4-e134-43d2-904b-42a1950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#EmissaryPanda",
"category": "Other",
"uuid": "5d9aeef4-8994-4fb6-8e1c-42a1950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#APT",
"category": "Other",
"uuid": "5d9aeef4-cfb0-4f85-a28d-42a1950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#threatintel",
"category": "Other",
"uuid": "5d9aeef4-bd70-468e-999e-42a1950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#apt27",
"category": "Other",
"uuid": "5d9aeef4-11d0-4b0d-b4c7-42a1950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "MeltX0R",
"category": "Other",
"uuid": "5d9aeef4-acb8-44d2-aae7-42a1950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5d9aeef4-7b80-42de-a564-42a1950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2019-10-03T18:46:00",
"category": "Other",
"uuid": "5d9aeef4-fc20-46cb-a270-42a1950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d9af96f-24e0-4014-be2f-4265950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-10-07T08:38:07.000Z",
"modified": "2019-10-07T08:38:07.000Z",
"pattern": "[file:hashes.MD5 = '931017406b4718d81d2c776165e6ddf0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-07T08:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T09:30:16.000Z",
"modified": "2019-12-10T09:30:16.000Z",
"pattern": "[file:hashes.MD5 = '931017406b4718d81d2c776165e6ddf0' AND file:hashes.SHA1 = '6bfabe6eea3be2e59bc52bd69c64be7706e7a391' AND file:hashes.SHA256 = 'ce3424524fd1f482a0339a3f92e440532cff97c104769837fa6ae52869013558']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T09:30:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T09:30:16.000Z",
"modified": "2019-12-10T09:30:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-11-20T12:18:04",
"category": "Other",
"uuid": "dba6fe13-e310-4cfa-b4d7-abd86cd0949a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ce3424524fd1f482a0339a3f92e440532cff97c104769837fa6ae52869013558/analysis/1574252284/",
"category": "Payload delivery",
"uuid": "2ce963a0-7511-4b17-a435-b246d0c770ca"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "19/67",
"category": "Payload delivery",
"uuid": "8489f7db-a48a-434f-b9c6-a93530e54137"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--11557c3e-b39f-4c24-b017-ad012c867d10",
2023-06-14 17:31:25 +00:00
"created": "2019-10-07T08:43:41.000Z",
"modified": "2019-10-07T08:43:41.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "contains",
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f",
"target_ref": "observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 13:47:04 +00:00
"id": "relationship--309ca599-e059-4951-8e2a-ffa34a5cd90b",
2023-06-14 17:31:25 +00:00
"created": "2019-12-10T09:30:17.000Z",
"modified": "2019-12-10T09:30:17.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4",
"target_ref": "x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}