2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d9aedea-94c8-4c33-a80d-2bc1950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T09:30:17.000Z" ,
"modified" : "2019-12-10T09:30:17.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d9aedea-94c8-4c33-a80d-2bc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T09:30:17.000Z" ,
"modified" : "2019-12-10T09:30:17.000Z" ,
"name" : "OSINT - #EmissaryPanda #APT older sample (2018)" ,
"published" : "2019-12-10T09:30:36Z" ,
"object_refs" : [
"indicator--5d9afa3f-1dcc-4d8d-ab0c-4d53950d210f" ,
"observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"file--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f" ,
"indicator--5d9af96f-24e0-4014-be2f-4265950d210f" ,
"indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4" ,
"x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0" ,
2023-05-19 09:05:37 +00:00
"relationship--4e61c3df-1e7d-4fca-affb-99c12fb2699f" ,
"relationship--af2aba4c-52c7-45f5-844c-81f26db72af8"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390\"" ,
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"" ,
"misp-galaxy:mitre-intrusion-set=\"Threat Group-3390\"" ,
"misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"" ,
"misp-galaxy:threat-actor=\"Emissary Panda\"" ,
"misp-galaxy:threat-actor=\"LuckyMouse\"" ,
"misp-galaxy:threat-actor=\"Threat Group-3390\"" ,
"osint:source-type=\"microblog-post\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d9afa3f-1dcc-4d8d-ab0c-4d53950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-10-07T08:41:35.000Z" ,
"modified" : "2019-10-07T08:41:35.000Z" ,
"pattern" : "[domain-name:value = 'tdjsyqty0takah2x.gitoos.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-10-07T08:41:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-10-07T08:42:55.000Z" ,
"modified" : "2019-10-07T08:42:55.000Z" ,
"first_observed" : "2019-10-07T08:42:55Z" ,
"last_observed" : "2019-10-07T08:42:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"name" : "EF9924EW4AA9T0J.jpeg" ,
"content_ref" : "artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5d9afa8f-bf60-44be-97a6-4a85950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A A U D B A Q E A w U E B A Q F B Q U G B w w I B w c H B w 8 L C w k M E Q 8 S E h E P E R E T F h w X E x Q a F R E R G C E Y G h 0 d H x 8 f E x c i J C I e J B w e H x 7 / 2 w B D A Q U F B Q c G B w 4 I C A 4 e F B E U H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 4 e H h 7 / w g A R C A G 2 A s A D A S I A A h E B A x E B / 8 Q A H A A B A A M B A Q E B A Q A A A A A A A A A A A A Q F B g M H A g E I / 8 Q A G Q E B A Q E B A Q E A A A A A A A A A A A A A A A I B A w Q F / 9 o A D A M B A A I Q A x A A A A H 2 U A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A g E 9 U 2 R 0 A p O 3 l 3 b h r + u T i 9 / P 7 F 2 x 2 x 8 X u B o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G W y H O R 7 P F V 3 / 1 S V H r f f P 6 D w / Q z n n v q f m X q 8 d 3 A i c a m x 9 P 849 H 4 + j o O P Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A D z e s 9E869 f j s M 9 Y W d 89 L p Y E / w / Q Z n T V n S M r J 2 i d q 7 Q m g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C u r j R f F d a E H r J F R Z w s l 0 j V R Y v G K 1 v 7 i N n m 9 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A K q 1 y R n 5 s 3 Q e i M T r q m F O 75 W f s 5 n K u Z F 53 J m U 8 s j 6 X G X R u w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A M 3 p O Z i b H h S d p s f q P q I 23 / S N x 1 L t c 7 W J f D n O 0 c y X c 7 m k V N l W d B F A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A O f Q c + n P H G x j e f y e k 7 e b B n R s T 4 n M 3 n 0 B W W a p g T e O U r L v j w z P X l 6 F J 803 f D t Y K u 0 m j 8 q i 2 Q p o I R N Q v w n O P y S E L k W T l 9 n 0 A A h / h N A A A A A A A A A A A A A A A A A A A A A A A B n s 5 f w + s z o F 1 C u a z c e d e h c L + x m g A P O v R c F u S 6 z n z + v 8 v h q s X a / P 933 e w Z P n 78 U y B u f k i w r Y r j O q 724 j 0 m j / V 0 V b e 8 p y + z 1 r 1 r P n l M i x v H h Z Z 2 n 7 p 6 u F i L d 0 2 i r I H G F b Z t / O G A 0 A A A A A A A A A A A A A A A A A A A A C H h f R o + 5 g + G u X l X s O X b n Q A A C t s h 5 p 8 + m c e / D B 6 S 8 + 5 v n 0 q 5 O b L H O w A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F f Y N y u m 8 M D W a z h W 2 M V Y 2 n m 2 k N K A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C o z W h q T I X V d 1 N p j P R s C e j / U a S A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A R / O P T 6065 q p 4 l 7 m L C f W b X p H k S B o A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A D 4 + x 8 / Q V M 6 R U 9 u d s j y O V h m g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A U 1 V P 5 + n n w s p G H i v S H n 19 x q 7 k Y f p j a M 521 e s 0 N K 841 h d s Z w z d 0 y P W p 0 X f F 3 U 7 d c K G o N 4 z t N u b t n 5 T b Z n 6 F u + Y W 4 T o m d g 5 u w Z u 33 J r N / u b o 2 e g G w Y v X b n Y N A A A A A A A A A A A A A A A A A A A A A A A o v q 4 x n S Z m L 6 S K W E v Y d + F Y y N r + J l a z 0 i s 3 K T 92 t O q h p / Q 4 L K X r r k 757E9 N X O A + 94 n f P L 7 S t Y e P 6 A Z h 5 u r N 8 + 530 t t X y 2 p O G + N 4 z c L 12 q s x X 1 s 0 7 j + m s G I 1E9 U h l A A A A A A A A A A A A A A A A A A A A A A A P n 6 E b 5 l i o t 8 V 5 e f 0 K g R C 6 Q J 4 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B x 8 n 9 V 88 P u 3 v h i d F w o j 0 x G k g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A F f k t z 5 o b C / w A t a n z m N V 56 e g W s O W f q L 3 P s A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A C t s h 5 l I 9 E j H n G t v e 5 Q 0 F h 536 M 1 f e o 0 H m 9 + m s M f s H k D Y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A z N P s s X P q 7 d K / w D e f s m 7 b L a v r 8 w N g A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B y 6 i n / b c f H 2 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A H //xAAwEAACAwABAgUBBgcBAQAAAAADBAECBQATYAYQERIUFRYgISIwUCMkMTI0NTaQM//aAAgBAQABBQL/AM12nqjkumWsr7FfURKkp2cVoApq+vPKXrevlpG6S8NXmKJzbnshZjLN0y9m67vSk7Xtkl24jMOYfBXgg+bXEI9jHHorIMu8zQc+tOzNm03umGtB2iLVF/LtZF/ycfD1gP1iLUer7JgrVskFo4OPSnZmmv8AmSN+BC0pW1rlPkx+PlpJhKW2V05GmTii0C7O0FfkUZQYgo0vxkdawmLpj8o/Podo2rW0fFDyAjiBTKxLWrWLPLxxJgPr2cdsQefU+AcCX7j1hwtHynCDyI4XJJWFWTLGpaL17L0D9EdrXtYKJiySChJmMSSnltFvJbx8UyRQ2s3dCF60uZDGN7qdl60/zWaL356YqDjXr+RP1knxOfDpw0QPS05rXQTLn1u2fGldDSgTHh71rTsvXHPuzG4VI2SkE0G+uNKvqWP6c215maWaZKlDISO3KZUIKpq5JjG2+y71rerSF6zK1fUYLTxJbpx5Nz1bsqHXLTTdrwmg+WAKWvzPygKpdUq/K2ravZc0rPIpWPKb0jjJukNUPSpy64bchUUcrStfOy8jsFiLW/pwr4acrpU9QmGWOx72rSjj17z1fxAx7CKMVOP75hULV4pIhdZOubqe2VM9q/IaDAPqCHmPRQISjArM+VTilpVgLQTNLAsIgy1sUdSGZWBNHU73vatKR+P3W2BKr3YFVj9w2L/guDr8QHMzrAj35hfab9Ak+vJs5C64Luug68NoiAyIaCGlpOaVs99yuhoYGe5lFLHy/tEtpmGIz+gsmD/qPCn+k1joA8S4ECLqvDI6Xoo6IfCqSf0jxL/oHG2F5G1oC1lXHniN/UZ8UOfUPfoNlc8KM/8AR0ddbtOsxdJT5XR/bdiPz4tqepTStZ8g/jJ19vKf2ffcH0iA0GhZUhNGlnR6Gdro2SWY0lgPoG1GVb6i+e5R3TIsAtdomcU9wK19owFjewAGVzPjm+0HReRur4ayqr4K7Ca/h9cquRthIxkNLGu00AxNnWWK9V0TYdc6ZLan05uPDp1zW2hZ8KXMoW0ftzQYOEwiDKVly9Z6hOIhm14/CPvuLVYpfPOAXsY96SNouEZEa0tW9OxiiGWL51OUQiJGOtI/SkVJ5Wta+Vw3FZc1DV7XOD32CeZte1aVJojiY0p4B0JO1GRjIN9w1rrYAbVvhZF6v57GbXIcg1O0tS/tV8MC6jAt7R+1virRYg2FVqmStT4OrWfWO0deP4Hha/8AK+KMxlZ+PF2Z0lTiZXZv1N5f/wCPaJxwUXuLmaCjIGwveG8lwrba2QolYarA49KdpNq0PB8m4yyu5aA51ghzcs2fwRKlp2p7a8iIjyLS4SCJQo+1yjuIgiUKPtdqsrzL7Jp6uiKibtDx5dQcE/Tgg5J5DIO89hbE+vLL+rDNYqsS3Qe13XKcZ0DBrS7V/Eq7qyeeRrSCBjREPILoH+So+0UuVp6FMZ9+i2fSltPTXO0tHh9h0uPbQcAf5AldsTLZERPsxoZ5maOIszqZzq/wHSaEA0c1q7gCuns6y/LONqNPi2mHzQ0po+4n1RyUy6U2OrZiw7vsEbZfMHirxpf
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-10-07T08:43:41.000Z" ,
"modified" : "2019-10-07T08:43:41.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "#EmissaryPanda #APT older sample (2018). Signed by same company as my prior post \"Hangzhou Bianfeng Networking technology Co., Ltd.\" + previously unreported C2.\r\n \r\nIOCS:\r\n931017406b4718d81d2c776165e6ddf0\r\ntdjsyqty0takah2x[.]gitoos[.]com\r\n \r\n#threatintel #apt27" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-595c-414b-96ea-42a1950d210f"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://mobile.twitter.com/MeltX0R/status/1179800013150527488" ,
"category" : "External analysis" ,
"uuid" : "5d9aeef4-3d00-4b6c-9bc1-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-e134-43d2-904b-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "hashtag" ,
"value" : "#EmissaryPanda" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-8994-4fb6-8e1c-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "hashtag" ,
"value" : "#APT" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-cfb0-4f85-a28d-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "hashtag" ,
"value" : "#threatintel" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-bd70-468e-999e-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "hashtag" ,
"value" : "#apt27" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-11d0-4b0d-b4c7-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "MeltX0R" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-acb8-44d2-aae7-42a1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "state" ,
"value" : "Informative" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-7b80-42de-a564-42a1950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2019-10-03T18:46:00" ,
"category" : "Other" ,
"uuid" : "5d9aeef4-fc20-46cb-a270-42a1950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d9af96f-24e0-4014-be2f-4265950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-10-07T08:38:07.000Z" ,
"modified" : "2019-10-07T08:38:07.000Z" ,
"pattern" : "[file:hashes.MD5 = '931017406b4718d81d2c776165e6ddf0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-10-07T08:38:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T09:30:16.000Z" ,
"modified" : "2019-12-10T09:30:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '931017406b4718d81d2c776165e6ddf0' AND file:hashes.SHA1 = '6bfabe6eea3be2e59bc52bd69c64be7706e7a391' AND file:hashes.SHA256 = 'ce3424524fd1f482a0339a3f92e440532cff97c104769837fa6ae52869013558']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T09:30:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T09:30:16.000Z" ,
"modified" : "2019-12-10T09:30:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-11-20T12:18:04" ,
"category" : "Other" ,
"uuid" : "dba6fe13-e310-4cfa-b4d7-abd86cd0949a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ce3424524fd1f482a0339a3f92e440532cff97c104769837fa6ae52869013558/analysis/1574252284/" ,
"category" : "Payload delivery" ,
"uuid" : "2ce963a0-7511-4b17-a435-b246d0c770ca"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "19/67" ,
"category" : "Payload delivery" ,
"uuid" : "8489f7db-a48a-434f-b9c6-a93530e54137"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--4e61c3df-1e7d-4fca-affb-99c12fb2699f" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-10-07T08:43:41.000Z" ,
"modified" : "2019-10-07T08:43:41.000Z" ,
"relationship_type" : "contains" ,
"source_ref" : "x-misp-object--5d9aeef4-0cb0-4799-8c8a-42a1950d210f" ,
"target_ref" : "observed-data--5d9afa8f-bf60-44be-97a6-4a85950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--af2aba4c-52c7-45f5-844c-81f26db72af8" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-12-10T09:30:17.000Z" ,
"modified" : "2019-12-10T09:30:17.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c1edbfb-5054-4688-9723-151cdf91c0b4" ,
"target_ref" : "x-misp-object--a76a6401-f89d-4551-9e72-8eb90b7478e0"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
