misp-circl-feed/feeds/circl/stix-2.1/5c500809-453c-4245-83e1-435c950d210f.json

377 lines
304 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c500809-453c-4245-83e1-435c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T14:03:55.000Z",
"modified": "2019-01-29T14:03:55.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c500809-453c-4245-83e1-435c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T14:03:55.000Z",
"modified": "2019-01-29T14:03:55.000Z",
"name": "2019-01-28: APT28 XTunnel Backdoor",
"published": "2019-01-29T14:05:57Z",
"object_refs": [
"observed-data--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"file--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"artifact--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"observed-data--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"file--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"artifact--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"observed-data--5c502d4d-f684-4852-9812-44b0950d210f",
"file--5c502d4d-f684-4852-9812-44b0950d210f",
"artifact--5c502d4d-f684-4852-9812-44b0950d210f",
"indicator--5c5033f2-306c-4378-8b70-042d950d210f",
"x-misp-object--5c5010d3-dc24-4d51-b0e0-4a6e950d210f",
"indicator--5c5013f0-02a4-4ef4-a6c2-4542950d210f",
"indicator--5c50150c-f1d4-412a-a110-404f950d210f",
"indicator--4b2e3157-db78-4817-ab9f-24131d6906d9",
"x-misp-object--caa1a5bf-3144-40dd-b72c-9aa723a1ccf3",
"relationship--cffc1950-2bf6-47e4-abb3-69a22bfa1bc6"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"",
"misp-galaxy:mitre-enterprise-attack-relationship=\"APT28 (G0007) uses XTunnel (S0117)\"",
"misp-galaxy:mitre-enterprise-attack-relationship=\"APT28 uses XTunnel\"",
"misp-galaxy:mitre-intrusion-set=\"APT28\"",
"misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"",
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28\"",
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel\"",
"misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"",
"misp-galaxy:mitre-malware=\"XTunnel\"",
"ecsirt:intrusions=\"backdoor\"",
"veris:action:malware:variety=\"Backdoor\"",
"ms-caro-malware:malware-type=\"Backdoor\"",
"ms-caro-malware-full:malware-type=\"Backdoor\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"osint:source-type=\"microblog-post\"",
"misp-galaxy:threat-actor=\"Sofacy\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T10:35:56.000Z",
"modified": "2019-01-29T10:35:56.000Z",
"first_observed": "2019-01-29T10:35:56Z",
"last_observed": "2019-01-29T10:35:56Z",
"number_observed": 1,
"object_refs": [
"file--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"artifact--5c502c8c-33cc-4faa-a3ef-4a35950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"name": "DyDakjkXgAMj0IL.jpg",
"content_ref": "artifact--5c502c8c-33cc-4faa-a3ef-4a35950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c502c8c-33cc-4faa-a3ef-4a35950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCALCBLADASIAAhEBAxEB/8QAHAABAQACAwEBAAAAAAAAAAAAAAEEBQMGBwII/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAHv2Vi5KKhNQVBUFQVBUFQVBfI/W/LTz7C9LxDpH32TIPPQD7R93ffemHXeHs3Wa6BXQAAAAAAD1/0zzL0wqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqDGycXJRUJqCoKgqCoKgqCoL5F655CdXwt3yHXNb3vogAPpGX87Tk0w1OFv+Cumm3Om7dXTQc+Xza8un4+x6qmuL8bfl4/Q0+BtsXXLO+ObNh1UbYgevemeZ+llQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQY2TjZKASAAAAAAAA8k9b8mOt8Gy4TW6DtPVgBZTsOPmbQ0/3h93Oodf7R1Y3eF9c9+fG2GvzOf0NK3Gn159nx5PPpz4et2+nroFdAPXvS/M/TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGyMfIQCQAAAAAAAHk/rHkpq8bH+D76tv9AALKjd8PDk6c/wA6fbfdddT3PpfYctMrj4vmq7Drm2l1ruXX8yWwz+oc0O1zR/NZ2HT97otICz130vzT0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx+fHyEAkAAAAAAAB5T6t5IceJ175Nz0zaasAfXyR2LHwPrTDO0eflV01HYuuZaMzmwVqYBM+ioKAA+vkA9d9K809LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMfn4OdAJAAAAAAAAeV+qeRmZg9F+jt/QMnGAEsO38PBp7Zdox9Jy3x2PP1Tl5fQ7Ji6ziz14+8dS+4ds1mh2lq6Tj2Ws6OfsuPqvrTn2Oky8SugV09c9K819KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODn4OZFQmoKgqCoKgqCoKgvlnqXkRucLy2nonnFgAlHbPvS6y2XdeHqXPfHc5nT+bk9Htuu6/aaOz6PEtTumB1jaTGNiZWJtj2t1Zpz9p6pZXQK6eueleaelFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQcPNw8qKhNQVBUFQVBUFQVBfKvVPIj733lfCek+UZWKAPv4I7d99b5tOfdaTF5q64O5+dRl0GzwlOFzcForY5mc6JsOWWqbHKhpBrAHrfpXmvpJUFQVBUFQVBUFQVBUFQVBUHJyT8on6vfk8frB+T+U/Vb8p8h+qH5SH6tflfHP1g/J+Qfqh+Uh+rX5P5T9VvypyH6nfk8frB+T6fq9+UB+r35QH6vfljiP1Y/KvCfrB+UB+r35P+j9XPyvjn6wflHmP1Q/J4/WD8n5x+on5PH6wflAfq9+Tx+sH5PH6wfk8frB+T6fqzj1ezKgqCoKgqCoKg4ebh5UVCagqCoKgqCoKgqC+ReudEOp7rr/AdQb0aJvRovvdDsWd08dz69rRtem7r7NltesfPJfbdP7BsNIzs3qDG3ZdDwLx2SdcUnRN67c9E3o796T5/wB/KgqCoKgqCoKgqCoKgqCoKg5/yl+rfykQDcafsxkdp8+3Zp+TG5j07y/N6+bPv/lvbDS5WDkmbr9fvDK7x5fvTrfJx8hq+69K7EbLt/QhuPvp+Sdq1vPoDe9I3uiO48uk5jbdf2+jMvsGm7idG+vnJN/17L4jm+OLnOo8n1xnrPXsbHMzaaL7NnicGqNIBZT9J7TV7MqCoKgqCoKgqDi5eLlQCQAAAAAAAAOL4yBjsgY7IGOyBjsgY7IGpzuD6rtyY2x18cuS4ieVxDlcQ5XEOVxDlcQyeTCGawhmsIZrCGawhmsIZrg57WCZAAAAAA5vyn+rPymQAAzjBvbt8eZO5cB1R2XZHSHbOY6a7pnnSMPtvUyWekHm70bVHTnftQdYdy6aL2vtx5K7/hnTMjtvOdDdxh1Hm7JyHT174dCdwzDobvutOqzu/SBexZx1Xh7FDroAFlP0ns9ZswAAAAAADi5OPkQCQAADrHPeOwNXl1nJa/hnPbOsbSzZsZnpksYZLGGSxhksYZLGGSxhksYc/m3oWDj3bdjNuHJYwyWMMljDJYwyWMMljDJYwyWMMljDJYwyWMMlrNmYeZhZtKBe4AAAAAHP+U/1V1w/O79ED87v0QPzu/RA/O/aPYB4rlewDxzN9WHjfx7OPJcP2YePaz3TJPz5tvdtceK5frw8V3/pY8v6r71sTwp7dinjur92HkeH7QPJfj10eQY3tA8Z+/Yx4ttPVR45q/dx+d36IHg269fHkej94H53fogfnd+iB+d7+hxmbKwAAAAAAA4uTj5EAkABZTrGH1DW7YevZHVtJpv3Df8AnXadMPvs3Sd3TTt7rjkv2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcHY3XB2N1wdjdcFxdXmGTmYeZSgXuAAAAAAAAAAAAAAAAPk+nV8I7n17X9mM0AAAAAAAAAAAAAAAAAAAAAAHH9/H2gEgALB+fcDdZp1rF7drjrYAOf6z+a+Gr4+y4Bo9nwbym+iyeXL059R8dpwjQ/e05eP0NNx9p6rMZXJzyt+Dj+9htz9dF6gAAAAAAAAAAc36F/PX6EMrMw8ylAvcAAAAAAAAAAAAAfJ9Or4Z3LrOL2U6x9dyGHmAAAAAAAAAAAAAAAAAAAAAAAAB8ffH9oqE1BUFQfnvn5tqddw+1dbNUADb4u6wJp9cGVsdOfSfOZxYdnB9ZvPzdWjysPa6Z8HF9ZsTgYXZdFvz8mLzzPoxZ8tecAAAAAAAAAAADm/Qn57/AEIZWZhZlKVF71BUFQVBUFQVBUFQVBU+T7dWwzufWcTsp1m9yGHmwVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQfH38fSKhNQVBUp4Hl4OxMXWbnQmAADZ7/RbTN8Tk44cPzj5kuHdaDaE23T9nDctYicHS7/AFukOX45tcfvB2WuRiCm4AAAAAAAAAAHN+g/z5+gzKzMLMpSoveoKgqCoKgqCoKnyfbq+Edz6zidmOsfXcRh5sFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUHz9fNRUJqCoKlPDM/ruaZ2m59OYwANnzYH3fDZavKpqOw6vZU34Njpbpz7L749UbC67n4/Q2WkzcI2nLhYlbbBxfe+GnJelAIUhUFQVKAAAAAc36D/Pn6CMrMwsylKi96gqCoKgqfJ9ur4Z3LrWJ2U6x9dxGHmwVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQVBUFQSwioTUFQVKeLbLpOSdm0GHrj4AB2XEYM03/wAaPN059lh6W4dm9yOv8nN1cO503Npnt8XW85m6Hfa3fDa9s8+yTtWs0A7dn9L4Tg2WtZx3DK6j9cmbYa/D2t6BqdD8YU7tj9P+Tumg1uNpOK5XZrxLAAADm/QX59/QJlZmHl0pUXvUFcX0fbrGEdy61idlOs3uIw82CoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCoKgqCWVAJAAA8e3Hmn2ehdV
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T10:38:57.000Z",
"modified": "2019-01-29T10:38:57.000Z",
"first_observed": "2019-01-29T10:38:57Z",
"last_observed": "2019-01-29T10:38:57Z",
"number_observed": 1,
"object_refs": [
"file--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"artifact--5c502d41-3c9c-4c2b-957c-49b5950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"name": "DyDamryW0AAvlqt.jpg",
"content_ref": "artifact--5c502d41-3c9c-4c2b-957c-49b5950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c502d41-3c9c-4c2b-957c-49b5950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAFnBLADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAQII/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAECBAMF/9oADAMBAAIQAxAAAAHJQZarbfLiT7xep1GH2q3Vt7kZkIiMk4y0AkAAABYq7Oma3U/OVedgrIRGjvaJaNaQrl8krvRmEip2ClKa/rFkwmheqLdDPRLPWC11S5U0AAAAAAAAAAAAAAAAAAAAA6Dz6/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtMF27m+3y6b5794vUlvevUWqsxt3kihxknGWgEgAAAAAZfntGgcqkLtrnP8AF3Ti5sR1zrRJ/PZKYVaL7DyQwxPROdmWVsm4QNV73yUrjJjAAAAAAAAAAAAAAAAAAAAPPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyY+4c804akM27N51aEqoGXoValHxknGTAJAAAAEyrDJ2Wty+65eOfIx7GGVro0NFMqxe1IyFuVc9tFai2DLh1o6yuzAiU1NYb2zED6+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu1bsFd0Y4/wCvnzPsv0Bk+6tHa0PuXzGScZMAkAAABKxWRWS+42VtxkqxNwJ5n1VdCahcs03NiLkUff3B2XneH0rHqUvDrhqVmtLVF2iJNjrXXSOA1UvHzGBvZJrGmWL4jKYlm2ynJuPNRJ6hrgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7nzqqfGrC+/hl3d1oVJ8q6doUESMZJxloBIAAAC03LDPOrfdmTzi6R0z5Tzedtavfldntorulb9w4/wBCkvvhZi+/c15WA2/Kzs1WxfN45VfZdppRJa1fXStXkJ3U6cefy1p9OVXKxK9uW+9REbJ+/RrQ1h8K3q3f6OPOqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W6oOVuqDlbqg5W7Hxs9AAAAAAAAAAAAB3jm/xAbfL0ffPrF6nYa/pQlWxNwUJLdjJOMmASAAAB1TnfROY167mbBm4b9+uymnMYZ2H2ZrJ5YfHy1yOijemW3xXzq89M3i0NvR51hjYHX6ZbFoYduFd6hSpXD1nstNy8L3PdpODlafh/mI084joPPpHVSewwflJsf3q/evnH7GpqXzWWmy0TFrTXvdavfL3fgdmLZTtzRM9Zn9sqs5ByU896Wrn3bhe6hk1Jh845XnsqoAAAAAAAAAAAAAAAAAAAAAAAOp8r6pys9AAAAAAAAAAAABe6x1fn23y6r5794vUtH10Ch1afxaPgpcZJxloBIAAAHVKJe6kRMzszZzHc07eV3S+/gtVbtcHTtq5M3vPXpJfBExf1aIA+Mdnw001qRnIPT5OPDddO3KrZ7PBVa3lslfP7c6x9BwWVGUkVZoxYNvGNmfu7YO3KfuyXW0ch1JSL38trLPe5r1/NZt3nNRi7N9b+UTrbdsvnrtds1bT8bOK0171Kw166EZ93PMc7hrnWTS83dMs0fEW/JsidLoEDy613W6Zzvtxw59uylRT2/S9G93PnVk8+7rixbqRsWrQ6c9X1XbVz4dz605NG60rs8uabHRMBRY+T6scYhrDoEZNwtzKYAAAAAADqfK+qcrPQAAAAAAAAAAAAAD6Hna6zVzv3onpSoyTjLQCQAAAOqcq7fHHJPjs0Ycty9NHN9XqQ5Y6mOW+dTHLHUxyx1Mcs3Ojovy7d6ImnLXUhy/b6KOWe9SHLfOpjlrqQ5a6kOW+dTHLHUxy11IctdSHLXUhzzS6gOdaXUhyz3qQ5a6kOWupDlrqQ55h6SOZ4epDlvnUxyx1Mcs96kOW+dTHLHUxy3N0xE0CL6mieW+dTWryz3qQ5p70octdSHLXUhy11Ic80OpDlkh0MctdSHLXUhy11IctdSHLXUhy11IctdSHvK+7cJPQAAAAAAAAAAAAHRKn1zw/vnnLRa4ycx1QX3M7Uq1GScZMAkAAAD2QjhMRHg9SWI0m5sEWnYE9TW3xtWl9i+c1ZeoSUA83u9NJv8AsTHpbMQbZ3r1iEhLTzrLxHX1t6Z6s30Vda9EgnmQ+GxrHqzZypOgjny1SZQl6q5GvB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB68HrwevB74AAAAAAAAAAAAAHYqHCa2nF8/fwzbezVyhZqrVPcsym7GScZaASAAAAABddOrZUWWQpOUtNN3Nis7F059H5enYYDn31znrFXqHxeFtruHvWz7NU85WvMXXtq0SsVE7OnndIisZb58WXFlppslWZEW6wcsJ6hB0zcNLc1tgkIXfxFx1aniOx4OR+HSJjj46zS61ummAAAAAAABbKnZS+0L9F8qOSOqxZz5JRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3/msNFbfMwffwxen3akVzYrOeYocgjHGScZaASAAAAABdtOOx9MUnd+Vyk0r89BecvQlIzz06dEUucIL2Qy856lWoCP8zv1SsV/XOmQ1V9hhhPPj1OHV63ULBytl1dT408p/brmv0yR2fC57bnTPfC2WfmkgSvQOVS5qxMhDkjD2irgAAAAAAAAAAG9oglIsdDkuVDquhznfM8Tf5Y5U6rqHNU5BgAAAAAAAAAAAAAAAAAAAAAAAAAHTadfaRt8uu+e/eL1Lzo26FrOnp5ddEXGScZaASAAAAABu/Enjz+nhxy2CvWBkI+Q7efjlPjcz+nHY9zDaunky/VuOf6zSKaht45rR5eh9zHwUzd0ZKk2aOsOLy+/1oy+Gkxu3k3TmXxm99fPKJr3F1go6Z+t/HX82J6+euRmziTHyGhaa96rZ6xPm/t7c0UGv2+tGqmYYvcLZaaa+5ufBXgAAAAAAAAANvUF5nOVDquvzLYJmv3OwHK3VcRy9Zq2fIAAAAAAAAAAAAAAAAAAAAAJLQ77zXZ5tJPvH6Wxs9noNVP9t2SVSjJOMmASAAAAAA9vcLbNFZbRETWJ1fiwct9fSsVbmydNhil433CVwddqHmd6v8b8t3pAxdwpHWJP63ZnlNNWpt50xZcluFe17rSoks0bHaLl4jp5Q/L1czjcb0qvFNJMjFjkCmffxcSCi+w85IzF8DLiBsa4bGuAAAAAAAAAAAAAAGXELfZOWDqvxy37LTV7LaDlyegQAAAAAAAAAAAAAAAAAACUj+p0nRirx5n2ye9ZI2qF+LTAy0oyTjJgEgAAAAAScbM5LcNLyTzTSrEhTVHtrVPJzY0zFlbHOc0VP6Oa8DvTkX0jNAJ68QHs17LK2PiYhPNzL156WlMS086i8+69/mzx8QSe9I7JXs0rHFbSOqYANnWE7tVgAPJbrBxF1IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUhy11IctdSHLXUp84e3dIAAA6hTPiL0Y8P38eZ9nVomn7VW9L1rXPqMk4y0AkAAAAAC6aVX3L5s0hG5YmL3s8VXts6wtbdGAFm+K3lLvqVvNj6Wquwq8LNDaXSLGrnlV0UzJZZI7Sx9aWrRidK3Fl8y17SsEJuEpzvZLhhgsg0M0cHnoAABMWGvWEoQAE5By5p7096VCQnvso07B9KOcYuhU
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c502d4d-f684-4852-9812-44b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T10:39:09.000Z",
"modified": "2019-01-29T10:39:09.000Z",
"first_observed": "2019-01-29T10:39:09Z",
"last_observed": "2019-01-29T10:39:09Z",
"number_observed": 1,
"object_refs": [
"file--5c502d4d-f684-4852-9812-44b0950d210f",
"artifact--5c502d4d-f684-4852-9812-44b0950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c502d4d-f684-4852-9812-44b0950d210f",
"name": "DyDanyMXQAADPHy.jpg",
"content_ref": "artifact--5c502d4d-f684-4852-9812-44b0950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c502d4d-f684-4852-9812-44b0950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAEGBLADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAUGAwQHAgEI/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAIBAwQF/9oADAMBAAIQAxAAAAHjgAAP0xwju/EcyvzmhrcOMlt6O3y545DQ1szRkceTp01pOMyE5YKNLeXz+dytS11E2mmbXXpKYdLNmWqD86PONOOkY73euw1670jp12uocruG1p70dP7up42NRu3X5qi5PUeYWypslus8csm1il9PbayxfpniGwyeTWL7Qp7Mw2Ot2rakqpJxG7KTFc2in+MfyOXW6nq7F9ZiBmKLmY7TVrHkyM7U9yr1ZqHlTx61PBu62xWy483vNPyd/q3JbPtb1c+R+ZYpCv3Wq5ji2cMcuvQsFt321JSjz+RZYfS3dqPuFNnSkY9vYjnboF4q9z3iiCBEcgAAAAAAAAAAAAAAAAAAAAAAAAAAAP0xwju/C2VtKTXHnUd2w7PLnR9+0eSlfZyT6XT97fksyB3Jux+bhzP7apGqoe7HWrr0rnqWxZmtrXSCiIDVk4z1+r59tVVuwYyYx68gAAAAAAAAAAAAAAAAAAkI8b+gADPgG97jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7b3ntf6J4f3DhHDnF4PkrzjT+5NuZ08eWVnIP3iy9LYdzNM6GxJyvLnRZDfzXcNjyTdbAe5L1maWGxx8TCYZGN9Pe3VKx+duvJWdzKaZaYl2+QpS4Qeot0LQlTFy2dUQWAAANi+HO1r1iuluKincJELLWgyS2IVeNOVTS2xqBS20V9c6YBQAAAAAASUzGk1iFTEjEVZMed2JWirbv1vbxBrbrc4rbelbquNrzda4qjc9xOgscTM6TflSttrzda6TkImuLP8AJmsrLhbAJjzWxKxe5mtJzdbVlujWQaXiOvQKoAAAAAAAAAAAD9McR7fwvM1/MQ5xZtymucXLSrQm5CqK2Tkq03bRYebfeXOyTnPm7KTFUXVh818X+FrfyJ3Y3K9HbqOhz1FStu54pj3t/Bq/Y+Zo290/UXnStbnyV/8AlBGNkdGNkGNkGNkE7f8AkY6jVquMXR+ei7ZqGO28OyCVunNkL5oVIS/SOQMXeleVLtRcgxsimNkGNkGNkGNkGNkGNkxiYh9mI1rFefhRbDM+ePOhL/56XB0LrLM53IXVuwWlbPPLnz7fuO50vk3nVdL+yMd8LLXsf2cvsLW3LnZ/VWVtj815uy0tUxd8dMc4vWtThYtSI+9elq91FEWjcpYs0fFKq8UZ93Q69AAAAAAAAAAAG7pbp3Kp6vMjq7lA6u5QOruWWMuDlFkLm5TNl7coni8uY6x1dyjfOkOf6R01zqNOruUZDqan1g6up9bOqOUDq7lA6u5pqnVXNcR09zPMdGcymC6uUWgt7lXk6u5RIHR3LMZ1dyjYOnueRZ1dygdXUOEOruUDq7lA6uqVVOruUfTqzmGQ6W5QOruUDq7lA6u5QOruUDq7lA/QfAOrcpFkrd7xP0a88kLHZecXTEzQ5bTLfHyFaJDYpdgNquR7TrPJus65MAAAAAAAbRq7XS8hjoWrogAAAAAAAAAAAAAAADd0t0vnMum8yAAN25VnppzCy1ToZWZOv3M5Z0mkWUkucW3MUu86u0faXe6eWej9TpBCbV0r5PVHqvLTp1BuVRJeh9A5+eDIdB0LR6Irb9U0krXy++FRscHdjl/VeXdFKNA2Kum5dqN0EweEqVqNwSho7djjSRo3R+fEvr3OBNqi3HYPdJ6nUT5S+r8/If15+nZa/sbJTZKwbxW5bQlylydgyHJMG9ogAHWuU9W5SAdcqkFJm21BttQbbUG21BttQbdvougQ4AAAABtGrtdLyGPJzTRN7RAAAAAAAAAAAAAAAAABu6W6XzmXTeZAAAD34AD34AD78HryAAAHvwH342DXAPp8AAA9+AA9+B9+AA39XEXqigMpiffh68gAA+/B68gA9eQAAB1rlPWKM2AScYwvWer58m7Lmc/XaEIRadQgVrqeZ9WjT1BpiUKmMwAAbRq7XS/Z4yc00Te0QAAAAAAAAAAAAAAAAAAAbulul85l03mQAAAAABfsNK+HRPOrmMsBI1k3s0rnK3N48RC2aP8AZW7VN4yj3eLyFG+ZcQ6NznpprtmII6RrMubcQljJU5yYKDv6G8XzJsQpHaXRK+bdQnKqXuvSHwr8xJx5XejY4QrUXKyxWLjrTRT5PcsJUMmK+HO4HoXPQAAAAADrkbIUHam6ZuSRYbRxj5tXCQ5+yb1u84+7vW4Ggm3SMr/zJ6xXaT93b5Pcl+N+ieZ9/QR+fNvpv0x5OaaJvaIAAAAAAAAAAAAAAAAAAAAAN3R2y/8AMv03SDjbrY5I62OSOtjkjrY5I62OSOtjkjrYoX2+Dlc9dhy+cug5+6AOfulapzeVuY5hO3IUP1fNk5y6NqFEhuqCk1zrIpm9ZRC1HpGUoHrofg5huXsUPW6KOYyN9FC+X4cxlrwOXTt0HMtvoQ5LaLkObbHQRQfV8HOonrY5I62OSOtjkjrY5I62OSOtjkjrY+cp7TxYAAAAAAAAA6h2X8kjrPJ/n0AAAAAAAAAAAAAAAAAAAAAAAk/Gg7X+l+E924bx51r1KS3DlVt2c2+cUqRsOLFS+TMp1up7m/vzkNuyti83n5z9scrd0GRi7V16V77K4czFpTeWZr8dbqh37ZPfT5d24v6v2xuc3lLJ81RJiH6Vqoa/VeSynNC3aGbA72fd1WVsxnPx1wABYc99OPOswZz6Virtw9lQwTUL04BfIAAAAAAAAAAAB78TUTC7+hZZmI2d2xefhSPMi6dMER0Lnmt3L5mDV17ZocONa3dKd7dqs3fPbrpmxW4VkiuXPxr3yvcucBIS2Tdq3ie99LgZDYlYiEW3U486z7ucNqC+7OPt1+fZLY5RX/kvMsrOLcxXcPjvtB6X9HbqAAAAAAAAAABl+bfntf6L4b3LhHHnEYfUxyiN87e3Mx+Lalcyv+vGxd4cUhnnIvNNy/LlQNyW2LuBwbM9qs/Jry2PwWSOzIvBMw3bpIed3dXC4pyZxT9vzv6wQdhyEU3MZHrVStbW3jsuKp8tkOQK1eypM3inhdKljDOxl+pRsF+op2TT1uf5vQPlI8cbvSuV3HRVM1Ny/KdHnQXPZhtqckmukdBV7F5+tmUjD0i+qjVazrDml2ipVSvGrwpkrGzzn3zrHQkJz/N63t8imdm85+dZJroGXmXu46Jm4zJ3lu593jiHG/H3BKdOWr6052cjsMrJ84q3yZwXUTsT9Y3djXkdk1MNtjuPKDybG30uJx58F3kaqty5snuJ1Ms/XZn3qyO+2J8ZMV79x7s1E1T5a8GIjStWDMrif0+lxi068zXk/ulW8WeP3YhLxHSwqgAAAAADc+XX6N4j27hPOMGOIc4tG3TMnOLho1nITe7U1bLSFZ97tmn+ee+PKdm6GqpKUruStl/EI3bThrvmcy6v16O3TY+hZY207tL+FuneXDoPig5TpdZqo6Fz/wAyuvN7osXi4w0OpbbhyKVh41dv3a+UaGYnr7yTPbqFLg9c67yPrnKCw+6s8/S8Y6hiiup16mp3orn+PFjnKF46SnfOOst0XTnOp73XnaOwco23n6+bnTYzpPSqtXmLXNc6HQtGlsda5rHqyyytFav/AIoeTntjrHt6OWxYq9I9J6/w2/c349EzE7F8dSwRGPMnJ6j5OPLf+Qzt1uFPCXzwIvcdV/nLnMoX316bWDCuknGCwQfjLM3aCh8HLnZPlc91VmjdDzjcnqsLTjrHmZuGCtSMzuQ2PB37WyLh05Yt2oMyURbpdtqQwOn
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c5033f2-306c-4378-8b70-042d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T11:07:30.000Z",
"modified": "2019-01-29T11:07:30.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.236.93.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-29T11:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c5010d3-dc24-4d51-b0e0-4a6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T08:37:39.000Z",
"modified": "2019-01-29T08:37:39.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "2019-01-28: #APT28 #XTunnel #Backdoor\r\nC2\r\n\u00f0\u0178\u203a\u00a1\u00ef\u00b8\u008f\r\n: 109.236.93[.138 | \u00e2\u20ac\u0153How are you?\u00e2\u20ac\u009d Marker \r\nOriginal Filename: \"Xtunnel_Http_Method.exe\" \r\n\u00f0\u0178\u02dc\u2030\r\n\r\nh/t @CNMF_VirusAlert\r\n\r\nMD5: 16b6d63390340941ec0fe60b0177384f",
"category": "Other",
"uuid": "5c5010d4-66a4-4766-89a0-49e6950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5c5010d4-ca58-4702-a663-4702950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/VK_Intel/status/1090111749284614144",
"category": "Network activity",
"to_ids": true,
"uuid": "5c5010d4-6ec8-44ea-82f8-4bed950d210f"
},
{
"type": "text",
"object_relation": "username-quoted",
"value": "CNMF_VirusAlert",
"category": "Other",
"uuid": "5c5010d4-fd90-4a98-aa2c-4343950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2019-01-28T20:57:00",
"category": "Other",
"uuid": "5c5010d4-3be0-41bc-a58e-4dfd950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "VK_Intel",
"category": "Other",
"uuid": "5c5010d4-4168-44db-920b-42e9950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c5013f0-02a4-4ef4-a6c2-4542950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T08:50:56.000Z",
"modified": "2019-01-29T08:50:56.000Z",
"pattern": "[file:name = 'Xtunnel_Http_Method.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-29T08:50:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c50150c-f1d4-412a-a110-404f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T08:55:40.000Z",
"modified": "2019-01-29T08:55:40.000Z",
"pattern": "[file:hashes.MD5 = '16b6d63390340941ec0fe60b0177384f' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-29T08:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b2e3157-db78-4817-ab9f-24131d6906d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T13:19:49.000Z",
"modified": "2019-01-29T13:19:49.000Z",
"pattern": "[file:hashes.MD5 = '16b6d63390340941ec0fe60b0177384f' AND file:hashes.SHA1 = 'c3212e1e609588cb5736b1fd9aa8581c965ffa08' AND file:hashes.SHA256 = 'be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-29T13:19:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--caa1a5bf-3144-40dd-b72c-9aa723a1ccf3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-29T13:19:50.000Z",
"modified": "2019-01-29T13:19:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-01-29T12:48:40",
"category": "Other",
"uuid": "72c5c0da-36b0-4bc7-bb71-0ad5d03a4ca4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757/analysis/1548766120/",
"category": "External analysis",
"uuid": "208ca235-3160-47cf-87bd-6bdb0fa77fe0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/68",
"category": "Other",
"uuid": "b239d7d4-228e-4e7e-8576-118b523f7b50"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cffc1950-2bf6-47e4-abb3-69a22bfa1bc6",
"created": "2019-01-29T13:19:50.000Z",
"modified": "2019-01-29T13:19:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4b2e3157-db78-4817-ab9f-24131d6906d9",
"target_ref": "x-misp-object--caa1a5bf-3144-40dd-b72c-9aa723a1ccf3"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}