misp-circl-feed/feeds/circl/misp/58724cbf-5508-4425-ab89-4f61950d210f.json

{
  "Event": {
    "analysis": "0",
    "date": "2017-01-08",
    "extends_uuid": "",
    "info": "OSINT  - Fancy Bear Source Code",
    "publish_timestamp": "1483946722",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1483946711",
    "uuid": "58724cbf-5508-4425-ab89-4f61950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#12e000",
        "local": false,
        "name": "misp-galaxy:threat-actor=\"Sofacy\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#0082e1",
        "local": false,
        "name": "osint:certainty=\"75\"",
        "relationship_type": ""
      },
      {
        "colour": "#00497f",
        "local": false,
        "name": "osint:source-type=\"source-code-repository\"",
        "relationship_type": ""
      },
      {
        "colour": "#a200ca",
        "local": false,
        "name": "ms-caro-malware:malware-platform=\"Python\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Social network",
        "comment": "Source of the information - IR performed by the github user and pushed publicly",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886583",
        "to_ids": false,
        "type": "github-repository",
        "uuid": "58724d03-65d4-4872-962a-4263950d210f",
        "value": "rickey-g/fancybear"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483885861",
        "to_ids": false,
        "type": "comment",
        "uuid": "58724d25-fbd4-4270-8f3c-4289950d210f",
        "value": "# Fancy Bear Source Code \r\nThis repo contains actual source code found during IR.\r\nThe code provides a communication channel for the attacker and infected client. It uses Google's gmail servers to send and receive encoded messages.\r\n\r\n### Some artifacts are summorized below\r\n- Comments are in english, with a lot of grammar mistakes\r\n- Subject of an email is: '**piradi nomeri**'. This is Georgian language\r\n- It saves files with **dataluri_**timetsamp.dat. 'Dataluri' is also Georgian for \"details\".\r\n- In the email body it uses the word: \"**gamarjoba**\". Meaning 'Hello' in Russian and Georgian.\r\n\r\n### These are the Gmail account details used, I've verified they once worked (but not anymore!)\r\n- POP3_MAIL_IP = 'pop.gmail.com'  \r\n- POP3_PORT = 995\r\n- POP3_ADDR = 'jassnovember30@gmail.com'\r\n- POP3_PASS = '30Jass11'\r\n- SMTP_MAIL_IP = 'smtp.gmail.com'\r\n- SMTP_PORT = 587\r\n- SMTP_TO_ADDR = 'userdf783@mailtransition.com'\r\n- SMTP_FROM_ADDR = 'ginabetz75@gmail.com'\r\n- SMTP_PASS = '75Gina75'\r\n  \r\n### Command and Control server\r\n- XAS_IP = '104.152.187.66'\r\n- XAS_GATE = '/updates/'\r\n\r\n**The code is completely left as found on the original server, including the log files.**"
      },
      {
        "category": "External analysis",
        "comment": "Source of the information - IR performed by the github user and pushed publicly",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886648",
        "to_ids": false,
        "type": "link",
        "uuid": "58724d6c-0e30-4815-aa87-499c950d210f",
        "value": "https://github.com/rickey-g/fancybear"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483885980",
        "to_ids": true,
        "type": "email-src",
        "uuid": "58724d9c-d95c-4221-91a4-409e950d210f",
        "value": "jassnovember30@gmail.com"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886002",
        "to_ids": true,
        "type": "email-dst",
        "uuid": "58724db2-4a54-4329-93b6-444f950d210f",
        "value": "userdf783@mailtransition.com"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886056",
        "to_ids": true,
        "type": "email-dst",
        "uuid": "58724de8-45f0-4f8e-be18-41a0950d210f",
        "value": "ginabetz75@gmail.com"
      },
      {
        "category": "Network activity",
        "comment": "Command and Control server in default config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886151",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58724e47-f46c-4c95-bdc9-47b9950d210f",
        "value": "104.152.187.66"
      },
      {
        "category": "Network activity",
        "comment": "Command and Control server",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886192",
        "to_ids": true,
        "type": "url",
        "uuid": "58724e70-bc04-467e-a1ac-434e950d210f",
        "value": "104.152.187.66/updates/"
      },
      {
        "category": "Payload installation",
        "comment": "zip file of the github master branch",
        "data": "UEsDBBQACQAIALV1KEqK4X6w9NECAD8cAwAgABwANjcwYzc1YjBjMzcyY2Y4ZmQ3ZGEyZDg4N2E0OTExMGNVVAkAA5VQcliVUHJYdXgLAAEEIQAAAAQhAAAARj3QsVLLfS6wBD31EHm2WWc9Be1+LoiwaeiW/NkX0xZdV6A4K1weS0dScczb/iSs8UYm5HnSvoW6bUm6hs/7LDrSNLfoqNQHylplJTjD61s9cVY+hrno+5Dm7kxLq7WRpLjxnQv7hVWRvfVieSbkXBz41ueQfYv5mm6xpQ98VvQ9TqhOUkJLhGj/VHqiWnVyC8cP/atbQXg1a8fcHb9PsvNqlwYNK/246Dwof2HZ0P6tirb54mnillU7mMmBVx2DASu8zjD9kCf4MJJ2F2Bs9SLLzTvTRr1Y6zlw2cVg0g2n6981A9yty77qoItjYKNt++EkzFpse3XzXQbJ/EtqE7jQeSz/2FLXfBC5fCd+aSBiVlKWWTRU3dq3YAYgmgMNZd0nd23qLIzjdAUYS/haS+tdMItxsrrEJzHWiBhmhBhGC/ZokVjupQqUCH+Ave2aWxIm5DCXwyzmN0k3v7uaO5It2en+vUGZN8DeGoZtDwn8s+2CnnadXJRZE40C/1oSoEYJJIsQPQYRYhiLOWtEr1//NNpWSOq/KgCtkAWXuJ0Vy7/LlBec7pnylBW4UergkkHNtpgu6zGeDMLg+FesoKkRVAhO2H6xDQvf2rAWSPeQGR2ivYmgBRkie/eoqO9x+cNaybgg2be1ggMfzyV4qn+ejx8IpxrL/AMqQPLbxr2DYwKnoXGR/pHSoI5/VD9JNNjFvhHPIwiE0NQHv/VxY/sVQnkO5Oesi82rg5lSx5vmb5F9htKovgqRn2Iw2Xi1xIGdtKNf9GDvDkF1ltFn/S2hzkBXCtyEpckuzIkhxXOD2qF7CwHAp13yP0CCz74JjbXtbb2NCoaXKNWBsHE8B91lrDJABaJDC3ShTOO3jg+amL25s0t6H1mxFmc8ah8CXJ814UFNPHOgRhzsto3Dd+9t81anvVf4JY+Tct38LlSOMnTkgLUUqpYp7ycQGlmCddL0JUjiZe6aX9r/XpM4AwYB/U4xAU7hQ+UqCk0rVLlLds9TONqKJ0eT9jQ5MUkVJyH/dASMLF6bvXeTMA2w1o2lqe/AYvlqcmKPzpDdQXcxL6EgsaM5qMhVWLowpoQWZRva/0YhVyqfQo0sNLEv1bEAyzgtJ1NovEDwcVet26sKSaC9gDcV+fpDR5LOCPDDAHZumfkVXLoBY8lKAkvsIaJFDVtB+46quDXUTJWzFhfCvAIQ9eyIk5JTbTDe9AqKh83fxt/HvK6YGpvmay8iHpHERbOX03aQXrCulSNnHBQMkn4Z0Pbmo2FUQTuDmpHd+BnU8OpYyiPF59hkdilpe/XNpkUPuFqj4PsMQEAd64ygkWWrLpBXWguF7dboZ8C3MrcJTDYDReR+FO57cddJT1bh+b+9jmyotdja7H/+j4QjiV8vN5FHOy/UK23Z4L/eVMESEl5GJHwjuxRrRfcg5WNYv4rIkV5T33UUHK5z8K6aFynGXayjO2lB88k9CcmV7Fi9C4/glg56Acl+oNQaJA5mS9T4P7G3Z03zleCvRDGO3qBtc+ok5A2EKVAXnoS6rPvSKlATrJ6fvEtRmY3QKTMY7qwzgZzRqL0x3mPl5NlJQ6w+/Ava68HVRt6LQjCu1W5FVvfnWzB7xjuSZyCMkp+ZyAF6pAUULiHrBsoVFkJr1nLBUf0xdoXucfM2PR0r90LR/t9Q0WBau87wviXi7aE7E7D516wkRTEZ8c7hn/encHDWqzf1tpdUJnj6uTjy/5IsQ5ceO/5etgk9kVigC6jfuEKUA0OGTY9bj19KlAhWY3dSGFCD9FuLGCQpYHYGzP3KiJywW34NvD63Ya7St70CCh2Z+f43UoHLaBg5oroguYqqOoV4eyCuk3ZnYNS7/eOY/5txOYZqh1U1MD+gLXQXUKywpwRxPldANR/JH93+EeLcTMI42lAlpGof5dT3QA264XG5WlIAFQ13Q8dP4dfSFld6cWkRa5xsHpRjJfgEEc/svQGKAoAM50UXNZFTktDEz+xgAxHBfk4ygzxcnLlUdFhQFjkLjtr1gIZE/tlhxMx1nawjfmgXWc1ixkib4PjT8+j0V01d4IaqFlbDT7EQgNq/vh1naVZ7jaE6viFjoavGObazw47Kj2UY26scKdCjH1bH914W0oON6elXCx6zsYDR35uzZyFbwRp40LOgs7SxedxY0EQ6h0iAF1khZP5NYrzZ3iwoCjak4sCvw34AmViWUdc6WS6DKlgl/lN6YAySsN/jpBzKDQDau3a23sLs/7N7YOtP2AH8uC42sjVzt90RCr5zaluGXzVMgFrgq/jyzQZJygaHn1S1LCGsub1UinLPPLnmCC8YyKAGtDnQINEB21fXtZfKFKPyYIshexcZTTLc0pwMgtA/rYWzP5m5ZbM7lmH2r2GCCjVyZ5PbThQ8YHbQfhWIih3Ai8OH6ye7x3N1xqAs14YQ+nY/IGqlKPbvdxcNVp6XyHQLTTXMrqWoo6OsprIDB8PjE2x/aunSuKaQdrpLJ9sY2NBU1nLCiTE71zVHLYWdL/vaC2oOrxbkiOPxupK+V0jHlRxdQpzoaQoPk1IYiIV2FkyV9cjNxpnE7sCnrHdfiYfsC8a7vvimSCm3khpKuly4dwPMVRc0ruB0slyYM6qYi+zYH9Y/IAt6j+jDDun1afQpzKRhn8MkF/jJ2ejnqEjYmOOl7sIWyDs39whTUo46/SbcMtf9MkALU9B+clNrLVUza9wCx42zb3CiguOmCFEZOdE2P2H7XRZlMeaO7CeakVIEMWpbhQ+DlV6hsEexHp4491Xrnr14ot8ftO6SFLGbwYyA+nyJWJlr4cybRGnSOYGv9kny8HeB645qmySu+0Mykoz+EPeVWitbpSsfUitIoattz1V3HAAOj3Sa3dASkcVAPMx3E66TdVU9ZWHz/xBD6iAHeP6+5X3JiiRERjVjNXg4Y7U6FNjPGddGZCnONjS2NDo+yVVU/gB1iVgIPuGOPL9ghYPf7GT00ryfGj9H0o5ECb/FwqzgYfsBUyx+OkTFv3rSJfr7rssocWwVtC3hmmNIs8Km29RtkWCEzHMpCij1S+gQ+lDihCPBq9OwFYE5PvPWhmSevwxDtByM+6+UNzYzkThoyORKTW5W0JYydZ8UEQ19MVxPvlMJV3tEj7HsKK6wKbIzK/4B6ITB9qC8WVNdn/vpjaAy9uB7+SEMb288aKG9dMDmMRnoUj/kBBkGO3i2hjMwsAyzA2v2wCMQLqTTANR9+p2kVRzO9LcY1CR2iKKREBL2j9qgfCWqJRuzQK8IvJ0OMARyN+s/1nEFYuwubyvkWFsnm97KmnWY8tKqw/HdY3Q2HJbwB4ZD9fScwK0Lcb2jJefaLg0C+YPDau6o8oWBWP7tr/p0xnJeGJvUQsYtOzRJ7wnPiHAxi2/YabOBiC/9TrsQzfG9dU/msCRiGe8KV3Anl9SaZNNxgTSwwYvHIhljJ+VIiQl5ZGBKntIyK56WHaxKwNKhrbSm3llLbS/qErOuZVall9oG9xEGtrjPuqURXCoYje8h9Dlbeqhi7F0Dsvi2nHs7e3/5yMeff5IpW5vREqCYAW2jqnu6b3W7w3Da1NCP05M5LimLxDBj9t193qbJ7aPI8P7yOWZs+htZLlqMpYu4XMIw2UwCYpBzFfMIqaZQyxJwP09F80gjhNZj0C5nMJjXjbWuPkMbM1+hH/lyz+6bmq4cFN2Q7h41kXa+lr9WP2zBx9rcAZdYK4YkhAS6yiXtQ1iiXXuHcZaiLme/TTppuzhrQjmJJ/pLzut/GSEAl5BtxwkdZcoa6FIVOLh1GleiA0mv1bQrfJh/ej6RfJ0h/SOF3hr8SrquyqfLdachEDzYP17ELy4R3Po8vZG+WL4YLqsPkmBZ8HgPXcalSB8Imnl8qhOnBbDlHnwGwOvrgXgQgtRHj0sSAqglY2SZvTYKNUwVZUpDQ7XMQRjApK5WzcJYp1onYKLmVSBTTC
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886741",
        "to_ids": true,
        "type": "malware-sample",
        "uuid": "58725095-9bfc-4bb1-b047-4822950d210f",
        "value": "fancybear-master.zip|670c75b0c372cf8fd7da2d887a49110c"
      },
      {
        "category": "Payload installation",
        "comment": "zip file of the github master branch",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886743",
        "to_ids": true,
        "type": "filename|sha1",
        "uuid": "58725097-6eb0-4520-8318-48f8950d210f",
        "value": "fancybear-master.zip|4e63fc81bc611b5efcfd1091fc63ca6e3cc80842"
      },
      {
        "category": "Payload installation",
        "comment": "zip file of the github master branch",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483886744",
        "to_ids": true,
        "type": "filename|sha256",
        "uuid": "58725098-349c-4071-aa86-48fb950d210f",
        "value": "fancybear-master.zip|26bb761ced7b7b1b418f46d3908ac626985480795ce5e4b659c59eb5acd1fdab"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1483946711",
        "to_ids": true,
        "type": "url",
        "uuid": "58733ad7-1798-4cb7-b296-43cc950d210f",
        "value": "http://trasitionmail.com/mail2"
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"Event": {`
			`"analysis": "0",`
			`"date": "2017-01-08",`
			`"extends_uuid": "",`
			`"info": "OSINT - Fancy Bear Source Code",`
			`"publish_timestamp": "1483946722",`
			`"published": true,`
			`"threat_level_id": "2",`
			`"timestamp": "1483946711",`
			`"uuid": "58724cbf-5508-4425-ab89-4f61950d210f",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#12e000",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "misp-galaxy:threat-actor=\"Sofacy\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "tlp:white",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0082e1",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "osint:certainty=\"75\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#00497f",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "osint:source-type=\"source-code-repository\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#a200ca",`
chg: [feed] updated 2024-04-05 12:15:17 +00:00			`"local": false,`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"name": "ms-caro-malware:malware-platform=\"Python\"",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Social network",`
			`"comment": "Source of the information - IR performed by the github user and pushed publicly",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886583",`
			`"to_ids": false,`
			`"type": "github-repository",`
			`"uuid": "58724d03-65d4-4872-962a-4263950d210f",`
			`"value": "rickey-g/fancybear"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483885861",`
			`"to_ids": false,`
			`"type": "comment",`
			`"uuid": "58724d25-fbd4-4270-8f3c-4289950d210f",`
			"value": "# Fancy Bear Source Code \r\nThis repo contains actual source code found during IR.\r\nThe code provides a communication channel for the attacker and infected client. It uses Google's gmail servers to send and receive encoded messages.\r\n\r\n### Some artifacts are summorized below\r\n- Comments are in english, with a lot of grammar mistakes\r\n- Subject of an email is: 'piradi nomeri'. This is Georgian language\r\n- It saves files with dataluri_timetsamp.dat. 'Dataluri' is also Georgian for \"details\".\r\n- In the email body it uses the word: \"gamarjoba\". Meaning 'Hello' in Russian and Georgian.\r\n\r\n### These are the Gmail account details used, I've verified they once worked (but not anymore!)\r\n- POP3_MAIL_IP = 'pop.gmail.com' \r\n- POP3_PORT = 995\r\n- POP3_ADDR = 'jassnovember30@gmail.com'\r\n- POP3_PASS = '30Jass11'\r\n- SMTP_MAIL_IP = 'smtp.gmail.com'\r\n- SMTP_PORT = 587\r\n- SMTP_TO_ADDR = 'userdf783@mailtransition.com'\r\n- SMTP_FROM_ADDR = 'ginabetz75@gmail.com'\r\n- SMTP_PASS = '75Gina75'\r\n \r\n### Command and Control server\r\n- XAS_IP = '104.152.187.66'\r\n- XAS_GATE = '/updates/'\r\n\r\nThe code is completely left as found on the original server, including the log files."
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "Source of the information - IR performed by the github user and pushed publicly",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886648",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58724d6c-0e30-4815-aa87-499c950d210f",`
			`"value": "https://github.com/rickey-g/fancybear"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483885980",`
			`"to_ids": true,`
			`"type": "email-src",`
			`"uuid": "58724d9c-d95c-4221-91a4-409e950d210f",`
			`"value": "jassnovember30@gmail.com"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886002",`
			`"to_ids": true,`
			`"type": "email-dst",`
			`"uuid": "58724db2-4a54-4329-93b6-444f950d210f",`
			`"value": "userdf783@mailtransition.com"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886056",`
			`"to_ids": true,`
			`"type": "email-dst",`
			`"uuid": "58724de8-45f0-4f8e-be18-41a0950d210f",`
			`"value": "ginabetz75@gmail.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Command and Control server in default config",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886151",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58724e47-f46c-4c95-bdc9-47b9950d210f",`
			`"value": "104.152.187.66"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Command and Control server",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886192",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58724e70-bc04-467e-a1ac-434e950d210f",`
			`"value": "104.152.187.66/updates/"`
			`},`
			`{`
			`"category": "Payload installation",`
			`"comment": "zip file of the github master branch",`
			"data": "UEsDBBQACQAIALV1KEqK4X6w9NECAD8cAwAgABwANjcwYzc1YjBjMzcyY2Y4ZmQ3ZGEyZDg4N2E0OTExMGNVVAkAA5VQcliVUHJYdXgLAAEEIQAAAAQhAAAARj3QsVLLfS6wBD31EHm2WWc9Be1+LoiwaeiW/NkX0xZdV6A4K1weS0dScczb/iSs8UYm5HnSvoW6bUm6hs/7LDrSNLfoqNQHylplJTjD61s9cVY+hrno+5Dm7kxLq7WRpLjxnQv7hVWRvfVieSbkXBz41ueQfYv5mm6xpQ98VvQ9TqhOUkJLhGj/VHqiWnVyC8cP/atbQXg1a8fcHb9PsvNqlwYNK/246Dwof2HZ0P6tirb54mnillU7mMmBVx2DASu8zjD9kCf4MJJ2F2Bs9SLLzTvTRr1Y6zlw2cVg0g2n6981A9yty77qoItjYKNt++EkzFpse3XzXQbJ/EtqE7jQeSz/2FLXfBC5fCd+aSBiVlKWWTRU3dq3YAYgmgMNZd0nd23qLIzjdAUYS/haS+tdMItxsrrEJzHWiBhmhBhGC/ZokVjupQqUCH+Ave2aWxIm5DCXwyzmN0k3v7uaO5It2en+vUGZN8DeGoZtDwn8s+2CnnadXJRZE40C/1oSoEYJJIsQPQYRYhiLOWtEr1//NNpWSOq/KgCtkAWXuJ0Vy7/LlBec7pnylBW4UergkkHNtpgu6zGeDMLg+FesoKkRVAhO2H6xDQvf2rAWSPeQGR2ivYmgBRkie/eoqO9x+cNaybgg2be1ggMfzyV4qn+ejx8IpxrL/AMqQPLbxr2DYwKnoXGR/pHSoI5/VD9JNNjFvhHPIwiE0NQHv/VxY/sVQnkO5Oesi82rg5lSx5vmb5F9htKovgqRn2Iw2Xi1xIGdtKNf9GDvDkF1ltFn/S2hzkBXCtyEpckuzIkhxXOD2qF7CwHAp13yP0CCz74JjbXtbb2NCoaXKNWBsHE8B91lrDJABaJDC3ShTOO3jg+amL25s0t6H1mxFmc8ah8CXJ814UFNPHOgRhzsto3Dd+9t81anvVf4JY+Tct38LlSOMnTkgLUUqpYp7ycQGlmCddL0JUjiZe6aX9r/XpM4AwYB/U4xAU7hQ+UqCk0rVLlLds9TONqKJ0eT9jQ5MUkVJyH/dASMLF6bvXeTMA2w1o2lqe/AYvlqcmKPzpDdQXcxL6EgsaM5qMhVWLowpoQWZRva/0YhVyqfQo0sNLEv1bEAyzgtJ1NovEDwcVet26sKSaC9gDcV+fpDR5LOCPDDAHZumfkVXLoBY8lKAkvsIaJFDVtB+46quDXUTJWzFhfCvAIQ9eyIk5JTbTDe9AqKh83fxt/HvK6YGpvmay8iHpHERbOX03aQXrCulSNnHBQMkn4Z0Pbmo2FUQTuDmpHd+BnU8OpYyiPF59hkdilpe/XNpkUPuFqj4PsMQEAd64ygkWWrLpBXWguF7dboZ8C3MrcJTDYDReR+FO57cddJT1bh+b+9jmyotdja7H/+j4QjiV8vN5FHOy/UK23Z4L/eVMESEl5GJHwjuxRrRfcg5WNYv4rIkV5T33UUHK5z8K6aFynGXayjO2lB88k9CcmV7Fi9C4/glg56Acl+oNQaJA5mS9T4P7G3Z03zleCvRDGO3qBtc+ok5A2EKVAXnoS6rPvSKlATrJ6fvEtRmY3QKTMY7qwzgZzRqL0x3mPl5NlJQ6w+/Ava68HVRt6LQjCu1W5FVvfnWzB7xjuSZyCMkp+ZyAF6pAUULiHrBsoVFkJr1nLBUf0xdoXucfM2PR0r90LR/t9Q0WBau87wviXi7aE7E7D516wkRTEZ8c7hn/encHDWqzf1tpdUJnj6uTjy/5IsQ5ceO/5etgk9kVigC6jfuEKUA0OGTY9bj19KlAhWY3dSGFCD9FuLGCQpYHYGzP3KiJywW34NvD63Ya7St70CCh2Z+f43UoHLaBg5oroguYqqOoV4eyCuk3ZnYNS7/eOY/5txOYZqh1U1MD+gLXQXUKywpwRxPldANR/JH93+EeLcTMI42lAlpGof5dT3QA264XG5WlIAFQ13Q8dP4dfSFld6cWkRa5xsHpRjJfgEEc/svQGKAoAM50UXNZFTktDEz+xgAxHBfk4ygzxcnLlUdFhQFjkLjtr1gIZE/tlhxMx1nawjfmgXWc1ixkib4PjT8+j0V01d4IaqFlbDT7EQgNq/vh1naVZ7jaE6viFjoavGObazw47Kj2UY26scKdCjH1bH914W0oON6elXCx6zsYDR35uzZyFbwRp40LOgs7SxedxY0EQ6h0iAF1khZP5NYrzZ3iwoCjak4sCvw34AmViWUdc6WS6DKlgl/lN6YAySsN/jpBzKDQDau3a23sLs/7N7YOtP2AH8uC42sjVzt90RCr5zaluGXzVMgFrgq/jyzQZJygaHn1S1LCGsub1UinLPPLnmCC8YyKAGtDnQINEB21fXtZfKFKPyYIshexcZTTLc0pwMgtA/rYWzP5m5ZbM7lmH2r2GCCjVyZ5PbThQ8YHbQfhWIih3Ai8OH6ye7x3N1xqAs14YQ+nY/IGqlKPbvdxcNVp6XyHQLTTXMrqWoo6OsprIDB8PjE2x/aunSuKaQdrpLJ9sY2NBU1nLCiTE71zVHLYWdL/vaC2oOrxbkiOPxupK+V0jHlRxdQpzoaQoPk1IYiIV2FkyV9cjNxpnE7sCnrHdfiYfsC8a7vvimSCm3khpKuly4dwPMVRc0ruB0slyYM6qYi+zYH9Y/IAt6j+jDDun1afQpzKRhn8MkF/jJ2ejnqEjYmOOl7sIWyDs39whTUo46/SbcMtf9MkALU9B+clNrLVUza9wCx42zb3CiguOmCFEZOdE2P2H7XRZlMeaO7CeakVIEMWpbhQ+DlV6hsEexHp4491Xrnr14ot8ftO6SFLGbwYyA+nyJWJlr4cybRGnSOYGv9kny8HeB645qmySu+0Mykoz+EPeVWitbpSsfUitIoattz1V3HAAOj3Sa3dASkcVAPMx3E66TdVU9ZWHz/xBD6iAHeP6+5X3JiiRERjVjNXg4Y7U6FNjPGddGZCnONjS2NDo+yVVU/gB1iVgIPuGOPL9ghYPf7GT00ryfGj9H0o5ECb/FwqzgYfsBUyx+OkTFv3rSJfr7rssocWwVtC3hmmNIs8Km29RtkWCEzHMpCij1S+gQ+lDihCPBq9OwFYE5PvPWhmSevwxDtByM+6+UNzYzkThoyORKTW5W0JYydZ8UEQ19MVxPvlMJV3tEj7HsKK6wKbIzK/4B6ITB9qC8WVNdn/vpjaAy9uB7+SEMb288aKG9dMDmMRnoUj/kBBkGO3i2hjMwsAyzA2v2wCMQLqTTANR9+p2kVRzO9LcY1CR2iKKREBL2j9qgfCWqJRuzQK8IvJ0OMARyN+s/1nEFYuwubyvkWFsnm97KmnWY8tKqw/HdY3Q2HJbwB4ZD9fScwK0Lcb2jJefaLg0C+YPDau6o8oWBWP7tr/p0xnJeGJvUQsYtOzRJ7wnPiHAxi2/YabOBiC/9TrsQzfG9dU/msCRiGe8KV3Anl9SaZNNxgTSwwYvHIhljJ+VIiQl5ZGBKntIyK56WHaxKwNKhrbSm3llLbS/qErOuZVall9oG9xEGtrjPuqURXCoYje8h9Dlbeqhi7F0Dsvi2nHs7e3/5yMeff5IpW5vREqCYAW2jqnu6b3W7w3Da1NCP05M5LimLxDBj9t193qbJ7aPI8P7yOWZs+htZLlqMpYu4XMIw2UwCYpBzFfMIqaZQyxJwP09F80gjhNZj0C5nMJjXjbWuPkMbM1+hH/lyz+6bmq4cFN2Q7h41kXa+lr9WP2zBx9rcAZdYK4YkhAS6yiXtQ1iiXXuHcZaiLme/TTppuzhrQjmJJ/pLzut/GSEAl5BtxwkdZcoa6FIVOLh1GleiA0mv1bQrfJh/ej6RfJ0h/SOF3hr8SrquyqfLdachEDzYP17ELy4R3Po8vZG+WL4YLqsPkmBZ8HgPXcalSB8Imnl8qhOnBbDlHnwGwOvrgXgQgtRHj0sSAqglY2SZvTYKNUwVZUpDQ7XMQRjApK5WzcJYp1onYKLmVSBTTC
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886741",`
			`"to_ids": true,`
			`"type": "malware-sample",`
			`"uuid": "58725095-9bfc-4bb1-b047-4822950d210f",`
			`"value": "fancybear-master.zip\|670c75b0c372cf8fd7da2d887a49110c"`
			`},`
			`{`
			`"category": "Payload installation",`
			`"comment": "zip file of the github master branch",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886743",`
			`"to_ids": true,`
			`"type": "filename\|sha1",`
			`"uuid": "58725097-6eb0-4520-8318-48f8950d210f",`
			`"value": "fancybear-master.zip\|4e63fc81bc611b5efcfd1091fc63ca6e3cc80842"`
			`},`
			`{`
			`"category": "Payload installation",`
			`"comment": "zip file of the github master branch",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483886744",`
			`"to_ids": true,`
			`"type": "filename\|sha256",`
			`"uuid": "58725098-349c-4071-aa86-48fb950d210f",`
			`"value": "fancybear-master.zip\|26bb761ced7b7b1b418f46d3908ac626985480795ce5e4b659c59eb5acd1fdab"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1483946711",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58733ad7-1798-4cb7-b296-43cc950d210f",`
			`"value": "http://trasitionmail.com/mail2"`
			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`]`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`