misp-circl-feed/feeds/circl/misp/58724cbf-5508-4425-ab89-4f61950d210f.json

{
    "type": "bundle",
    "id": "bundle--58724cbf-5508-4425-ab89-4f61950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-09T07:25:11.000Z",
            "modified": "2017-01-09T07:25:11.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--58724cbf-5508-4425-ab89-4f61950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-09T07:25:11.000Z",
            "modified": "2017-01-09T07:25:11.000Z",
            "name": "OSINT  - Fancy Bear Source Code",
            "published": "2017-01-09T07:25:22Z",
            "object_refs": [
                "x-misp-attribute--58724d03-65d4-4872-962a-4263950d210f",
                "x-misp-attribute--58724d25-fbd4-4270-8f3c-4289950d210f",
                "observed-data--58724d6c-0e30-4815-aa87-499c950d210f",
                "url--58724d6c-0e30-4815-aa87-499c950d210f",
                "indicator--58724d9c-d95c-4221-91a4-409e950d210f",
                "indicator--58724db2-4a54-4329-93b6-444f950d210f",
                "indicator--58724de8-45f0-4f8e-be18-41a0950d210f",
                "indicator--58724e47-f46c-4c95-bdc9-47b9950d210f",
                "indicator--58724e70-bc04-467e-a1ac-434e950d210f",
                "indicator--58725095-9bfc-4bb1-b047-4822950d210f",
                "indicator--58725097-6eb0-4520-8318-48f8950d210f",
                "indicator--58725098-349c-4071-aa86-48fb950d210f",
                "indicator--58733ad7-1798-4cb7-b296-43cc950d210f"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:threat-actor=\"Sofacy\"",
                "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
                "osint:certainty=\"75\"",
                "osint:source-type=\"source-code-repository\"",
                "ms-caro-malware:malware-platform=\"Python\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--58724d03-65d4-4872-962a-4263950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:43:03.000Z",
            "modified": "2017-01-08T14:43:03.000Z",
            "labels": [
                "misp:type=\"github-repository\"",
                "misp:category=\"Social network\""
            ],
            "x_misp_category": "Social network",
            "x_misp_comment": "Source of the information - IR performed by the github user and pushed publicly",
            "x_misp_type": "github-repository",
            "x_misp_value": "rickey-g/fancybear"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--58724d25-fbd4-4270-8f3c-4289950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:31:01.000Z",
            "modified": "2017-01-08T14:31:01.000Z",
            "labels": [
                "misp:type=\"comment\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "comment",
            "x_misp_value": "# Fancy Bear Source Code \r\nThis repo contains actual source code found during IR.\r\nThe code provides a communication channel for the attacker and infected client. It uses Google's gmail servers to send and receive encoded messages.\r\n\r\n### Some artifacts are summorized below\r\n- Comments are in english, with a lot of grammar mistakes\r\n- Subject of an email is: '**piradi nomeri**'. This is Georgian language\r\n- It saves files with **dataluri_**timetsamp.dat. 'Dataluri' is also Georgian for \"details\".\r\n- In the email body it uses the word: \"**gamarjoba**\". Meaning 'Hello' in Russian and Georgian.\r\n\r\n### These are the Gmail account details used, I've verified they once worked (but not anymore!)\r\n- POP3_MAIL_IP = 'pop.gmail.com'  \r\n- POP3_PORT = 995\r\n- POP3_ADDR = 'jassnovember30@gmail.com'\r\n- POP3_PASS = '30Jass11'\r\n- SMTP_MAIL_IP = 'smtp.gmail.com'\r\n- SMTP_PORT = 587\r\n- SMTP_TO_ADDR = 'userdf783@mailtransition.com'\r\n- SMTP_FROM_ADDR = 'ginabetz75@gmail.com'\r\n- SMTP_PASS = '75Gina75'\r\n  \r\n### Command and Control server\r\n- XAS_IP = '104.152.187.66'\r\n- XAS_GATE = '/updates/'\r\n\r\n**The code is completely left as found on the original server, including the log files.**"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--58724d6c-0e30-4815-aa87-499c950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:44:08.000Z",
            "modified": "2017-01-08T14:44:08.000Z",
            "first_observed": "2017-01-08T14:44:08Z",
            "last_observed": "2017-01-08T14:44:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--58724d6c-0e30-4815-aa87-499c950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--58724d6c-0e30-4815-aa87-499c950d210f",
            "value": "https://github.com/rickey-g/fancybear"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58724d9c-d95c-4221-91a4-409e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:33:00.000Z",
            "modified": "2017-01-08T14:33:00.000Z",
            "pattern": "[email-message:from_ref.value = 'jassnovember30@gmail.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:33:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"email-src\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58724db2-4a54-4329-93b6-444f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:33:22.000Z",
            "modified": "2017-01-08T14:33:22.000Z",
            "pattern": "[email-message:to_refs[*].value = 'userdf783@mailtransition.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:33:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"email-dst\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58724de8-45f0-4f8e-be18-41a0950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:34:16.000Z",
            "modified": "2017-01-08T14:34:16.000Z",
            "pattern": "[email-message:to_refs[*].value = 'ginabetz75@gmail.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:34:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"email-dst\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58724e47-f46c-4c95-bdc9-47b9950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:35:51.000Z",
            "modified": "2017-01-08T14:35:51.000Z",
            "description": "Command and Control server in default config",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.152.187.66']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:35:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58724e70-bc04-467e-a1ac-434e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:36:32.000Z",
            "modified": "2017-01-08T14:36:32.000Z",
            "description": "Command and Control server",
            "pattern": "[url:value = '104.152.187.66/updates/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:36:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58725095-9bfc-4bb1-b047-4822950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:45:41.000Z",
            "modified": "2017-01-08T14:45:41.000Z",
            "description": "zip file of the github master branch",
            "pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALV1KEqK4X6w9NECAD8cAwAgABwANjcwYzc1YjBjMzcyY2Y4ZmQ3ZGEyZDg4N2E0OTExMGNVVAkAA5VQcliVUHJYdXgLAAEEIQAAAAQhAAAARj3QsVLLfS6wBD31EHm2WWc9Be1+LoiwaeiW/NkX0xZdV6A4K1weS0dScczb/iSs8UYm5HnSvoW6bUm6hs/7LDrSNLfoqNQHylplJTjD61s9cVY+hrno+5Dm7kxLq7WRpLjxnQv7hVWRvfVieSbkXBz41ueQfYv5mm6xpQ98VvQ9TqhOUkJLhGj/VHqiWnVyC8cP/atbQXg1a8fcHb9PsvNqlwYNK/246Dwof2HZ0P6tirb54mnillU7mMmBVx2DASu8zjD9kCf4MJJ2F2Bs9SLLzTvTRr1Y6zlw2cVg0g2n6981A9yty77qoItjYKNt++EkzFpse3XzXQbJ/EtqE7jQeSz/2FLXfBC5fCd+aSBiVlKWWTRU3dq3YAYgmgMNZd0nd23qLIzjdAUYS/haS+tdMItxsrrEJzHWiBhmhBhGC/ZokVjupQqUCH+Ave2aWxIm5DCXwyzmN0k3v7uaO5It2en+vUGZN8DeGoZtDwn8s+2CnnadXJRZE40C/1oSoEYJJIsQPQYRYhiLOWtEr1//NNpWSOq/KgCtkAWXuJ0Vy7/LlBec7pnylBW4UergkkHNtpgu6zGeDMLg+FesoKkRVAhO2H6xDQvf2rAWSPeQGR2ivYmgBRkie/eoqO9x+cNaybgg2be1ggMfzyV4qn+ejx8IpxrL/AMqQPLbxr2DYwKnoXGR/pHSoI5/VD9JNNjFvhHPIwiE0NQHv/VxY/sVQnkO5Oesi82rg5lSx5vmb5F9htKovgqRn2Iw2Xi1xIGdtKNf9GDvDkF1ltFn/S2hzkBXCtyEpckuzIkhxXOD2qF7CwHAp13yP0CCz74JjbXtbb2NCoaXKNWBsHE8B91lrDJABaJDC3ShTOO3jg+amL25s0t6H1mxFmc8ah8CXJ814UFNPHOgRhzsto3Dd+9t81anvVf4JY+Tct38LlSOMnTkgLUUqpYp7ycQGlmCddL0JUjiZe6aX9r/XpM4AwYB/U4xAU7hQ+UqCk0rVLlLds9TONqKJ0eT9jQ5MUkVJyH/dASMLF6bvXeTMA2w1o2lqe/AYvlqcmKPzpDdQXcxL6EgsaM5qMhVWLowpoQWZRva/0YhVyqfQo0sNLEv1bEAyzgtJ1NovEDwcVet26sKSaC9gDcV+fpDR5LOCPDDAHZumfkVXLoBY8lKAkvsIaJFDVtB+46quDXUTJWzFhfCvAIQ9eyIk5JTbTDe9AqKh83fxt/HvK6YGpvmay8iHpHERbOX03aQXrCulSNnHBQMkn4Z0Pbmo2FUQTuDmpHd+BnU8OpYyiPF59hkdilpe/XNpkUPuFqj4PsMQEAd64ygkWWrLpBXWguF7dboZ8C3MrcJTDYDReR+FO57cddJT1bh+b+9jmyotdja7H/+j4QjiV8vN5FHOy/UK23Z4L/eVMESEl5GJHwjuxRrRfcg5WNYv4rIkV5T33UUHK5z8K6aFynGXayjO2lB88k9CcmV7Fi9C4/glg56Acl+oNQaJA5mS9T4P7G3Z03zleCvRDGO3qBtc+ok5A2EKVAXnoS6rPvSKlATrJ6fvEtRmY3QKTMY7qwzgZzRqL0x3mPl5NlJQ6w+/Ava68HVRt6LQjCu1W5FVvfnWzB7xjuSZyCMkp+ZyAF6pAUULiHrBsoVFkJr1nLBUf0xdoXucfM2PR0r90LR/t9Q0WBau87wviXi7aE7E7D516wkRTEZ8c7hn/encHDWqzf1tpdUJnj6uTjy/5IsQ5ceO/5etgk9kVigC6jfuEKUA0OGTY9bj19KlAhWY3dSGFCD9FuLGCQpYHYGzP3KiJywW34NvD63Ya7St70CCh2Z+f43UoHLaBg5oroguYqqOoV4eyCuk3ZnYNS7/eOY/5txOYZqh1U1MD+gLXQXUKywpwRxPldANR/JH93+EeLcTMI42lAlpGof5dT3QA264XG5WlIAFQ13Q8dP4dfSFld6cWkRa5xsHpRjJfgEEc/svQGKAoAM50UXNZFTktDEz+xgAxHBfk4ygzxcnLlUdFhQFjkLjtr1gIZE/tlhxMx1nawjfmgXWc1ixkib4PjT8+j0V01d4IaqFlbDT7EQgNq/vh1naVZ7jaE6viFjoavGObazw47Kj2UY26scKdCjH1bH914W0oON6elXCx6zsYDR35uzZyFbwRp40LOgs7SxedxY0EQ6h0iAF1khZP5NYrzZ3iwoCjak4sCvw34AmViWUdc6WS6DKlgl/lN6YAySsN/jpBzKDQDau3a23sLs/7N7YOtP2AH8uC42sjVzt90RCr5zaluGXzVMgFrgq/jyzQZJygaHn1S1LCGsub1UinLPPLnmCC8YyKAGtDnQINEB21fXtZfKFKPyYIshexcZTTLc0pwMgtA/rYWzP5m5ZbM7lmH2r2GCCjVyZ5PbThQ8YHbQfhWIih3Ai8OH6ye7x3N1xqAs14YQ+nY/IGqlKPbvdxcNVp6XyHQLTTXMrqWoo6OsprIDB8PjE2x/aunSuKaQdrpLJ9sY2NBU1nLCiTE71zVHLYWdL/vaC2oOrxbkiOPxupK+V0jHlRxdQpzoaQoPk1IYiIV2FkyV9cjNxpnE7sCnrHdfiYfsC8a7vvimSCm3khpKuly4dwPMVRc0ruB0slyYM6qYi+zYH9Y/IAt6j+jDDun1afQpzKRhn8MkF/jJ2ejnqEjYmOOl7sIWyDs39whTUo46/SbcMtf9MkALU9B+clNrLVUza9wCx42zb3CiguOmCFEZOdE2P2H7XRZlMeaO7CeakVIEMWpbhQ+DlV6hsEexHp4491Xrnr14ot8ftO6SFLGbwYyA+nyJWJlr4cybRGnSOYGv9kny8HeB645qmySu+0Mykoz+EPeVWitbpSsfUitIoattz1V3HAAOj3Sa3dASkcVAPMx3E66TdVU9ZWHz/xBD6iAHeP6+5X3JiiRERjVjNXg4Y7U6FNjPGddGZCnONjS2NDo+yVVU/gB1iVgIPuGOPL9ghYPf7GT00ryfGj9H0o5ECb/FwqzgYfsBUyx+OkTFv3rSJfr7rssocWwVtC3hmmNIs8Km29RtkWCEzHMpCij1S+gQ+lDihCPBq9OwFYE5PvPWhmSevwxDtByM+6+UNzYzkThoyORKTW5W0JYydZ8UEQ19MVxPvlMJV3tEj7HsKK6wKbIzK/4B6ITB9qC8WVNdn/vpjaAy9uB7+SEMb288aKG9dMDmMRnoUj/kBBkGO3i2hjMwsAyzA2v2wCMQLqTTANR9+p2kVRzO9LcY1CR2iKKREBL2j9qgfCWqJRuzQK8IvJ0OMARyN+s/1nEFYuwubyvkWFsnm97KmnWY8tKqw/HdY3Q2HJbwB4ZD9fScwK0Lcb2jJefaLg0C+YPDau6o8oWBWP7tr/p0xnJeGJvUQsYtOzRJ7wnPiHAxi2/YabOBiC/9TrsQzfG9dU/msCRiGe8KV3Anl9SaZNNxgTSwwYvHIhljJ+VIiQl5ZGBKntIyK56WHaxKwNKhrbSm3llLbS/qErOuZVall9oG9xEGtrjPuqURXCoYje8h9Dlbeqhi7F0Dsvi2nHs7e3/5yMeff5IpW5vREqCYAW2jqnu6b3W7w3Da1NCP05M5LimLxDBj9t193qbJ7aPI8P7yOWZs+htZLlqMpYu4XMIw2UwCYpBzFfMIqaZQyxJwP09F80gjhNZj0C5nMJjXjbWuPkMbM1+hH/lyz+6bmq4cFN2Q7h41kXa+lr9WP2zBx9rcAZdYK4YkhAS6yiXtQ1iiXXuHcZaiLme/TTppuzhrQjmJJ/pLzut/GSEAl5BtxwkdZcoa6FIVOLh1GleiA0mv1bQrfJh/ej6RfJ0h/SOF3hr8SrquyqfLdachEDzYP17ELy4R3Po8vZG+WL4YLqsPkmBZ8HgPXcalSB8Imnl8qhOnBbDlHnwGwOvrgXgQgtRHj0sSAqglY2SZvT
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:45:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"malware-sample\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58725097-6eb0-4520-8318-48f8950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:45:43.000Z",
            "modified": "2017-01-08T14:45:43.000Z",
            "description": "zip file of the github master branch",
            "pattern": "[file:name = 'fancybear-master.zip' AND file:hashes.SHA1 = '4e63fc81bc611b5efcfd1091fc63ca6e3cc80842']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:45:43Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"filename|sha1\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58725098-349c-4071-aa86-48fb950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-08T14:45:44.000Z",
            "modified": "2017-01-08T14:45:44.000Z",
            "description": "zip file of the github master branch",
            "pattern": "[file:name = 'fancybear-master.zip' AND file:hashes.SHA256 = '26bb761ced7b7b1b418f46d3908ac626985480795ce5e4b659c59eb5acd1fdab']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-08T14:45:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload installation"
                }
            ],
            "labels": [
                "misp:type=\"filename|sha256\"",
                "misp:category=\"Payload installation\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58733ad7-1798-4cb7-b296-43cc950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-01-09T07:25:11.000Z",
            "modified": "2017-01-09T07:25:11.000Z",
            "pattern": "[url:value = 'http://trasitionmail.com/mail2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-01-09T07:25:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
chg: [feed] feed updated 2023-06-14 17:31:25 +00:00			`"type": "bundle",`
			`"id": "bundle--58724cbf-5508-4425-ab89-4f61950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-09T07:25:11.000Z",`
			`"modified": "2017-01-09T07:25:11.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--58724cbf-5508-4425-ab89-4f61950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-09T07:25:11.000Z",`
			`"modified": "2017-01-09T07:25:11.000Z",`
			`"name": "OSINT - Fancy Bear Source Code",`
			`"published": "2017-01-09T07:25:22Z",`
			`"object_refs": [`
			`"x-misp-attribute--58724d03-65d4-4872-962a-4263950d210f",`
			`"x-misp-attribute--58724d25-fbd4-4270-8f3c-4289950d210f",`
			`"observed-data--58724d6c-0e30-4815-aa87-499c950d210f",`
			`"url--58724d6c-0e30-4815-aa87-499c950d210f",`
			`"indicator--58724d9c-d95c-4221-91a4-409e950d210f",`
			`"indicator--58724db2-4a54-4329-93b6-444f950d210f",`
			`"indicator--58724de8-45f0-4f8e-be18-41a0950d210f",`
			`"indicator--58724e47-f46c-4c95-bdc9-47b9950d210f",`
			`"indicator--58724e70-bc04-467e-a1ac-434e950d210f",`
			`"indicator--58725095-9bfc-4bb1-b047-4822950d210f",`
			`"indicator--58725097-6eb0-4520-8318-48f8950d210f",`
			`"indicator--58725098-349c-4071-aa86-48fb950d210f",`
			`"indicator--58733ad7-1798-4cb7-b296-43cc950d210f"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"misp-galaxy:threat-actor=\"Sofacy\"",`
			`"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",`
			`"osint:certainty=\"75\"",`
			`"osint:source-type=\"source-code-repository\"",`
			`"ms-caro-malware:malware-platform=\"Python\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--58724d03-65d4-4872-962a-4263950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:43:03.000Z",`
			`"modified": "2017-01-08T14:43:03.000Z",`
			`"labels": [`
			`"misp:type=\"github-repository\"",`
			`"misp:category=\"Social network\""`
			`],`
			`"x_misp_category": "Social network",`
			`"x_misp_comment": "Source of the information - IR performed by the github user and pushed publicly",`
			`"x_misp_type": "github-repository",`
			`"x_misp_value": "rickey-g/fancybear"`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--58724d25-fbd4-4270-8f3c-4289950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:31:01.000Z",`
			`"modified": "2017-01-08T14:31:01.000Z",`
			`"labels": [`
			`"misp:type=\"comment\"",`
			`"misp:category=\"External analysis\""`
			`],`
			`"x_misp_category": "External analysis",`
			`"x_misp_type": "comment",`
			"x_misp_value": "# Fancy Bear Source Code \r\nThis repo contains actual source code found during IR.\r\nThe code provides a communication channel for the attacker and infected client. It uses Google's gmail servers to send and receive encoded messages.\r\n\r\n### Some artifacts are summorized below\r\n- Comments are in english, with a lot of grammar mistakes\r\n- Subject of an email is: 'piradi nomeri'. This is Georgian language\r\n- It saves files with dataluri_timetsamp.dat. 'Dataluri' is also Georgian for \"details\".\r\n- In the email body it uses the word: \"gamarjoba\". Meaning 'Hello' in Russian and Georgian.\r\n\r\n### These are the Gmail account details used, I've verified they once worked (but not anymore!)\r\n- POP3_MAIL_IP = 'pop.gmail.com' \r\n- POP3_PORT = 995\r\n- POP3_ADDR = 'jassnovember30@gmail.com'\r\n- POP3_PASS = '30Jass11'\r\n- SMTP_MAIL_IP = 'smtp.gmail.com'\r\n- SMTP_PORT = 587\r\n- SMTP_TO_ADDR = 'userdf783@mailtransition.com'\r\n- SMTP_FROM_ADDR = 'ginabetz75@gmail.com'\r\n- SMTP_PASS = '75Gina75'\r\n \r\n### Command and Control server\r\n- XAS_IP = '104.152.187.66'\r\n- XAS_GATE = '/updates/'\r\n\r\nThe code is completely left as found on the original server, including the log files."
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--58724d6c-0e30-4815-aa87-499c950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:44:08.000Z",`
			`"modified": "2017-01-08T14:44:08.000Z",`
			`"first_observed": "2017-01-08T14:44:08Z",`
			`"last_observed": "2017-01-08T14:44:08Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--58724d6c-0e30-4815-aa87-499c950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--58724d6c-0e30-4815-aa87-499c950d210f",`
			`"value": "https://github.com/rickey-g/fancybear"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58724d9c-d95c-4221-91a4-409e950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:33:00.000Z",`
			`"modified": "2017-01-08T14:33:00.000Z",`
			`"pattern": "[email-message:from_ref.value = 'jassnovember30@gmail.com']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:33:00Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"email-src\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58724db2-4a54-4329-93b6-444f950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:33:22.000Z",`
			`"modified": "2017-01-08T14:33:22.000Z",`
			`"pattern": "[email-message:to_refs[*].value = 'userdf783@mailtransition.com']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:33:22Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"email-dst\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58724de8-45f0-4f8e-be18-41a0950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:34:16.000Z",`
			`"modified": "2017-01-08T14:34:16.000Z",`
			`"pattern": "[email-message:to_refs[*].value = 'ginabetz75@gmail.com']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:34:16Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"email-dst\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58724e47-f46c-4c95-bdc9-47b9950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:35:51.000Z",`
			`"modified": "2017-01-08T14:35:51.000Z",`
			`"description": "Command and Control server in default config",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.152.187.66']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:35:51Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58724e70-bc04-467e-a1ac-434e950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:36:32.000Z",`
			`"modified": "2017-01-08T14:36:32.000Z",`
			`"description": "Command and Control server",`
			`"pattern": "[url:value = '104.152.187.66/updates/']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:36:32Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58725095-9bfc-4bb1-b047-4822950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:45:41.000Z",`
			`"modified": "2017-01-08T14:45:41.000Z",`
			`"description": "zip file of the github master branch",`
			"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALV1KEqK4X6w9NECAD8cAwAgABwANjcwYzc1YjBjMzcyY2Y4ZmQ3ZGEyZDg4N2E0OTExMGNVVAkAA5VQcliVUHJYdXgLAAEEIQAAAAQhAAAARj3QsVLLfS6wBD31EHm2WWc9Be1+LoiwaeiW/NkX0xZdV6A4K1weS0dScczb/iSs8UYm5HnSvoW6bUm6hs/7LDrSNLfoqNQHylplJTjD61s9cVY+hrno+5Dm7kxLq7WRpLjxnQv7hVWRvfVieSbkXBz41ueQfYv5mm6xpQ98VvQ9TqhOUkJLhGj/VHqiWnVyC8cP/atbQXg1a8fcHb9PsvNqlwYNK/246Dwof2HZ0P6tirb54mnillU7mMmBVx2DASu8zjD9kCf4MJJ2F2Bs9SLLzTvTRr1Y6zlw2cVg0g2n6981A9yty77qoItjYKNt++EkzFpse3XzXQbJ/EtqE7jQeSz/2FLXfBC5fCd+aSBiVlKWWTRU3dq3YAYgmgMNZd0nd23qLIzjdAUYS/haS+tdMItxsrrEJzHWiBhmhBhGC/ZokVjupQqUCH+Ave2aWxIm5DCXwyzmN0k3v7uaO5It2en+vUGZN8DeGoZtDwn8s+2CnnadXJRZE40C/1oSoEYJJIsQPQYRYhiLOWtEr1//NNpWSOq/KgCtkAWXuJ0Vy7/LlBec7pnylBW4UergkkHNtpgu6zGeDMLg+FesoKkRVAhO2H6xDQvf2rAWSPeQGR2ivYmgBRkie/eoqO9x+cNaybgg2be1ggMfzyV4qn+ejx8IpxrL/AMqQPLbxr2DYwKnoXGR/pHSoI5/VD9JNNjFvhHPIwiE0NQHv/VxY/sVQnkO5Oesi82rg5lSx5vmb5F9htKovgqRn2Iw2Xi1xIGdtKNf9GDvDkF1ltFn/S2hzkBXCtyEpckuzIkhxXOD2qF7CwHAp13yP0CCz74JjbXtbb2NCoaXKNWBsHE8B91lrDJABaJDC3ShTOO3jg+amL25s0t6H1mxFmc8ah8CXJ814UFNPHOgRhzsto3Dd+9t81anvVf4JY+Tct38LlSOMnTkgLUUqpYp7ycQGlmCddL0JUjiZe6aX9r/XpM4AwYB/U4xAU7hQ+UqCk0rVLlLds9TONqKJ0eT9jQ5MUkVJyH/dASMLF6bvXeTMA2w1o2lqe/AYvlqcmKPzpDdQXcxL6EgsaM5qMhVWLowpoQWZRva/0YhVyqfQo0sNLEv1bEAyzgtJ1NovEDwcVet26sKSaC9gDcV+fpDR5LOCPDDAHZumfkVXLoBY8lKAkvsIaJFDVtB+46quDXUTJWzFhfCvAIQ9eyIk5JTbTDe9AqKh83fxt/HvK6YGpvmay8iHpHERbOX03aQXrCulSNnHBQMkn4Z0Pbmo2FUQTuDmpHd+BnU8OpYyiPF59hkdilpe/XNpkUPuFqj4PsMQEAd64ygkWWrLpBXWguF7dboZ8C3MrcJTDYDReR+FO57cddJT1bh+b+9jmyotdja7H/+j4QjiV8vN5FHOy/UK23Z4L/eVMESEl5GJHwjuxRrRfcg5WNYv4rIkV5T33UUHK5z8K6aFynGXayjO2lB88k9CcmV7Fi9C4/glg56Acl+oNQaJA5mS9T4P7G3Z03zleCvRDGO3qBtc+ok5A2EKVAXnoS6rPvSKlATrJ6fvEtRmY3QKTMY7qwzgZzRqL0x3mPl5NlJQ6w+/Ava68HVRt6LQjCu1W5FVvfnWzB7xjuSZyCMkp+ZyAF6pAUULiHrBsoVFkJr1nLBUf0xdoXucfM2PR0r90LR/t9Q0WBau87wviXi7aE7E7D516wkRTEZ8c7hn/encHDWqzf1tpdUJnj6uTjy/5IsQ5ceO/5etgk9kVigC6jfuEKUA0OGTY9bj19KlAhWY3dSGFCD9FuLGCQpYHYGzP3KiJywW34NvD63Ya7St70CCh2Z+f43UoHLaBg5oroguYqqOoV4eyCuk3ZnYNS7/eOY/5txOYZqh1U1MD+gLXQXUKywpwRxPldANR/JH93+EeLcTMI42lAlpGof5dT3QA264XG5WlIAFQ13Q8dP4dfSFld6cWkRa5xsHpRjJfgEEc/svQGKAoAM50UXNZFTktDEz+xgAxHBfk4ygzxcnLlUdFhQFjkLjtr1gIZE/tlhxMx1nawjfmgXWc1ixkib4PjT8+j0V01d4IaqFlbDT7EQgNq/vh1naVZ7jaE6viFjoavGObazw47Kj2UY26scKdCjH1bH914W0oON6elXCx6zsYDR35uzZyFbwRp40LOgs7SxedxY0EQ6h0iAF1khZP5NYrzZ3iwoCjak4sCvw34AmViWUdc6WS6DKlgl/lN6YAySsN/jpBzKDQDau3a23sLs/7N7YOtP2AH8uC42sjVzt90RCr5zaluGXzVMgFrgq/jyzQZJygaHn1S1LCGsub1UinLPPLnmCC8YyKAGtDnQINEB21fXtZfKFKPyYIshexcZTTLc0pwMgtA/rYWzP5m5ZbM7lmH2r2GCCjVyZ5PbThQ8YHbQfhWIih3Ai8OH6ye7x3N1xqAs14YQ+nY/IGqlKPbvdxcNVp6XyHQLTTXMrqWoo6OsprIDB8PjE2x/aunSuKaQdrpLJ9sY2NBU1nLCiTE71zVHLYWdL/vaC2oOrxbkiOPxupK+V0jHlRxdQpzoaQoPk1IYiIV2FkyV9cjNxpnE7sCnrHdfiYfsC8a7vvimSCm3khpKuly4dwPMVRc0ruB0slyYM6qYi+zYH9Y/IAt6j+jDDun1afQpzKRhn8MkF/jJ2ejnqEjYmOOl7sIWyDs39whTUo46/SbcMtf9MkALU9B+clNrLVUza9wCx42zb3CiguOmCFEZOdE2P2H7XRZlMeaO7CeakVIEMWpbhQ+DlV6hsEexHp4491Xrnr14ot8ftO6SFLGbwYyA+nyJWJlr4cybRGnSOYGv9kny8HeB645qmySu+0Mykoz+EPeVWitbpSsfUitIoattz1V3HAAOj3Sa3dASkcVAPMx3E66TdVU9ZWHz/xBD6iAHeP6+5X3JiiRERjVjNXg4Y7U6FNjPGddGZCnONjS2NDo+yVVU/gB1iVgIPuGOPL9ghYPf7GT00ryfGj9H0o5ECb/FwqzgYfsBUyx+OkTFv3rSJfr7rssocWwVtC3hmmNIs8Km29RtkWCEzHMpCij1S+gQ+lDihCPBq9OwFYE5PvPWhmSevwxDtByM+6+UNzYzkThoyORKTW5W0JYydZ8UEQ19MVxPvlMJV3tEj7HsKK6wKbIzK/4B6ITB9qC8WVNdn/vpjaAy9uB7+SEMb288aKG9dMDmMRnoUj/kBBkGO3i2hjMwsAyzA2v2wCMQLqTTANR9+p2kVRzO9LcY1CR2iKKREBL2j9qgfCWqJRuzQK8IvJ0OMARyN+s/1nEFYuwubyvkWFsnm97KmnWY8tKqw/HdY3Q2HJbwB4ZD9fScwK0Lcb2jJefaLg0C+YPDau6o8oWBWP7tr/p0xnJeGJvUQsYtOzRJ7wnPiHAxi2/YabOBiC/9TrsQzfG9dU/msCRiGe8KV3Anl9SaZNNxgTSwwYvHIhljJ+VIiQl5ZGBKntIyK56WHaxKwNKhrbSm3llLbS/qErOuZVall9oG9xEGtrjPuqURXCoYje8h9Dlbeqhi7F0Dsvi2nHs7e3/5yMeff5IpW5vREqCYAW2jqnu6b3W7w3Da1NCP05M5LimLxDBj9t193qbJ7aPI8P7yOWZs+htZLlqMpYu4XMIw2UwCYpBzFfMIqaZQyxJwP09F80gjhNZj0C5nMJjXjbWuPkMbM1+hH/lyz+6bmq4cFN2Q7h41kXa+lr9WP2zBx9rcAZdYK4YkhAS6yiXtQ1iiXXuHcZaiLme/TTppuzhrQjmJJ/pLzut/GSEAl5BtxwkdZcoa6FIVOLh1GleiA0mv1bQrfJh/ej6RfJ0h/SOF3hr8SrquyqfLdachEDzYP17ELy4R3Po8vZG+WL4YLqsPkmBZ8HgPXcalSB8Imnl8qhOnBbDlHnwGwOvrgXgQgtRHj0sSAqglY2SZvT
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:45:41Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload installation"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"malware-sample\"",`
			`"misp:category=\"Payload installation\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58725097-6eb0-4520-8318-48f8950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:45:43.000Z",`
			`"modified": "2017-01-08T14:45:43.000Z",`
			`"description": "zip file of the github master branch",`
			`"pattern": "[file:name = 'fancybear-master.zip' AND file:hashes.SHA1 = '4e63fc81bc611b5efcfd1091fc63ca6e3cc80842']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:45:43Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload installation"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"filename\|sha1\"",`
			`"misp:category=\"Payload installation\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58725098-349c-4071-aa86-48fb950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-08T14:45:44.000Z",`
			`"modified": "2017-01-08T14:45:44.000Z",`
			`"description": "zip file of the github master branch",`
			`"pattern": "[file:name = 'fancybear-master.zip' AND file:hashes.SHA256 = '26bb761ced7b7b1b418f46d3908ac626985480795ce5e4b659c59eb5acd1fdab']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-08T14:45:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload installation"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"filename\|sha256\"",`
			`"misp:category=\"Payload installation\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58733ad7-1798-4cb7-b296-43cc950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-01-09T07:25:11.000Z",`
			`"modified": "2017-01-09T07:25:11.000Z",`
			`"pattern": "[url:value = 'http://trasitionmail.com/mail2']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-01-09T07:25:11Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`]`
			`}`