{ "type": "bundle", "id": "bundle--5d9b516c-e5f0-4e7c-a958-5d8c0a019371", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2021-06-01T13:10:01.000Z", "modified": "2021-06-01T13:10:01.000Z", "name": "ESET", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5d9b516c-e5f0-4e7c-a958-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2021-06-01T13:10:01.000Z", "modified": "2021-06-01T13:10:01.000Z", "name": "Operation Ghost - White Paper", "published": "2021-06-02T05:37:05Z", "object_refs": [ "observed-data--5d9b51aa-15c8-4405-af09-68700a019371", "file--5d9b51aa-15c8-4405-af09-68700a019371", "observed-data--5d9b51aa-ace8-4da0-8312-68700a019371", "file--5d9b51aa-ace8-4da0-8312-68700a019371", "observed-data--5d9b51aa-9458-4ae0-9484-68700a019371", "file--5d9b51aa-9458-4ae0-9484-68700a019371", "observed-data--5d9b51aa-6afc-451f-bab9-68700a019371", "file--5d9b51aa-6afc-451f-bab9-68700a019371", "observed-data--5d9b51aa-12dc-4dcc-9417-68700a019371", "file--5d9b51aa-12dc-4dcc-9417-68700a019371", "observed-data--5d9b51c1-0580-40ee-9b20-5d8c0a019371", "file--5d9b51c1-0580-40ee-9b20-5d8c0a019371", "observed-data--5d9b51c1-51b0-4b23-ae70-5d8c0a019371", "file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371", "observed-data--5d9b51c1-73f8-40d1-bb26-5d8c0a019371", "file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371", "observed-data--5d9b51c1-09fc-40b5-8a60-5d8c0a019371", "file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371", "observed-data--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371", "file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371", "observed-data--5d9b51c1-e304-4f81-907a-5d8c0a019371", "file--5d9b51c1-e304-4f81-907a-5d8c0a019371", "observed-data--5d9b51cf-0878-4c96-be15-5c5f0a019371", "file--5d9b51cf-0878-4c96-be15-5c5f0a019371", "observed-data--5d9b51e4-1e94-460f-be39-5d8c0a019371", "file--5d9b51e4-1e94-460f-be39-5d8c0a019371", "observed-data--5d9b51e4-4a34-44ca-9a39-5d8c0a019371", "file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371", "observed-data--5d9b51f6-2f00-44e4-b4dc-68530a019371", "file--5d9b51f6-2f00-44e4-b4dc-68530a019371", "observed-data--5d9b51f6-ce40-4e22-96e3-68530a019371", "file--5d9b51f6-ce40-4e22-96e3-68530a019371", "observed-data--5d9b5205-1218-43d1-9cad-5c610a019371", "file--5d9b5205-1218-43d1-9cad-5c610a019371", "observed-data--5d9b5212-dd04-4116-8f9a-68700a019371", "file--5d9b5212-dd04-4116-8f9a-68700a019371", "x-misp-attribute--5d9b5266-47f4-4e45-ae18-68700a019371", "x-misp-attribute--5d9b5266-13e0-488a-b58d-68700a019371", "x-misp-attribute--5d9b5266-50dc-48fd-987d-68700a019371", "x-misp-attribute--5d9b5266-2f2c-4a50-b04d-68700a019371", "x-misp-attribute--5d9b5266-4388-4d08-8fff-68700a019371", "x-misp-attribute--5d9b5266-dbec-4dda-a107-68700a019371", "x-misp-attribute--5d9b5266-5dfc-4b5e-8514-68700a019371", "x-misp-attribute--5d9b5266-b3f8-4c0c-af39-68700a019371", "x-misp-attribute--5d9b5266-9fb4-4c4f-adfe-68700a019371", "x-misp-attribute--5d9b5266-2ce8-4cbc-a8aa-68700a019371", "x-misp-attribute--5d9b5266-8d30-48e8-ab45-68700a019371", "x-misp-attribute--5d9b5266-eddc-4911-b1b5-68700a019371", "x-misp-attribute--5d9b5266-ccf4-4375-92c4-68700a019371", "observed-data--5d9b5280-4ba0-4020-9d93-244b0a019371", "url--5d9b5280-4ba0-4020-9d93-244b0a019371", "observed-data--5d9b5280-6ec4-4c3f-8491-244b0a019371", "url--5d9b5280-6ec4-4c3f-8491-244b0a019371", "observed-data--5d9b5280-02dc-4d44-baee-244b0a019371", "url--5d9b5280-02dc-4d44-baee-244b0a019371", "observed-data--5d9b5280-08c4-4135-b041-244b0a019371", "url--5d9b5280-08c4-4135-b041-244b0a019371", "observed-data--5d9b5280-e778-4c75-a841-244b0a019371", "url--5d9b5280-e778-4c75-a841-244b0a019371", "observed-data--5d9b5280-d990-4a08-b579-244b0a019371", "url--5d9b5280-d990-4a08-b579-244b0a019371", "observed-data--5d9b5280-c0dc-4d7c-9d79-244b0a019371", "url--5d9b5280-c0dc-4d7c-9d79-244b0a019371", "observed-data--5d9b5280-19f8-4153-9e84-244b0a019371", "url--5d9b5280-19f8-4153-9e84-244b0a019371", "observed-data--5d9b5280-4754-4a4a-bc66-244b0a019371", "url--5d9b5280-4754-4a4a-bc66-244b0a019371", "observed-data--5d9b5280-e4a8-42be-9860-244b0a019371", "url--5d9b5280-e4a8-42be-9860-244b0a019371", "observed-data--5d9b5280-34c8-45be-b9c6-244b0a019371", "url--5d9b5280-34c8-45be-b9c6-244b0a019371", "observed-data--5d9b5280-1c78-424a-8957-244b0a019371", "url--5d9b5280-1c78-424a-8957-244b0a019371", "observed-data--5d9b5280-684c-45e0-bf7d-244b0a019371", "url--5d9b5280-684c-45e0-bf7d-244b0a019371", "observed-data--5d9b5280-4b70-4e3c-97d7-244b0a019371", "url--5d9b5280-4b70-4e3c-97d7-244b0a019371", "observed-data--5d9b5280-af58-4b15-bc0c-244b0a019371", "url--5d9b5280-af58-4b15-bc0c-244b0a019371", "observed-data--5d9b5280-7e08-40df-bc6d-244b0a019371", "url--5d9b5280-7e08-40df-bc6d-244b0a019371", "observed-data--5d9b5280-f4d4-499e-9ad1-244b0a019371", "url--5d9b5280-f4d4-499e-9ad1-244b0a019371", "observed-data--5d9b5280-23a8-4073-a28b-244b0a019371", "url--5d9b5280-23a8-4073-a28b-244b0a019371", "observed-data--5d9b5280-ee28-414f-b997-244b0a019371", "url--5d9b5280-ee28-414f-b997-244b0a019371", "observed-data--5d9b5280-2a28-4405-8359-244b0a019371", "url--5d9b5280-2a28-4405-8359-244b0a019371", "observed-data--5d9b5280-8e90-4f56-a4f2-244b0a019371", "url--5d9b5280-8e90-4f56-a4f2-244b0a019371", "observed-data--5d9b5280-57c0-4f8b-b4fd-244b0a019371", "url--5d9b5280-57c0-4f8b-b4fd-244b0a019371", "observed-data--5d9b5280-ebd8-4e88-8f89-244b0a019371", "url--5d9b5280-ebd8-4e88-8f89-244b0a019371", "observed-data--5d9b5280-1fd8-449a-bcca-244b0a019371", "url--5d9b5280-1fd8-449a-bcca-244b0a019371", "observed-data--5d9b5280-f204-4212-9bf0-244b0a019371", "url--5d9b5280-f204-4212-9bf0-244b0a019371", "observed-data--5d9b5280-f86c-4c2c-8488-244b0a019371", "url--5d9b5280-f86c-4c2c-8488-244b0a019371", "observed-data--5d9b5280-3374-45d5-9e50-244b0a019371", "url--5d9b5280-3374-45d5-9e50-244b0a019371", "observed-data--5d9b5280-43e8-42db-9dff-244b0a019371", "url--5d9b5280-43e8-42db-9dff-244b0a019371", "observed-data--5d9b5280-8d00-4008-a567-244b0a019371", "url--5d9b5280-8d00-4008-a567-244b0a019371", "observed-data--5d9b5280-92e8-4fb5-a248-244b0a019371", "url--5d9b5280-92e8-4fb5-a248-244b0a019371", "observed-data--5d9b5280-d0ac-4e23-8073-244b0a019371", "url--5d9b5280-d0ac-4e23-8073-244b0a019371", "observed-data--5d9b5280-dd60-40ae-8193-244b0a019371", "url--5d9b5280-dd60-40ae-8193-244b0a019371", "observed-data--5d9b5280-5b00-4262-a7b8-244b0a019371", "url--5d9b5280-5b00-4262-a7b8-244b0a019371", "observed-data--5d9b5280-7810-479d-83f3-244b0a019371", "url--5d9b5280-7810-479d-83f3-244b0a019371", "observed-data--5d9b5280-1d58-475f-b0a1-244b0a019371", "url--5d9b5280-1d58-475f-b0a1-244b0a019371", "observed-data--5d9b5280-e1e0-4b90-ac29-244b0a019371", "url--5d9b5280-e1e0-4b90-ac29-244b0a019371", "observed-data--5d9b5280-fa88-455d-81df-244b0a019371", "url--5d9b5280-fa88-455d-81df-244b0a019371", "observed-data--5d9b5280-f454-4a69-800d-244b0a019371", "url--5d9b5280-f454-4a69-800d-244b0a019371", "observed-data--5d9b5280-8a20-4d7c-9c2b-244b0a019371", "url--5d9b5280-8a20-4d7c-9c2b-244b0a019371", "observed-data--5d9b5280-cc94-4a3f-8188-244b0a019371", "url--5d9b5280-cc94-4a3f-8188-244b0a019371", "observed-data--5d9b5280-6850-4edc-a27a-244b0a019371", "url--5d9b5280-6850-4edc-a27a-244b0a019371", "observed-data--5d9b5280-9718-4951-a03f-244b0a019371", "url--5d9b5280-9718-4951-a03f-244b0a019371", "observed-data--5d9b5280-b344-4e20-83df-244b0a019371", "url--5d9b5280-b344-4e20-83df-244b0a019371", "observed-data--5d9b5280-bcb0-4d3c-8399-244b0a019371", "url--5d9b5280-bcb0-4d3c-8399-244b0a019371", "observed-data--5d9b5280-af10-419a-a616-244b0a019371", "url--5d9b5280-af10-419a-a616-244b0a019371", "observed-data--5d9b5280-32e4-4037-907f-244b0a019371", "url--5d9b5280-32e4-4037-907f-244b0a019371", "observed-data--5d9b5280-2990-4c1a-af9d-244b0a019371", "url--5d9b5280-2990-4c1a-af9d-244b0a019371", "observed-data--5d9b5280-ce34-4474-8848-244b0a019371", "url--5d9b5280-ce34-4474-8848-244b0a019371", "observed-data--5d9b5280-8ef8-4149-8f81-244b0a019371", "url--5d9b5280-8ef8-4149-8f81-244b0a019371", "observed-data--5d9b5299-d71c-4634-b0cd-5d8c0a019371", "domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371", "observed-data--5d9b5299-9690-4856-93cc-5d8c0a019371", "domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371", "observed-data--5d9b5299-aed4-4bd9-a01f-5d8c0a019371", "domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371", "observed-data--5d9b5299-ecbc-47bd-9803-5d8c0a019371", "domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371", "observed-data--5d9b5299-ffac-4393-a3bd-5d8c0a019371", "domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371", "observed-data--5d9b5299-78ac-44c7-939a-5d8c0a019371", "domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371", "observed-data--5d9b5299-279c-4661-a5cf-5d8c0a019371", "domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371", "observed-data--5d9b5299-8b04-4f83-9e97-5d8c0a019371", "domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371", "observed-data--5d9b5299-08fc-46c2-bb47-5d8c0a019371", "domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371", "observed-data--5d9b5299-a39c-4b8e-b592-5d8c0a019371", "domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371", "observed-data--5d9b5299-4584-4b2c-bf57-5d8c0a019371", "domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371", "observed-data--5d9b5299-8a10-48d9-abd0-5d8c0a019371", "domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371", "observed-data--5d9b52b3-692c-42fd-8777-68ba0a019371", "domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371", "observed-data--5d9b52b3-a030-462c-841c-68ba0a019371", "domain-name--5d9b52b3-a030-462c-841c-68ba0a019371", "observed-data--5d9b52c4-6a88-4f09-8ce9-646f0a019371", "domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371", "observed-data--5d9b52c4-44c0-421c-bbf8-646f0a019371", "domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371", "observed-data--5d9b52c4-d48c-473f-a0f5-646f0a019371", "domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371", "observed-data--5d9b52c4-ac58-483f-9134-646f0a019371", "domain-name--5d9b52c4-ac58-483f-9134-646f0a019371", "observed-data--5d9b52c4-a184-4467-b8a8-646f0a019371", "domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371", "observed-data--5d9b52d2-12f4-4be6-9e91-5c5f0a019371", "domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371", "observed-data--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371", "url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371", "observed-data--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4", "url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4", "indicator--5da878f0-1300-4ce9-9e0a-2132ac1d4fa4", "indicator--5da878f0-6e74-4476-8910-2132ac1d4fa4", "indicator--5da878f0-69d0-4357-b2b1-2132ac1d4fa4", "indicator--5da878f0-6bd0-4eb2-9b79-2132ac1d4fa4", "indicator--5da878f0-6990-4395-b64b-2132ac1d4fa4", "indicator--5da8705f-99a8-47bd-a02d-2180ac1d4fa4", "indicator--5da8705f-7d18-4de8-b4e2-2180ac1d4fa4", "x-misp-attribute--5da8705f-fc2c-405f-80a4-2180ac1d4fa4", "indicator--5da8705f-daa8-4319-9aea-2180ac1d4fa4", "indicator--5da86f11-6b00-48fc-9e42-2d68ac1d4fa4", "indicator--5da86085-6120-4903-b787-5986ac1d4fa4", "indicator--5da8663d-be44-4698-9b1c-571cac1d4fa4", "indicator--5da8663d-1678-4340-85c8-571cac1d4fa4", "indicator--5da8663d-2efc-4817-9207-571cac1d4fa4", "indicator--5da8663d-5818-4164-bc18-571cac1d4fa4", "indicator--5da8663d-ffa8-451d-84a2-571cac1d4fa4", "indicator--5da8663d-a774-43ec-8f0e-571cac1d4fa4", "indicator--5da8663d-d6bc-4d24-9bfa-571cac1d4fa4", "indicator--5da8663d-ca38-4e38-894a-571cac1d4fa4", "indicator--5da8663d-4f90-4517-a01f-571cac1d4fa4" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:threat-actor=\"APT 29\"", "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"", "misp-galaxy:mitre-attack-pattern=\"Execution through Module Load - T1129\"", "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"", "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"", "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"", "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"", "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"", "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"", "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\"", "misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"", "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"", "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"", "misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"", "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\"", "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\"", "type:OSINT", "osint:lifetime=\"perpetual\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51aa-15c8-4405-af09-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:34.000Z", "modified": "2019-10-07T14:54:34.000Z", "first_observed": "2019-10-07T14:54:34Z", "last_observed": "2019-10-07T14:54:34Z", "number_observed": 1, "object_refs": [ "file--5d9b51aa-15c8-4405-af09-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51aa-15c8-4405-af09-68700a019371", "hashes": { "SHA-1": "4ba559c403ff3f5cc2571ae0961eaff6cf0a50f6" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51aa-ace8-4da0-8312-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:34.000Z", "modified": "2019-10-07T14:54:34.000Z", "first_observed": "2019-10-07T14:54:34Z", "last_observed": "2019-10-07T14:54:34Z", "number_observed": 1, "object_refs": [ "file--5d9b51aa-ace8-4da0-8312-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51aa-ace8-4da0-8312-68700a019371", "hashes": { "SHA-1": "cf14ac569a63df214128f375c12d90e535770395" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51aa-9458-4ae0-9484-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:34.000Z", "modified": "2019-10-07T14:54:34.000Z", "first_observed": "2019-10-07T14:54:34Z", "last_observed": "2019-10-07T14:54:34Z", "number_observed": 1, "object_refs": [ "file--5d9b51aa-9458-4ae0-9484-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51aa-9458-4ae0-9484-68700a019371", "hashes": { "SHA-1": "539d021cd17d901539a5e1132ecaab7164ed5db5" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51aa-6afc-451f-bab9-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:34.000Z", "modified": "2019-10-07T14:54:34.000Z", "first_observed": "2019-10-07T14:54:34Z", "last_observed": "2019-10-07T14:54:34Z", "number_observed": 1, "object_refs": [ "file--5d9b51aa-6afc-451f-bab9-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51aa-6afc-451f-bab9-68700a019371", "hashes": { "SHA-1": "0e25ee58b119dd48b7c9931879294ac3fc433f50" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51aa-12dc-4dcc-9417-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:34.000Z", "modified": "2019-10-07T14:54:34.000Z", "first_observed": "2019-10-07T14:54:34Z", "last_observed": "2019-10-07T14:54:34Z", "number_observed": 1, "object_refs": [ "file--5d9b51aa-12dc-4dcc-9417-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51aa-12dc-4dcc-9417-68700a019371", "hashes": { "SHA-1": "d625c7ce9dc7e56a29ec9a81650280edc6189616" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-0580-40ee-9b20-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-0580-40ee-9b20-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-0580-40ee-9b20-5d8c0a019371", "hashes": { "SHA-1": "0a5a7dd4ad0f2e50f3577f8d43a4c55ddc1d80cf" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-51b0-4b23-ae70-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371", "hashes": { "SHA-1": "f7fd63c0534d2f717fd5325d4397597c9ee4065f" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-73f8-40d1-bb26-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371", "hashes": { "SHA-1": "194d8e2ae4c723ce5fe11c4d9cfefbba32dcf766" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-09fc-40b5-8a60-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371", "hashes": { "SHA-1": "64d6c11fff2c2aadaacee01b294afcc751316176" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371", "hashes": { "SHA-1": "6acc0b1230303f8cf46152697d3036d69ea5a849" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51c1-e304-4f81-907a-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:54:57.000Z", "modified": "2019-10-07T14:54:57.000Z", "first_observed": "2019-10-07T14:54:57Z", "last_observed": "2019-10-07T14:54:57Z", "number_observed": 1, "object_refs": [ "file--5d9b51c1-e304-4f81-907a-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51c1-e304-4f81-907a-5d8c0a019371", "hashes": { "SHA-1": "170be45669026f3c1fc5ba2d48817dbf950da3f6" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51cf-0878-4c96-be15-5c5f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:55:11.000Z", "modified": "2019-10-07T14:55:11.000Z", "first_observed": "2019-10-07T14:55:11Z", "last_observed": "2019-10-07T14:55:11Z", "number_observed": 1, "object_refs": [ "file--5d9b51cf-0878-4c96-be15-5c5f0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51cf-0878-4c96-be15-5c5f0a019371", "hashes": { "SHA-1": "5905c55189c683bc37258aec28e916c41948cd1c" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51e4-1e94-460f-be39-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:55:32.000Z", "modified": "2019-10-07T14:55:32.000Z", "first_observed": "2019-10-07T14:55:32Z", "last_observed": "2019-10-07T14:55:32Z", "number_observed": 1, "object_refs": [ "file--5d9b51e4-1e94-460f-be39-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51e4-1e94-460f-be39-5d8c0a019371", "hashes": { "SHA-1": "b05caba461000c6ebd8b237f318577e9bccd6047" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51e4-4a34-44ca-9a39-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:55:32.000Z", "modified": "2019-10-07T14:55:32.000Z", "first_observed": "2019-10-07T14:55:32Z", "last_observed": "2019-10-07T14:55:32Z", "number_observed": 1, "object_refs": [ "file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371", "hashes": { "SHA-1": "718c2ce6170d6ca505297b41de072d8d3b873456" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51f6-2f00-44e4-b4dc-68530a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:55:50.000Z", "modified": "2019-10-07T14:55:50.000Z", "first_observed": "2019-10-07T14:55:50Z", "last_observed": "2019-10-07T14:55:50Z", "number_observed": 1, "object_refs": [ "file--5d9b51f6-2f00-44e4-b4dc-68530a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51f6-2f00-44e4-b4dc-68530a019371", "hashes": { "SHA-1": "a88da2dd033775f7abc8d6fb3ad5dd48efbeade1" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b51f6-ce40-4e22-96e3-68530a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:55:50.000Z", "modified": "2019-10-07T14:55:50.000Z", "first_observed": "2019-10-07T14:55:50Z", "last_observed": "2019-10-07T14:55:50Z", "number_observed": 1, "object_refs": [ "file--5d9b51f6-ce40-4e22-96e3-68530a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b51f6-ce40-4e22-96e3-68530a019371", "hashes": { "SHA-1": "db19171b239ef6de8e83b2926eadc652e74a5afa" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5205-1218-43d1-9cad-5c610a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:56:05.000Z", "modified": "2019-10-07T14:56:05.000Z", "first_observed": "2019-10-07T14:56:05Z", "last_observed": "2019-10-07T14:56:05Z", "number_observed": 1, "object_refs": [ "file--5d9b5205-1218-43d1-9cad-5c610a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b5205-1218-43d1-9cad-5c610a019371", "hashes": { "SHA-1": "9e96b00e9f7eb94a944269108b9e02d97142eedc" } }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5212-dd04-4116-8f9a-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:56:18.000Z", "modified": "2019-10-07T14:56:18.000Z", "first_observed": "2019-10-07T14:56:18Z", "last_observed": "2019-10-07T14:56:18Z", "number_observed": 1, "object_refs": [ "file--5d9b5212-dd04-4116-8f9a-68700a019371" ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--5d9b5212-dd04-4116-8f9a-68700a019371", "hashes": { "SHA-1": "af2b46d4371ce632e2669fea1959ee8af4ec39ce" } }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-47f4-4e45-ae18-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.ZWH" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-13e0-488a-b58d-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.AAPY" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-50dc-48fd-987d-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win64/Agent.OL" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-2f2c-4a50-b04d-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Tiny.BG" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-4388-4d08-8fff-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Agent.TGC" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-dbec-4dda-a107-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Agent.SVP" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-5dfc-4b5e-8514-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Agent.SXO" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-b3f8-4c0c-af39-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Agent.SYC" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-9fb4-4c4f-adfe-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "MSIL/Agent.CAW" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-2ce8-4cbc-a8aa-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.TSG" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-8d30-48e8-ab45-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.TUF" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-eddc-4911-b1b5-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.TSH" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5d9b5266-ccf4-4375-92c4-68700a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:57:42.000Z", "modified": "2019-10-07T14:57:42.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Antivirus detection\"" ], "x_misp_category": "Antivirus detection", "x_misp_type": "text", "x_misp_value": "Win32/Agent.AART" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-4ba0-4020-9d93-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-4ba0-4020-9d93-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-4ba0-4020-9d93-244b0a019371", "value": "http://ibb.co/hVhaAq" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-6ec4-4c3f-8491-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-6ec4-4c3f-8491-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-6ec4-4c3f-8491-244b0a019371", "value": "http://imgur.com/1RzfF7r" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-02dc-4d44-baee-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-02dc-4d44-baee-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-02dc-4d44-baee-244b0a019371", "value": "http://imgur.com/6wjspWp" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-08c4-4135-b041-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-08c4-4135-b041-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-08c4-4135-b041-244b0a019371", "value": "http://imgur.com/d4ObKL0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-e778-4c75-a841-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-e778-4c75-a841-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-e778-4c75-a841-244b0a019371", "value": "http://imgur.com/D6U06Ci" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-d990-4a08-b579-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-d990-4a08-b579-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-d990-4a08-b579-244b0a019371", "value": "http://imgur.com/GZSK9zI" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-c0dc-4d7c-9d79-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-c0dc-4d7c-9d79-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-c0dc-4d7c-9d79-244b0a019371", "value": "http://imgur.com/wcMk7a2" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-19f8-4153-9e84-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-19f8-4153-9e84-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-19f8-4153-9e84-244b0a019371", "value": "http://imgur.com/WMTwSMJ" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-4754-4a4a-bc66-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-4754-4a4a-bc66-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-4754-4a4a-bc66-244b0a019371", "value": "http://imgur.com/WOKHonk" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-e4a8-42be-9860-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-e4a8-42be-9860-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-e4a8-42be-9860-244b0a019371", "value": "http://imgur.com/XFa7Ee1" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-34c8-45be-b9c6-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-34c8-45be-b9c6-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-34c8-45be-b9c6-244b0a019371", "value": "http://jack998899jack.imgbb.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-1c78-424a-8957-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-1c78-424a-8957-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-1c78-424a-8957-244b0a019371", "value": "http://simp.ly/publish/pBn8Jt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-684c-45e0-bf7d-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-684c-45e0-bf7d-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-684c-45e0-bf7d-244b0a019371", "value": "http://thinkery.me/billywilliams/5a0170161cb602262f000d2c" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-4b70-4e3c-97d7-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-4b70-4e3c-97d7-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-4b70-4e3c-97d7-244b0a019371", "value": "http://twitter.com/aimeefleming25" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-af58-4b15-bc0c-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-af58-4b15-bc0c-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-af58-4b15-bc0c-244b0a019371", "value": "http://twitter.com/hen_rivero" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-7e08-40df-bc6d-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-7e08-40df-bc6d-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-7e08-40df-bc6d-244b0a019371", "value": "http://twitter.com/JamesScott1990" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-f4d4-499e-9ad1-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-f4d4-499e-9ad1-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-f4d4-499e-9ad1-244b0a019371", "value": "http://twitter.com/KarimM_traveler" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-23a8-4073-a28b-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-23a8-4073-a28b-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-23a8-4073-a28b-244b0a019371", "value": "http://twitter.com/lerg5pvo1i" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-ee28-414f-b997-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-ee28-414f-b997-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-ee28-414f-b997-244b0a019371", "value": "http://twitter.com/m63vhd7ach3" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-2a28-4405-8359-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-2a28-4405-8359-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-2a28-4405-8359-244b0a019371", "value": "http://twitter.com/MarlinTarin" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-8e90-4f56-a4f2-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-8e90-4f56-a4f2-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-8e90-4f56-a4f2-244b0a019371", "value": "http://twitter.com/np8j7ovqdl" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-57c0-4f8b-b4fd-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-57c0-4f8b-b4fd-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-57c0-4f8b-b4fd-244b0a019371", "value": "http://twitter.com/q5euqysfu5" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-ebd8-4e88-8f89-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-ebd8-4e88-8f89-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-ebd8-4e88-8f89-244b0a019371", "value": "http://twitter.com/qistp743li" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-1fd8-449a-bcca-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-1fd8-449a-bcca-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-1fd8-449a-bcca-244b0a019371", "value": "http://twitter.com/t8t842io2" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-f204-4212-9bf0-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-f204-4212-9bf0-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-f204-4212-9bf0-244b0a019371", "value": "http://twitter.com/ua6ivyxkfv" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-f86c-4c2c-8488-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-f86c-4c2c-8488-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-f86c-4c2c-8488-244b0a019371", "value": "http://twitter.com/utyi5asko02" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-3374-45d5-9e50-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-3374-45d5-9e50-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-3374-45d5-9e50-244b0a019371", "value": "http://twitter.com/vgmmmyqaq" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-43e8-42db-9dff-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-43e8-42db-9dff-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-43e8-42db-9dff-244b0a019371", "value": "http://twitter.com/vvwc63tgz" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-8d00-4008-a567-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-8d00-4008-a567-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-8d00-4008-a567-244b0a019371", "value": "http://twitter.com/wekcddkg2ra" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-92e8-4fb5-a248-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-92e8-4fb5-a248-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-92e8-4fb5-a248-244b0a019371", "value": "http://twitter.com/xzg3a2e2z" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-d0ac-4e23-8073-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-16T09:35:10.000Z", "modified": "2019-10-16T09:35:10.000Z", "first_observed": "2019-10-16T09:35:10Z", "last_observed": "2019-10-16T09:35:10Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-d0ac-4e23-8073-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-d0ac-4e23-8073-244b0a019371", "value": "http://www.evernote.com/shard/s675/sh/6686ff4e-8896-499b-8cdb-a2bbf2cc4db9/fc7fbe66c820f17c30147235e95d31b8" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-dd60-40ae-8193-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-dd60-40ae-8193-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-dd60-40ae-8193-244b0a019371", "value": "http://www.fotolog.com/g1h4wuiz6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-5b00-4262-a7b8-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-5b00-4262-a7b8-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-5b00-4262-a7b8-244b0a019371", "value": "http://www.fotolog.com/gf3z425rr0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-7810-479d-83f3-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-7810-479d-83f3-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-7810-479d-83f3-244b0a019371", "value": "http://www.fotolog.com/i4ntff47xfw" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-1d58-475f-b0a1-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-1d58-475f-b0a1-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-1d58-475f-b0a1-244b0a019371", "value": "http://www.fotolog.com/joannevil/121000000000030009/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-e1e0-4b90-ac29-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-e1e0-4b90-ac29-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-e1e0-4b90-ac29-244b0a019371", "value": "http://www.fotolog.com/o2rh2s2x7pu" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-fa88-455d-81df-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-fa88-455d-81df-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-fa88-455d-81df-244b0a019371", "value": "http://www.fotolog.com/q4tusizx9xb" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-f454-4a69-800d-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-f454-4a69-800d-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-f454-4a69-800d-244b0a019371", "value": "http://www.fotolog.com/rypnil03sl6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-8a20-4d7c-9c2b-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-8a20-4d7c-9c2b-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-8a20-4d7c-9c2b-244b0a019371", "value": "http://www.fotolog.com/shx8hypubt" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-cc94-4a3f-8188-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-cc94-4a3f-8188-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-cc94-4a3f-8188-244b0a019371", "value": "http://www.fotolog.com/u99aliw5g" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-6850-4edc-a27a-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-6850-4edc-a27a-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-6850-4edc-a27a-244b0a019371", "value": "http://www.fotolog.com/uq44y4j19m8" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-9718-4951-a03f-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-9718-4951-a03f-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-9718-4951-a03f-244b0a019371", "value": "http://www.fotolog.com/vq21p34" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-b344-4e20-83df-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-b344-4e20-83df-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-b344-4e20-83df-244b0a019371", "value": "http://www.fotolog.com/vz1g3wmwu" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-bcb0-4d3c-8399-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-bcb0-4d3c-8399-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-bcb0-4d3c-8399-244b0a019371", "value": "http://www.fotolog.com/zu2of5vyfl6" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-af10-419a-a616-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-af10-419a-a616-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-af10-419a-a616-244b0a019371", "value": "http://www.google.com/?gws_rd=ssl#q=Heiofjskghwe+Hjwefkbqw" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-32e4-4037-907f-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-32e4-4037-907f-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-32e4-4037-907f-244b0a019371", "value": "http://www.kiwibox.com/AfricanRugby/info/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-2990-4c1a-af9d-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-2990-4c1a-af9d-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-2990-4c1a-af9d-244b0a019371", "value": "http://www.kiwibox.com/GaryPhotographe/info/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-ce34-4474-8848-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-ce34-4474-8848-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-ce34-4474-8848-244b0a019371", "value": "http://www.reddit.com/user/BeaumontV/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5280-8ef8-4149-8f81-244b0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:08.000Z", "modified": "2019-10-07T14:58:08.000Z", "first_observed": "2019-10-07T14:58:08Z", "last_observed": "2019-10-07T14:58:08Z", "number_observed": 1, "object_refs": [ "url--5d9b5280-8ef8-4149-8f81-244b0a019371" ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5d9b5280-8ef8-4149-8f81-244b0a019371", "value": "http://www.reddit.com/user/StevensThomasWis/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-d71c-4634-b0cd-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371", "value": "acciaio.com.br" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-9690-4856-93cc-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371", "value": "ceycarb.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-aed4-4bd9-a01f-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371", "value": "coachandcook.at" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-ecbc-47bd-9803-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371", "value": "fisioterapiabb.it" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-ffac-4393-a3bd-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371", "value": "lorriratzlaff.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-78ac-44c7-939a-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371", "value": "mavin21c.dothome.co.kr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-279c-4661-a5cf-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371", "value": "motherlodebulldogclub.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-8b04-4f83-9e97-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371", "value": "powerpolymerindustry.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-08fc-46c2-bb47-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371", "value": "publiccouncil.org" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-a39c-4b8e-b592-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371", "value": "rulourialuminiu.co.uk" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-4584-4b2c-bf57-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371", "value": "sistemikan.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b5299-8a10-48d9-abd0-5d8c0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:33.000Z", "modified": "2019-10-07T14:58:33.000Z", "first_observed": "2019-10-07T14:58:33Z", "last_observed": "2019-10-07T14:58:33Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371", "value": "varuhusmc.org" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52b3-692c-42fd-8777-68ba0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:59.000Z", "modified": "2019-10-07T14:58:59.000Z", "first_observed": "2019-10-07T14:58:59Z", "last_observed": "2019-10-07T14:58:59Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371", "value": "ecolesndmessines.org" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52b3-a030-462c-841c-68ba0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:58:59.000Z", "modified": "2019-10-07T14:58:59.000Z", "first_observed": "2019-10-07T14:58:59Z", "last_observed": "2019-10-07T14:58:59Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52b3-a030-462c-841c-68ba0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52b3-a030-462c-841c-68ba0a019371", "value": "salesappliances.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52c4-6a88-4f09-8ce9-646f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:16.000Z", "modified": "2019-10-07T14:59:16.000Z", "first_observed": "2019-10-07T14:59:16Z", "last_observed": "2019-10-07T14:59:16Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371", "value": "busseylawoffice.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52c4-44c0-421c-bbf8-646f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:16.000Z", "modified": "2019-10-07T14:59:16.000Z", "first_observed": "2019-10-07T14:59:16Z", "last_observed": "2019-10-07T14:59:16Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371", "value": "fairfieldsch.org" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52c4-d48c-473f-a0f5-646f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:16.000Z", "modified": "2019-10-07T14:59:16.000Z", "first_observed": "2019-10-07T14:59:16Z", "last_observed": "2019-10-07T14:59:16Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371", "value": "ministernetwork.org" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52c4-ac58-483f-9134-646f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:16.000Z", "modified": "2019-10-07T14:59:16.000Z", "first_observed": "2019-10-07T14:59:16Z", "last_observed": "2019-10-07T14:59:16Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52c4-ac58-483f-9134-646f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52c4-ac58-483f-9134-646f0a019371", "value": "skagenyoga.com" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52c4-a184-4467-b8a8-646f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:16.000Z", "modified": "2019-10-07T14:59:16.000Z", "first_observed": "2019-10-07T14:59:16Z", "last_observed": "2019-10-07T14:59:16Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371", "value": "westmedicalgroup.net" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5d9b52d2-12f4-4be6-9e91-5c5f0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-07T14:59:30.000Z", "modified": "2019-10-07T14:59:30.000Z", "first_observed": "2019-10-07T14:59:30Z", "last_observed": "2019-10-07T14:59:30Z", "number_observed": 1, "object_refs": [ "domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371", "value": "bandabonga.fr" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-23T18:24:04.000Z", "modified": "2019-10-23T18:24:04.000Z", "first_observed": "2019-10-23T18:24:04Z", "last_observed": "2019-10-23T18:24:04Z", "number_observed": 1, "object_refs": [ "url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371", "value": "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2021-06-01T13:10:01.000Z", "modified": "2021-06-01T13:10:01.000Z", "first_observed": "2021-06-01T13:10:01Z", "last_observed": "2021-06-01T13:10:01Z", "number_observed": 1, "object_refs": [ "url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4", "value": "https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da878f0-1300-4ce9-9e0a-2132ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T14:21:36.000Z", "modified": "2019-10-17T14:21:36.000Z", "description": "LiteDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T14:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da878f0-6e74-4476-8910-2132ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T14:21:36.000Z", "modified": "2019-10-17T14:21:36.000Z", "description": "LiteDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13(KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T14:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da878f0-69d0-4357-b2b1-2132ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T14:21:36.000Z", "modified": "2019-10-17T14:21:36.000Z", "description": "LiteDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T14:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da878f0-6bd0-4eb2-9b79-2132ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T14:21:36.000Z", "modified": "2019-10-17T14:21:36.000Z", "description": "LiteDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Opera/9.80 (Windows NT 5.1; U; en-US) Presto/2.7.62 Version/11.01']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T14:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da878f0-6990-4395-b64b-2132ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T14:21:36.000Z", "modified": "2019-10-17T14:21:36.000Z", "description": "LiteDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729)']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T14:21:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8705f-99a8-47bd-a02d-2180ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:45:03.000Z", "modified": "2019-10-17T13:45:03.000Z", "description": "FatDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; Windows NT 6.1) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8705f-7d18-4de8-b4e2-2180ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:45:03.000Z", "modified": "2019-10-17T13:45:03.000Z", "description": "FatDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.35 Safari/537.36 OPR/24.0.1558.21']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5da8705f-fc2c-405f-80a4-2180ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2020-08-27T10:59:37.000Z", "modified": "2020-08-27T10:59:37.000Z", "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "FatDuke", "x_misp_type": "user-agent", "x_misp_value": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8705f-daa8-4319-9aea-2180ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:45:03.000Z", "modified": "2019-10-17T13:45:03.000Z", "description": "FatDuke", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:45:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da86f11-6b00-48fc-9e42-2d68ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:43:34.000Z", "modified": "2019-10-17T13:43:34.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:43:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da86085-6120-4903-b787-5986ac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:34:46.000Z", "modified": "2019-10-17T13:34:46.000Z", "pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:34:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"user-agent\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-be44-4698-9b1c-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'MSBuildOverride-TasksPath']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-1678-4340-85c8-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'DefaultLibs']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-2efc-4817-9207-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'RootPath']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-5818-4164-bc18-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'APIModule']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-ffa8-451d-84a2-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'Stack']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-a774-43ec-8f0e-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'PathCPA']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-d6bc-4d24-9bfa-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'CPAModule']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-ca38-4e38-894a-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'BinaryCache']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5da8663d-4f90-4517-a01f-571cac1d4fa4", "created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f", "created": "2019-10-17T13:01:49.000Z", "modified": "2019-10-17T13:01:49.000Z", "pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'Init']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-10-17T13:01:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }