{ "type": "bundle", "id": "bundle--58cbac05-b7d0-4f38-84fb-0928950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T14:09:47.000Z", "modified": "2017-03-17T14:09:47.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58cbac05-b7d0-4f38-84fb-0928950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T14:09:47.000Z", "modified": "2017-03-17T14:09:47.000Z", "name": "Tech Support Scam Synchs Alerts with App Crashes in Windows Event Logs", "published": "2017-03-17T14:10:34Z", "object_refs": [ "observed-data--58cbac15-65b4-486a-9ec1-541f950d210f", "url--58cbac15-65b4-486a-9ec1-541f950d210f", "observed-data--58cbacef-dbac-4d18-aa33-5421950d210f", "file--58cbacef-dbac-4d18-aa33-5421950d210f", "observed-data--58cbacef-e7f8-45cd-9444-5421950d210f", "file--58cbacef-e7f8-45cd-9444-5421950d210f", "observed-data--58cbacf1-cd04-47aa-b72a-5421950d210f", "file--58cbacf1-cd04-47aa-b72a-5421950d210f", "observed-data--58cbacf2-2230-4072-9b78-5421950d210f", "file--58cbacf2-2230-4072-9b78-5421950d210f", "observed-data--58cbacf3-37f0-440d-bf0f-5421950d210f", "file--58cbacf3-37f0-440d-bf0f-5421950d210f", "observed-data--58cbacf6-1510-4601-affc-5421950d210f", "file--58cbacf6-1510-4601-affc-5421950d210f", "observed-data--58cbacf8-39b0-4c65-839c-5421950d210f", "file--58cbacf8-39b0-4c65-839c-5421950d210f", "observed-data--58cbacfa-fcac-411c-9755-5421950d210f", "file--58cbacfa-fcac-411c-9755-5421950d210f", "observed-data--58cbacfb-d420-4830-96e5-5421950d210f", "file--58cbacfb-d420-4830-96e5-5421950d210f", "observed-data--58cbacfd-f030-4c95-b780-5421950d210f", "file--58cbacfd-f030-4c95-b780-5421950d210f", "observed-data--58cbacff-1690-463f-9394-5421950d210f", "file--58cbacff-1690-463f-9394-5421950d210f", "observed-data--58cbb2d6-118c-4da9-aea3-081a950d210f", "windows-registry-key--58cbb2d6-118c-4da9-aea3-081a950d210f", "observed-data--58cbb2d8-e490-42dd-8de5-081a950d210f", "windows-registry-key--58cbb2d8-e490-42dd-8de5-081a950d210f", "observed-data--58cbb2da-e928-4c2b-a423-081a950d210f", "windows-registry-key--58cbb2da-e928-4c2b-a423-081a950d210f", "observed-data--58cbb2db-6b68-4718-b7f6-081a950d210f", "windows-registry-key--58cbb2db-6b68-4718-b7f6-081a950d210f", "observed-data--58cbb2dd-2a70-465f-baf6-081a950d210f", "windows-registry-key--58cbb2dd-2a70-465f-baf6-081a950d210f", "observed-data--58cbb2df-60d8-44c8-a1c8-081a950d210f", "windows-registry-key--58cbb2df-60d8-44c8-a1c8-081a950d210f", "observed-data--58cbb504-ba60-428f-b1a1-541c950d210f", "windows-registry-key--58cbb504-ba60-428f-b1a1-541c950d210f", "observed-data--58cbbaa9-9164-473e-933b-82a5950d210f", "windows-registry-key--58cbbaa9-9164-473e-933b-82a5950d210f", "observed-data--58cbbaaa-cd44-4a48-a242-82a5950d210f", "windows-registry-key--58cbbaaa-cd44-4a48-a242-82a5950d210f", "observed-data--58cbbaac-235c-4baa-b415-82a5950d210f", "windows-registry-key--58cbbaac-235c-4baa-b415-82a5950d210f", "observed-data--58cbbaae-ab58-4b48-af24-82a5950d210f", "windows-registry-key--58cbbaae-ab58-4b48-af24-82a5950d210f", "observed-data--58cbbab0-48c8-4061-8744-82a5950d210f", "windows-registry-key--58cbbab0-48c8-4061-8744-82a5950d210f", "observed-data--58cbbab2-d430-444d-83d4-82a5950d210f", "windows-registry-key--58cbbab2-d430-444d-83d4-82a5950d210f", "observed-data--58cbbab4-e468-4517-9e90-82a5950d210f", "windows-registry-key--58cbbab4-e468-4517-9e90-82a5950d210f", "observed-data--58cbbab6-5340-40a3-adab-82a5950d210f", "windows-registry-key--58cbbab6-5340-40a3-adab-82a5950d210f", "observed-data--58cbbab7-610c-495d-8135-82a5950d210f", "windows-registry-key--58cbbab7-610c-495d-8135-82a5950d210f", "observed-data--58cbbab8-1a74-424f-bd07-82a5950d210f", "windows-registry-key--58cbbab8-1a74-424f-bd07-82a5950d210f", "observed-data--58cbbaba-8668-42ed-83b1-82a5950d210f", "windows-registry-key--58cbbaba-8668-42ed-83b1-82a5950d210f", "observed-data--58cbbabc-d848-4b30-aff3-82a5950d210f", "windows-registry-key--58cbbabc-d848-4b30-aff3-82a5950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"scam\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbac15-65b4-486a-9ec1-541f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T14:09:47.000Z", "modified": "2017-03-17T14:09:47.000Z", "first_observed": "2017-03-17T14:09:47Z", "last_observed": "2017-03-17T14:09:47Z", "number_observed": 1, "object_refs": [ "url--58cbac15-65b4-486a-9ec1-541f950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58cbac15-65b4-486a-9ec1-541f950d210f", "value": "https://www.bleepingcomputer.com/news/security/tech-support-scam-synchs-alerts-with-app-crashes-in-windows-event-logs/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacef-dbac-4d18-aa33-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:27.000Z", "modified": "2017-03-17T09:31:27.000Z", "first_observed": "2017-03-17T09:31:27Z", "last_observed": "2017-03-17T09:31:27Z", "number_observed": 1, "object_refs": [ "file--58cbacef-dbac-4d18-aa33-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacef-dbac-4d18-aa33-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacef-e7f8-45cd-9444-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:27.000Z", "modified": "2017-03-17T09:31:27.000Z", "first_observed": "2017-03-17T09:31:27Z", "last_observed": "2017-03-17T09:31:27Z", "number_observed": 1, "object_refs": [ "file--58cbacef-e7f8-45cd-9444-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacef-e7f8-45cd-9444-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\em.exe" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacf1-cd04-47aa-b72a-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:29.000Z", "modified": "2017-03-17T09:31:29.000Z", "first_observed": "2017-03-17T09:31:29Z", "last_observed": "2017-03-17T09:31:29Z", "number_observed": 1, "object_refs": [ "file--58cbacf1-cd04-47aa-b72a-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacf1-cd04-47aa-b72a-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\eng_em.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacf2-2230-4072-9b78-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:30.000Z", "modified": "2017-03-17T09:31:30.000Z", "first_observed": "2017-03-17T09:31:30Z", "last_observed": "2017-03-17T09:31:30Z", "number_observed": 1, "object_refs": [ "file--58cbacf2-2230-4072-9b78-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacf2-2230-4072-9b78-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\French_em.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacf3-37f0-440d-bf0f-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:31.000Z", "modified": "2017-03-17T09:31:31.000Z", "first_observed": "2017-03-17T09:31:31Z", "last_observed": "2017-03-17T09:31:31Z", "number_observed": 1, "object_refs": [ "file--58cbacf3-37f0-440d-bf0f-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacf3-37f0-440d-bf0f-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\German_em.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacf6-1510-4601-affc-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:33.000Z", "modified": "2017-03-17T09:31:33.000Z", "first_observed": "2017-03-17T09:31:33Z", "last_observed": "2017-03-17T09:31:33Z", "number_observed": 1, "object_refs": [ "file--58cbacf6-1510-4601-affc-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacf6-1510-4601-affc-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\ininotfound0.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacf8-39b0-4c65-839c-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:36.000Z", "modified": "2017-03-17T09:31:36.000Z", "first_observed": "2017-03-17T09:31:36Z", "last_observed": "2017-03-17T09:31:36Z", "number_observed": 1, "object_refs": [ "file--58cbacf8-39b0-4c65-839c-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacf8-39b0-4c65-839c-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\isxdl.dll" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacfa-fcac-411c-9755-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:38.000Z", "modified": "2017-03-17T09:31:38.000Z", "first_observed": "2017-03-17T09:31:38Z", "last_observed": "2017-03-17T09:31:38Z", "number_observed": 1, "object_refs": [ "file--58cbacfa-fcac-411c-9755-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacfa-fcac-411c-9755-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\japan_em.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacfb-d420-4830-96e5-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:39.000Z", "modified": "2017-03-17T09:31:39.000Z", "first_observed": "2017-03-17T09:31:39Z", "last_observed": "2017-03-17T09:31:39Z", "number_observed": 1, "object_refs": [ "file--58cbacfb-d420-4830-96e5-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacfb-d420-4830-96e5-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\log_03-15-2017.log" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacfd-f030-4c95-b780-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:41.000Z", "modified": "2017-03-17T09:31:41.000Z", "first_observed": "2017-03-17T09:31:41Z", "last_observed": "2017-03-17T09:31:41Z", "number_observed": 1, "object_refs": [ "file--58cbacfd-f030-4c95-b780-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacfd-f030-4c95-b780-5421950d210f", "name": "%UserProfile%\\AppData\\Roaming\\Event Monitor\\update.ini" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbacff-1690-463f-9394-5421950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:31:43.000Z", "modified": "2017-03-17T09:31:43.000Z", "first_observed": "2017-03-17T09:31:43Z", "last_observed": "2017-03-17T09:31:43Z", "number_observed": 1, "object_refs": [ "file--58cbacff-1690-463f-9394-5421950d210f" ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"" ] }, { "type": "file", "spec_version": "2.1", "id": "file--58cbacff-1690-463f-9394-5421950d210f", "name": "%WINDIR%\\System32\\Tasks\\RunAtStartup" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2d6-118c-4da9-aea3-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:38.000Z", "modified": "2017-03-17T09:56:38.000Z", "first_observed": "2017-03-17T09:56:38Z", "last_observed": "2017-03-17T09:56:38Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2d6-118c-4da9-aea3-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2d6-118c-4da9-aea3-081a950d210f", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\RunAtStartup" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2d8-e490-42dd-8de5-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:40.000Z", "modified": "2017-03-17T09:56:40.000Z", "first_observed": "2017-03-17T09:56:40Z", "last_observed": "2017-03-17T09:56:40Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2d8-e490-42dd-8de5-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2d8-e490-42dd-8de5-081a950d210f", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{51740577-F69A-46ED-A677-2D8DE276C921}" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2da-e928-4c2b-a423-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:42.000Z", "modified": "2017-03-17T09:56:42.000Z", "first_observed": "2017-03-17T09:56:42Z", "last_observed": "2017-03-17T09:56:42Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2da-e928-4c2b-a423-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2da-e928-4c2b-a423-081a950d210f", "key": "HKCU\\Software\\Event Monitor" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2db-6b68-4718-b7f6-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:43.000Z", "modified": "2017-03-17T09:56:43.000Z", "first_observed": "2017-03-17T09:56:43Z", "last_observed": "2017-03-17T09:56:43Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2db-6b68-4718-b7f6-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2db-6b68-4718-b7f6-081a950d210f", "key": "HKCU\\Software\\Event Monitor\\LANG" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2dd-2a70-465f-baf6-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:45.000Z", "modified": "2017-03-17T09:56:45.000Z", "first_observed": "2017-03-17T09:56:45Z", "last_observed": "2017-03-17T09:56:45Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2dd-2a70-465f-baf6-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2dd-2a70-465f-baf6-081a950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb2df-60d8-44c8-a1c8-081a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T09:56:47.000Z", "modified": "2017-03-17T09:56:47.000Z", "first_observed": "2017-03-17T09:56:47Z", "last_observed": "2017-03-17T09:56:47Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb2df-60d8-44c8-a1c8-081a950d210f" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb2df-60d8-44c8-a1c8-081a950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\LANG" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbb504-ba60-428f-b1a1-541c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:05:55.000Z", "modified": "2017-03-17T10:05:55.000Z", "first_observed": "2017-03-17T10:05:55Z", "last_observed": "2017-03-17T10:05:55Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbb504-ba60-428f-b1a1-541c950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbb504-ba60-428f-b1a1-541c950d210f", "key": "HKCU\\Software\\Event Monitor\\LANG\\LangCode", "values": [ { "data": "en" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbaa9-9164-473e-933b-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:01.000Z", "modified": "2017-03-17T10:30:01.000Z", "first_observed": "2017-03-17T10:30:01Z", "last_observed": "2017-03-17T10:30:01Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbaa9-9164-473e-933b-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbaa9-9164-473e-933b-82a5950d210f", "key": "HKCU\\Software\\Event Monitor\\LANG\\LangID", "values": [ { "data": "0" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbaaa-cd44-4a48-a242-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:02.000Z", "modified": "2017-03-17T10:30:02.000Z", "first_observed": "2017-03-17T10:30:02Z", "last_observed": "2017-03-17T10:30:02Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbaaa-cd44-4a48-a242-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbaaa-cd44-4a48-a242-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNO", "values": [ { "data": "(844) 763-5838" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbaac-235c-4baa-b415-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:04.000Z", "modified": "2017-03-17T10:30:04.000Z", "first_observed": "2017-03-17T10:30:04Z", "last_observed": "2017-03-17T10:30:04Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbaac-235c-4baa-b415-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbaac-235c-4baa-b415-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNOFR", "values": [ { "data": "01.76.54.05.61" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbaae-ab58-4b48-af24-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:06.000Z", "modified": "2017-03-17T10:30:06.000Z", "first_observed": "2017-03-17T10:30:06Z", "last_observed": "2017-03-17T10:30:06Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbaae-ab58-4b48-af24-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbaae-ab58-4b48-af24-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNODE", "values": [ { "data": "(800) 180-6512" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab0-48c8-4061-8744-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:08.000Z", "modified": "2017-03-17T10:30:08.000Z", "first_observed": "2017-03-17T10:30:08Z", "last_observed": "2017-03-17T10:30:08Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab0-48c8-4061-8744-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab0-48c8-4061-8744-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNOJP", "values": [ { "data": "03-5050-1410" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab2-d430-444d-83d4-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:10.000Z", "modified": "2017-03-17T10:30:10.000Z", "first_observed": "2017-03-17T10:30:10Z", "last_observed": "2017-03-17T10:30:10Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab2-d430-444d-83d4-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab2-d430-444d-83d4-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNOAU", "values": [ { "data": "1800 154 231" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab4-e468-4517-9e90-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:12.000Z", "modified": "2017-03-17T10:30:12.000Z", "first_observed": "2017-03-17T10:30:12Z", "last_observed": "2017-03-17T10:30:12Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab4-e468-4517-9e90-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab4-e468-4517-9e90-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\TELNOUK", "values": [ { "data": "0800 031 4657" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab6-5340-40a3-adab-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:14.000Z", "modified": "2017-03-17T10:30:14.000Z", "first_observed": "2017-03-17T10:30:14Z", "last_observed": "2017-03-17T10:30:14Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab6-5340-40a3-adab-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab6-5340-40a3-adab-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\bShowCongratsAfterUpdateRestart", "values": [ { "data": "0" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab7-610c-495d-8135-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:15.000Z", "modified": "2017-03-17T10:30:15.000Z", "first_observed": "2017-03-17T10:30:15Z", "last_observed": "2017-03-17T10:30:15Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab7-610c-495d-8135-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab7-610c-495d-8135-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\Expired", "values": [ { "data": "0" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbab8-1a74-424f-bd07-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:16.000Z", "modified": "2017-03-17T10:30:16.000Z", "first_observed": "2017-03-17T10:30:16Z", "last_observed": "2017-03-17T10:30:16Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbab8-1a74-424f-bd07-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbab8-1a74-424f-bd07-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\first", "values": [ { "data": "1" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbaba-8668-42ed-83b1-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:18.000Z", "modified": "2017-03-17T10:30:18.000Z", "first_observed": "2017-03-17T10:30:18Z", "last_observed": "2017-03-17T10:30:18Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbaba-8668-42ed-83b1-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbaba-8668-42ed-83b1-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\LANG\\LangCode", "values": [ { "data": "en" } ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58cbbabc-d848-4b30-aff3-82a5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-17T10:30:20.000Z", "modified": "2017-03-17T10:30:20.000Z", "first_observed": "2017-03-17T10:30:20Z", "last_observed": "2017-03-17T10:30:20Z", "number_observed": 1, "object_refs": [ "windows-registry-key--58cbbabc-d848-4b30-aff3-82a5950d210f" ], "labels": [ "misp:type=\"regkey|value\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--58cbbabc-d848-4b30-aff3-82a5950d210f", "key": "HKLM\\SOFTWARE\\Wow6432Node\\Event Monitor\\LANG\\LangID", "values": [ { "data": "0" } ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }