misp-circl-feed/feeds/circl/stix-2.1/81f607d5-2b83-477c-95f5-342030de6570.json

1308 lines
54 KiB
JSON
Raw Normal View History

2023-12-14 14:30:15 +00:00
{
"type": "bundle",
"id": "bundle--81f607d5-2b83-477c-95f5-342030de6570",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-12T12:42:41.000Z",
"modified": "2023-07-12T12:42:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--81f607d5-2b83-477c-95f5-342030de6570",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-12T12:42:41.000Z",
"modified": "2023-07-12T12:42:41.000Z",
"name": "Chinese Threat Actors Targeting Europe in SmugX Campaign",
"published": "2023-07-12T12:42:53Z",
"object_refs": [
"indicator--918d4b5b-4477-49a0-a9fb-0085e9992b07",
"indicator--57317342-6458-427e-89b2-9a3ba097bfcb",
"indicator--f588c595-946f-4d8b-94c9-f217b5956e17",
"indicator--236c2d6a-3c41-4369-a4e3-9b371371b6cb",
"indicator--9eb2e07d-4dd1-48a1-930e-ea58ecfb0268",
"indicator--38427789-8f29-4e78-b8c8-5d2fbfb2671b",
"indicator--b879469e-f585-487b-8be5-e42d7f58cd3d",
"indicator--c640cf82-25b2-4bc9-b687-a6d2fc9b7b45",
"indicator--f7862093-0ace-4081-8bcc-87757be6df7c",
"indicator--030ac331-5f4a-480d-a8ce-85b886c460b3",
"indicator--d02a5889-c523-4239-af4e-47432c36bfb9",
"indicator--f7442091-f412-415c-a8de-dbb3fbd77d11",
"indicator--dc275756-44a8-410c-ac12-e5ad42cf0c24",
"indicator--d648e16e-8955-4d59-8f5c-f60021a8e321",
"indicator--c303a4a0-0f51-444c-bca8-5a81b9b7b007",
"indicator--ade041fe-db67-4a5d-b52f-4a0eb90cf238",
"indicator--fed631dc-e32b-4126-a750-19f671bc4e19",
"indicator--7d600d01-043a-4e0b-8351-65470c9383ae",
"indicator--6b87864c-b0ca-4be8-9b60-19e2134b0eec",
"indicator--c4b96fad-75ad-44a8-a961-e1e1d23d5eea",
"indicator--5201eecc-c54e-41d9-81a4-847be85b77b7",
"indicator--d97638bc-4323-4f3a-bdda-5e5fa6c0c29d",
"indicator--8e31f890-9f9d-4859-99a4-6492a27c929f",
"indicator--c4d542d1-127a-4cc4-9449-1b8a12e2abac",
"indicator--2f9be8b8-9990-46c3-b127-1ad96f0be1b5",
"indicator--83a9b04d-1c87-43a5-8998-49c02e0acb65",
"indicator--62cd6350-dffb-4795-84b1-ca2c0ef4b783",
"indicator--87d95afd-9f4e-4ee3-9de8-3d792f5a1928",
"indicator--e899a5f1-895f-4398-8e36-549f535eb7c0",
"indicator--98da3f2f-aed7-433d-a085-2bd3385c8d3a",
"indicator--15135495-f94c-4d8e-8710-57892fcc53a1",
"indicator--2fd6059c-4e54-4cfb-84bf-f411cf6bab9b",
"indicator--2731a46e-cecc-495c-9a1e-4a860ccbe51f",
"indicator--7fd7ac52-df1a-46c9-a496-b0479f65dd9a",
"indicator--ede4804b-e2e8-46c3-8770-ed7a59e12e82",
"indicator--8be04fa0-a8a5-4120-bf5d-2a65f6e79d92",
"indicator--1a4d83aa-71c5-41bb-bc17-cef04dc5bf35",
"indicator--a59c4e78-186d-4e1e-a435-74b21ea3f13d",
"indicator--ef63127f-e3b8-4521-892b-127b0f2a063c",
"indicator--169b95c2-6a5d-43b1-a35a-301332d91695",
"indicator--1a299fc1-af8a-4b29-8228-b3947a88db2c",
"indicator--970bc7bf-375e-467c-9d2a-8ddb7c18c1bb",
"indicator--88995009-ec15-4814-b8f9-b7e89eb2eaf6",
"indicator--5fac55a3-27a6-4829-9178-c00f9d88bed9",
"indicator--be7699e0-c556-47d3-ac9a-24b3c4bd72bd",
"indicator--c2316ec7-09ef-467b-9c70-e545bd619fe7",
"indicator--e12b5bd9-03fc-4db1-a097-d6ced8fbc05b",
"indicator--1f567817-4fc4-489b-a97f-dbd64c8bf1e2",
"indicator--fcfe2c30-fa5c-4613-8b7c-cebf940aef43",
"x-misp-object--bba1dd1a-32ef-465a-89eb-6f5b3ccab59d"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"misp-galaxy:malpedia=\"RedDelta\"",
"misp-galaxy:malpedia=\"PlugX\"",
"misp-galaxy:mitre-intrusion-set=\"Mustang Panda - G0129\"",
"misp-galaxy:threat-actor=\"Mustang Panda\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--918d4b5b-4477-49a0-a9fb-0085e9992b07",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = 'edb5d4b454b6c7d3abecd6de7099e05575b8f28bb09dfc364e45ce8c16a34fcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57317342-6458-427e-89b2-9a3ba097bfcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = '736451c2593bc1601c52b45c16ad8fd1aec56f868eb3bba333183723dea805af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f588c595-946f-4d8b-94c9-f217b5956e17",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = '0e4b81e04ca77762be2afb8bd451abb2ff46d2831028cde1c5d0ec45199f01a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--236c2d6a-3c41-4369-a4e3-9b371371b6cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = '989ede1df02e4d9620f6caf75a88a11791d156f62fdea4258e12d972df76bc05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9eb2e07d-4dd1-48a1-930e-ea58ecfb0268",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = '10cad59ea2a566597d933b1e8ba929af0b4c7af85481eacaab708ef4ddf6e0ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--38427789-8f29-4e78-b8c8-5d2fbfb2671b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = 'c96723a68fc939c835578ff746f7d4c5371cb82a9c0dffe360bb656acea4d6e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b879469e-f585-487b-8be5-e42d7f58cd3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:47:32.000Z",
"modified": "2023-07-07T07:47:32.000Z",
"description": "html",
"pattern": "[file:hashes.SHA256 = '9ce5abd02d397689d99f62dfbd2a6a396876c6629cb5db453f1dcbbc3465ac9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:47:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c640cf82-25b2-4bc9-b687-a6d2fc9b7b45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:51:03.000Z",
"modified": "2023-07-07T07:51:03.000Z",
"description": "Archives",
"pattern": "[file:hashes.SHA256 = '5f751fb287db51f79bb6df2e330a53b6d80ef3d2af93f09bb786b62e613514db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7862093-0ace-4081-8bcc-87757be6df7c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:51:03.000Z",
"modified": "2023-07-07T07:51:03.000Z",
"description": "Archives",
"pattern": "[file:hashes.SHA256 = 'baca1159acc715545a787d522950117eae5b7dc65efacfe86383f62e6b9b59d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--030ac331-5f4a-480d-a8ce-85b886c460b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:51:03.000Z",
"modified": "2023-07-07T07:51:03.000Z",
"description": "Archives",
"pattern": "[file:hashes.SHA256 = '720a70ca6ee1fbaf06c7cb60d14e27391130407e34e13a092d19f1df2c9c6d05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d02a5889-c523-4239-af4e-47432c36bfb9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:51:03.000Z",
"modified": "2023-07-07T07:51:03.000Z",
"description": "Archives",
"pattern": "[file:hashes.SHA256 = '460c459db77c5625ed1c029b2dd6c6eae5e631b81a169494fb0182d550769f76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7442091-f412-415c-a8de-dbb3fbd77d11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:51:03.000Z",
"modified": "2023-07-07T07:51:03.000Z",
"description": "Archives",
"pattern": "[file:hashes.SHA256 = '277390cc50e00f52e76a6562e6e699b0345497bd1df26c7c41bd56da5b6d1347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T07:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dc275756-44a8-410c-ac12-e5ad42cf0c24",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:05:20.000Z",
"modified": "2023-07-07T08:05:20.000Z",
"description": "JavaScripts",
"pattern": "[file:hashes.SHA256 = '3c6ace055527877778d989f469a5a70eb5ef7700375b850f0b1b8414151105ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d648e16e-8955-4d59-8f5c-f60021a8e321",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:05:20.000Z",
"modified": "2023-07-07T08:05:20.000Z",
"description": "JavaScripts",
"pattern": "[file:hashes.SHA256 = '27a61653ce4e503334413cf80809647ce5dca02ff4aea63fb3a39bc62c9c258c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c303a4a0-0f51-444c-bca8-5a81b9b7b007",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:05:20.000Z",
"modified": "2023-07-07T08:05:20.000Z",
"description": "JavaScripts",
"pattern": "[file:hashes.SHA256 = 'ce308b538ff3a0be0dbcee753db7e556a54b4aeddbddd0c03db7126b08911fe2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ade041fe-db67-4a5d-b52f-4a0eb90cf238",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:07:09.000Z",
"modified": "2023-07-07T08:07:09.000Z",
"description": "MSI",
"pattern": "[file:hashes.SHA256 = 'fd0711a50c8af1dbc5c7ba42b894b2af8a2b03dd7544d20f5a887c93b9834429']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:07:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fed631dc-e32b-4126-a750-19f671bc4e19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:07:09.000Z",
"modified": "2023-07-07T08:07:09.000Z",
"description": "MSI",
"pattern": "[file:hashes.SHA256 = '3489955d23e66d6f34b3ada70b4d228547dbb3ccb0f6c7282553cbbdeaf168cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:07:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d600d01-043a-4e0b-8351-65470c9383ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:07:09.000Z",
"modified": "2023-07-07T08:07:09.000Z",
"description": "MSI",
"pattern": "[file:hashes.SHA256 = '04b99518502774deb4a9d9cf6b54d43ff8f333d8ec5b4b230c0e995542bb2c61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:07:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6b87864c-b0ca-4be8-9b60-19e2134b0eec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:07:09.000Z",
"modified": "2023-07-07T08:07:09.000Z",
"description": "MSI",
"pattern": "[file:hashes.SHA256 = 'bd3881964e351a7691bfc7e997e8a2c8ce4a8e26b79e3712d0cbdc484a5646b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:07:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4b96fad-75ad-44a8-a961-e1e1d23d5eea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:07:09.000Z",
"modified": "2023-07-07T08:07:09.000Z",
"description": "MSI",
"pattern": "[file:hashes.SHA256 = 'ea2869424df2ffbb113017d95ae48ae8ed9897280fd21b26e046c75b3e43b25a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:07:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5201eecc-c54e-41d9-81a4-847be85b77b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"pattern": "[file:name = 'RoboForm.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d97638bc-4323-4f3a-bdda-5e5fa6c0c29d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = 'b00c252a60171f33e32e64891ffe826b8a45f8816acf778838d788897213a405']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e31f890-9f9d-4859-99a4-6492a27c929f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = '2bc30ced135acd6a506cfb557734407f21b70fecd2f645c5b938e14199b24f1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4d542d1-127a-4cc4-9449-1b8a12e2abac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = '0d13a503d86a6450f71408eb82a196718324465744bf6b8c4e0a780fd5be40c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2f9be8b8-9990-46c3-b127-1ad96f0be1b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = '0bdfb922a39103658195d1d37ff584d24f7bd88464e7a119e86d6e3579958cc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--83a9b04d-1c87-43a5-8998-49c02e0acb65",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = 'a0879dd439c7f1ed520aad0c309fe1dbf1a2fc41e2468f4174489a0ec56c47c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--62cd6350-dffb-4795-84b1-ca2c0ef4b783",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = 'bddbc529f23ab6b865bc750508403ef57c8cf77284d613d030949bd37078d880']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87d95afd-9f4e-4ee3-9de8-3d792f5a1928",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = '4547914e17c127d9b53bbc9d44de0e5b867f1a86d2e5ede828cd3188ed7fe838']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e899a5f1-895f-4398-8e36-549f535eb7c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T08:08:37.000Z",
"modified": "2023-07-07T08:08:37.000Z",
"description": "RoboForm.dll",
"pattern": "[file:hashes.SHA256 = '0032d5430f1b5fcfb6a380b4f1d226b6b919f2677340503f04df04235409b2d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T08:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98da3f2f-aed7-433d-a085-2bd3385c8d3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = '62c2e246855d589eb1ec37a9f3bcc0b6f3ba9946532aff8a39a4dc9d3a93f42c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--15135495-f94c-4d8e-8710-57892fcc53a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = 'f7d35cb95256513c07c262d4b03603e073e58eb4cd5fa9aac1e04ecc6e870d42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2fd6059c-4e54-4cfb-84bf-f411cf6bab9b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = 'bf4f8a5f75e9e5ecd752baa73abddd37b014728722ac3d74b82bffa625bf09b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2731a46e-cecc-495c-9a1e-4a860ccbe51f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = '8a6ef9aa3f0762b03f983a1e53e8c731247273aafa410ed884ecd4c4e02c7db8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7fd7ac52-df1a-46c9-a496-b0479f65dd9a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = 'ec3e491a831b4057fc0e2ebe9f43c32f1f07959b6430b323d35d6d409d2b31e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ede4804b-e2e8-46c3-8770-ed7a59e12e82",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = 'bf8e512921522e49d16c638dc8d01bd0a2803a4ef019afbfc2f0941875019ea1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8be04fa0-a8a5-4120-bf5d-2a65f6e79d92",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:18:01.000Z",
"modified": "2023-07-07T10:18:01.000Z",
"description": "Encrypted payload",
"pattern": "[file:hashes.SHA256 = 'ba55542c6fa12865633d6d24f4a81bffd512791a6e0a9b77f6b17a53e2216659']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:18:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1a4d83aa-71c5-41bb-bc17-cef04dc5bf35",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = '8ea34b85dd4fb64f7e6591e4f1c24763fc3421caa7c0f0d8350c67b9bafa4d32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a59c4e78-186d-4e1e-a435-74b21ea3f13d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = '8cac6dfb2a894ff3f530c29e79dcd37810b4628279b9570a34f7e22bd4d416b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef63127f-e3b8-4521-892b-127b0f2a063c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = 'ea5825fa1f39587a88882e87064caae9dd3b79f02438dc3a229c5b775b530c7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--169b95c2-6a5d-43b1-a35a-301332d91695",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = '1acb061ce63ee8ee172fbdf518bd261ef2c46d818ffd4b1614db6ce3daa5a885']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1a299fc1-af8a-4b29-8228-b3947a88db2c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = '08661f40f40371fc8a49380ad3d57521f9d0c2aa322ae4b0a684b27e637aed12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--970bc7bf-375e-467c-9d2a-8ddb7c18c1bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:20:37.000Z",
"modified": "2023-07-07T10:20:37.000Z",
"description": "Decrypted payload",
"pattern": "[file:hashes.SHA256 = '324bfb2f414be221e24aaa9fb22cb49e4d4c0904bd7c203afdff158ba63fe35b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:20:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--88995009-ec15-4814-b8f9-b7e89eb2eaf6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.90.58.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5fac55a3-27a6-4829-9178-c00f9d88bed9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.233.57.136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be7699e0-c556-47d3-ac9a-24b3c4bd72bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.207.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2316ec7-09ef-467b-9c70-e545bd619fe7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '152.152.12.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e12b5bd9-03fc-4db1-a097-d6ced8fbc05b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[domain-name:value = 'jcswcd.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f567817-4fc4-489b-a97f-dbd64c8bf1e2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T10:25:23.000Z",
"modified": "2023-07-07T10:25:23.000Z",
"pattern": "[domain-name:value = 'newsmailnet.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T10:25:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fcfe2c30-fa5c-4613-8b7c-cebf940aef43",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T13:31:11.000Z",
"modified": "2023-07-07T13:31:11.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.134.83.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-07-07T13:31:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bba1dd1a-32ef-465a-89eb-6f5b3ccab59d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-07-07T07:42:43.000Z",
"modified": "2023-07-07T07:42:43.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/",
"category": "External analysis",
"uuid": "96f066f4-4fd7-466e-82fe-8e707db62917"
},
{
"type": "text",
"object_relation": "summary",
"value": "- Check Point Research uncovers a targeted campaign carried out by a Chinese threat actor targeting government entities in Europe, with a focus on foreign and domestic policy entities.\r\n- The campaign leverages HTML Smuggling, a technique in which attackers hide malicious payloads inside HTML documents.\r\n- Following a complex infection chain involving either archives or MSI files, the attacks deploy PlugX, an implant commonly associated with Chinese threat actors.\r\n- The campaign, called SmugX, overlaps with previously reported activity by Chinese APT actors RedDelta and Mustang Panda. Although those two correlate to some extent with Camaro Dragon, there is insufficient evidence to link the SmugX campaign to the Camaro Dragon group.",
"category": "Other",
"uuid": "992411e4-4c16-4f45-a642-2a0e5a65866e"
},
{
"type": "text",
"object_relation": "type",
"value": "Report",
"category": "Other",
"uuid": "45f7986c-ea72-46bb-91e9-16d191fbbfec"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}