misp-circl-feed/feeds/circl/misp/fba1fa66-183d-4e82-bb89-78bfcb4d6e29.json

{
  "Event": {
    "analysis": "2",
    "date": "2022-10-03",
    "extends_uuid": "",
    "info": "OSINT of Exchange 0-day campaign (Atos)",
    "publish_timestamp": "1717153425",
    "published": true,
    "threat_level_id": "1",
    "timestamp": "1666617468",
    "uuid": "fba1fa66-183d-4e82-bb89-78bfcb4d6e29",
    "Orgc": {
      "name": "Centre for Cyber security Belgium",
      "uuid": "5cf66e53-b5f8-43e7-be9a-49880a3b4631"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#075200",
        "local": false,
        "name": "admiralty-scale:source-reliability=\"b\"",
        "relationship_type": ""
      },
      {
        "colour": "#f38e82",
        "local": false,
        "name": "Microsoft Exchange Vulnerability",
        "relationship_type": ""
      },
      {
        "colour": "#cb58ae",
        "local": false,
        "name": "Zero Day",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#986400",
        "local": false,
        "name": "cert-ist:threat_targeted_sector=\"Gov\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:financial-fraud=\"Spear phishing\"",
        "relationship_type": ""
      },
      {
        "colour": "#9f6900",
        "local": false,
        "name": "cert-ist:threat_targeted_sector=\"Media\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:sector=\"Government, Administration\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:region=\"142 - Asia\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:region=\"150 - Europe\"",
        "relationship_type": ""
      },
      {
        "colour": "#11d000",
        "local": false,
        "name": "admiralty-scale:information-credibility=\"3\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "ba307599-e813-4e5f-94ff-f4e36fd71d41",
        "value": "206.188.196.77"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "de4ccfb9-0453-4b83-93ca-80893d086abb",
        "value": "rkn-redirect.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "hostname",
        "uuid": "61be67f9-ec2a-4429-8161-f09e7cba0905",
        "value": "mail.ticaret.gov.tr-redirect.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "5c05c0b0-0cc8-4446-a4c8-335b9ffa085f",
        "value": "162.33.179.130"
      },
      {
        "category": "Payload delivery",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "email-src",
        "uuid": "bf62496c-e4ad-49cc-bff7-53235eba9c76",
        "value": "vpscontrollervnc@protonmail.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "ae79c28f-487c-4652-9b7e-71637cd2e8e9",
        "value": "openattachment.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "1890b51c-0238-4495-93ee-634cb4f9e869",
        "value": "openingfile.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "0238308c-bf90-4503-906b-fca2d4e2f060",
        "value": "northapollon.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "3a1765c3-086d-4a3d-b404-ce336f2600b0",
        "value": "openfile-attachment.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806598",
        "to_ids": true,
        "type": "domain",
        "uuid": "82c5c66e-934c-4f00-afa9-26e148296ba1",
        "value": "united-nation-news.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "e1cadeb5-bef6-41b3-ae08-7aa7946f4589",
        "value": "byannika.com"
      },
      {
        "category": "Payload delivery",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "email-src",
        "uuid": "a8591697-e631-48c7-b2c7-feea313372c9",
        "value": "netxv@bk.ru"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "d98d097f-cadb-440e-b172-37799f9f4fd7",
        "value": "tr-redirect.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "116795b5-4ebd-4792-8116-b220518aed43",
        "value": "web-document.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "f6f0cc0c-c369-41dd-9f8f-dc941b9d0cc1",
        "value": "178.20.40.95"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "9b57c1c2-dc85-478a-b1ec-7bb6a587e03f",
        "value": "168.100.10.30"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "d21024e3-6ee7-4939-b808-9e545cad0331",
        "value": "mfa-tj.download"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c2ab9b0-db03-494b-b621-3ac188bf3f7d",
        "value": "akipress.news"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "ce3af728-e3b9-4f40-846f-f03cb1a28327",
        "value": "mail.antikor.gov.kz.openingfile.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "2c77ecad-aada-42a2-9696-c27a56506ed6",
        "value": "mail.gov.kg.openingfile.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "d4092f08-8029-4e76-9055-2607dee1781f",
        "value": "mail.agro.gov.kg.openingfile.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "e4687f58-79d8-4d06-a8a9-8ecbf8d4d0d2",
        "value": "telegram.akipress.news"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "d768ea49-139f-4dcf-8af5-4e837888c5fb",
        "value": "mail.mfa.gov.kg.openingfile.net"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "hostname",
        "uuid": "fdbc158a-2253-4cb3-af63-2eed91f6cf2e",
        "value": "mail.aop.gov.af.openingfile.net"
      },
      {
        "category": "Payload delivery",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "email-src",
        "uuid": "29466e30-8056-4cd3-89b0-bc6aa16b48f3",
        "value": "account0021@protonmail.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "83fd3c39-85b1-4e21-9735-9a006ddabc01",
        "value": "auth0rization.cloud"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "91b7b424-d362-49a1-b9f4-494cfe17b960",
        "value": "united-nations-news.com"
      },
      {
        "category": "Network activity",
        "comment": "Used as part of targeted attacks against government sectors",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1664806599",
        "to_ids": true,
        "type": "domain",
        "uuid": "5053b6b1-6a3a-4a23-8560-fb69b72ba8a8",
        "value": "application-download.net"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",
        "meta-category": "misc",
        "name": "annotation",
        "template_uuid": "5d8dc046-15a1-4ca3-a09f-ed4ede7c4487",
        "template_version": "3",
        "timestamp": "1666617086",
        "uuid": "239abc6c-9a8a-4fe5-8b09-14b2ee4c570b",
        "Attribute": [
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "creation-date",
            "timestamp": "1666617086",
            "to_ids": false,
            "type": "datetime",
            "uuid": "9b07c0fa-65f5-437b-8f2e-4e3a8e939826",
            "value": "2022-10-03T00:00:00+00:00"
          },
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ref",
            "timestamp": "1666617086",
            "to_ids": false,
            "type": "link",
            "uuid": "9b630af7-92a2-4e22-aa39-9b7b253cfd8d",
            "value": "https://atos.net/en/lp/security-dive-blog-vulnerability-0-day-exchange"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "text",
            "timestamp": "1666617086",
            "to_ids": false,
            "type": "text",
            "uuid": "decb8987-f071-416c-86f9-08f11b0aad32",
            "value": "Reports of new 0-day vulnerabilities electrify the Cybersecurity community, especially when they affect commonly used products. Recent news about the successor of the infamous ProxyShell -CVE-2022-41040, CVE-2022-41082 \u2013 found in Microsoft Exchange and disclosed by researchers at GTSC Research Lab on 28/09/2022 pushed our TI operations to understand the attackers\u2019 infrastructure better. Our brief analysis is evidence that it is worthwhile to do enrichment of available IOCs to build additional context and try to determine the motivations and origins of threat actors."
          },
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "type",
            "timestamp": "1666617086",
            "to_ids": false,
            "type": "text",
            "uuid": "0b930c20-ddbb-4092-941e-5ef42965783e",
            "value": "Full Report"
          }
        ]
      }
    ]
  }
}
chg: [feeds] updated 2024-08-07 08:13:15 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2022-10-03",`
			`"extends_uuid": "",`
			`"info": "OSINT of Exchange 0-day campaign (Atos)",`
			`"publish_timestamp": "1717153425",`
			`"published": true,`
			`"threat_level_id": "1",`
			`"timestamp": "1666617468",`
			`"uuid": "fba1fa66-183d-4e82-bb89-78bfcb4d6e29",`
			`"Orgc": {`
			`"name": "Centre for Cyber security Belgium",`
			`"uuid": "5cf66e53-b5f8-43e7-be9a-49880a3b4631"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "tlp:clear",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#075200",`
			`"local": false,`
			`"name": "admiralty-scale:source-reliability=\"b\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#f38e82",`
			`"local": false,`
			`"name": "Microsoft Exchange Vulnerability",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#cb58ae",`
			`"local": false,`
			`"name": "Zero Day",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "OSINT",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#00223b",`
			`"local": false,`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#986400",`
			`"local": false,`
			`"name": "cert-ist:threat_targeted_sector=\"Gov\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": false,`
			`"name": "misp-galaxy:financial-fraud=\"Spear phishing\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#9f6900",`
			`"local": false,`
			`"name": "cert-ist:threat_targeted_sector=\"Media\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": false,`
			`"name": "misp-galaxy:sector=\"Government, Administration\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": false,`
			`"name": "misp-galaxy:region=\"142 - Asia\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": false,`
			`"name": "misp-galaxy:region=\"150 - Europe\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#11d000",`
			`"local": false,`
			`"name": "admiralty-scale:information-credibility=\"3\"",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "ba307599-e813-4e5f-94ff-f4e36fd71d41",`
			`"value": "206.188.196.77"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "de4ccfb9-0453-4b83-93ca-80893d086abb",`
			`"value": "rkn-redirect.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "61be67f9-ec2a-4429-8161-f09e7cba0905",`
			`"value": "mail.ticaret.gov.tr-redirect.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "5c05c0b0-0cc8-4446-a4c8-335b9ffa085f",`
			`"value": "162.33.179.130"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "email-src",`
			`"uuid": "bf62496c-e4ad-49cc-bff7-53235eba9c76",`
			`"value": "vpscontrollervnc@protonmail.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "ae79c28f-487c-4652-9b7e-71637cd2e8e9",`
			`"value": "openattachment.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "1890b51c-0238-4495-93ee-634cb4f9e869",`
			`"value": "openingfile.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "0238308c-bf90-4503-906b-fca2d4e2f060",`
			`"value": "northapollon.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "3a1765c3-086d-4a3d-b404-ce336f2600b0",`
			`"value": "openfile-attachment.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806598",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "82c5c66e-934c-4f00-afa9-26e148296ba1",`
			`"value": "united-nation-news.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "e1cadeb5-bef6-41b3-ae08-7aa7946f4589",`
			`"value": "byannika.com"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "email-src",`
			`"uuid": "a8591697-e631-48c7-b2c7-feea313372c9",`
			`"value": "netxv@bk.ru"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "d98d097f-cadb-440e-b172-37799f9f4fd7",`
			`"value": "tr-redirect.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "116795b5-4ebd-4792-8116-b220518aed43",`
			`"value": "web-document.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "f6f0cc0c-c369-41dd-9f8f-dc941b9d0cc1",`
			`"value": "178.20.40.95"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "9b57c1c2-dc85-478a-b1ec-7bb6a587e03f",`
			`"value": "168.100.10.30"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "d21024e3-6ee7-4939-b808-9e545cad0331",`
			`"value": "mfa-tj.download"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5c2ab9b0-db03-494b-b621-3ac188bf3f7d",`
			`"value": "akipress.news"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "ce3af728-e3b9-4f40-846f-f03cb1a28327",`
			`"value": "mail.antikor.gov.kz.openingfile.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "2c77ecad-aada-42a2-9696-c27a56506ed6",`
			`"value": "mail.gov.kg.openingfile.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "d4092f08-8029-4e76-9055-2607dee1781f",`
			`"value": "mail.agro.gov.kg.openingfile.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "e4687f58-79d8-4d06-a8a9-8ecbf8d4d0d2",`
			`"value": "telegram.akipress.news"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "d768ea49-139f-4dcf-8af5-4e837888c5fb",`
			`"value": "mail.mfa.gov.kg.openingfile.net"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "hostname",`
			`"uuid": "fdbc158a-2253-4cb3-af63-2eed91f6cf2e",`
			`"value": "mail.aop.gov.af.openingfile.net"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "email-src",`
			`"uuid": "29466e30-8056-4cd3-89b0-bc6aa16b48f3",`
			`"value": "account0021@protonmail.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "83fd3c39-85b1-4e21-9735-9a006ddabc01",`
			`"value": "auth0rization.cloud"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "91b7b424-d362-49a1-b9f4-494cfe17b960",`
			`"value": "united-nations-news.com"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Used as part of targeted attacks against government sectors",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1664806599",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "5053b6b1-6a3a-4a23-8560-fb69b72ba8a8",`
			`"value": "application-download.net"`
			`}`
			`],`
			`"Object": [`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",`
			`"meta-category": "misc",`
			`"name": "annotation",`
			`"template_uuid": "5d8dc046-15a1-4ca3-a09f-ed4ede7c4487",`
			`"template_version": "3",`
			`"timestamp": "1666617086",`
			`"uuid": "239abc6c-9a8a-4fe5-8b09-14b2ee4c570b",`
			`"Attribute": [`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "creation-date",`
			`"timestamp": "1666617086",`
			`"to_ids": false,`
			`"type": "datetime",`
			`"uuid": "9b07c0fa-65f5-437b-8f2e-4e3a8e939826",`
			`"value": "2022-10-03T00:00:00+00:00"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "ref",`
			`"timestamp": "1666617086",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "9b630af7-92a2-4e22-aa39-9b7b253cfd8d",`
			`"value": "https://atos.net/en/lp/security-dive-blog-vulnerability-0-day-exchange"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "text",`
			`"timestamp": "1666617086",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "decb8987-f071-416c-86f9-08f11b0aad32",`
			"value": "Reports of new 0-day vulnerabilities electrify the Cybersecurity community, especially when they affect commonly used products. Recent news about the successor of the infamous ProxyShell -CVE-2022-41040, CVE-2022-41082 \u2013 found in Microsoft Exchange and disclosed by researchers at GTSC Research Lab on 28/09/2022 pushed our TI operations to understand the attackers\u2019 infrastructure better. Our brief analysis is evidence that it is worthwhile to do enrichment of available IOCs to build additional context and try to determine the motivations and origins of threat actors."
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "type",`
			`"timestamp": "1666617086",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "0b930c20-ddbb-4092-941e-5ef42965783e",`
			`"value": "Full Report"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`