misp-circl-feed/feeds/circl/stix-2.1/e82f98b7-0734-44f9-99c4-1ac38805dbad.json

{
    "type": "bundle",
    "id": "bundle--e82f98b7-0734-44f9-99c4-1ac38805dbad",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T13:48:16.000Z",
            "modified": "2021-01-26T13:48:16.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--e82f98b7-0734-44f9-99c4-1ac38805dbad",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T13:48:16.000Z",
            "modified": "2021-01-26T13:48:16.000Z",
            "name": "OSINT - New campaign targeting security researchers",
            "published": "2021-01-26T13:48:37Z",
            "object_refs": [
                "observed-data--3ddc418c-c483-4997-8583-e168c228cb23",
                "url--3ddc418c-c483-4997-8583-e168c228cb23",
                "indicator--90703a7a-b168-449b-92ad-892d5a596759",
                "indicator--bfc356d9-a325-4b9d-8f8d-7e411ab28fa0",
                "indicator--15259cb8-80cb-4886-843f-9736ea9e33b7",
                "indicator--6994061b-3bf9-4bd4-96b9-1cb0cac35b11",
                "indicator--87f6afcb-08be-479d-8a61-333dfd5a8161",
                "indicator--cb189fbf-7a7e-416b-852c-a87fba7b5306",
                "indicator--fd742a3c-0671-49dc-aa15-e4bc6837829b",
                "observed-data--93576121-0bdc-438d-bdcf-0157754f9afb",
                "domain-name--93576121-0bdc-438d-bdcf-0157754f9afb",
                "observed-data--8e5c482e-34b5-4f7c-b646-160eda4a05a7",
                "domain-name--8e5c482e-34b5-4f7c-b646-160eda4a05a7",
                "observed-data--43a1a468-a130-49af-98f6-e40b30be5bb2",
                "domain-name--43a1a468-a130-49af-98f6-e40b30be5bb2",
                "observed-data--1a10a76f-b26a-4147-8e60-67c473a9ce3a",
                "domain-name--1a10a76f-b26a-4147-8e60-67c473a9ce3a",
                "observed-data--79dc595a-cfa6-4190-8b3a-34cebf4c4374",
                "domain-name--79dc595a-cfa6-4190-8b3a-34cebf4c4374",
                "indicator--932b0250-5c28-420e-885c-e0351e5feef3",
                "indicator--f463d802-9144-41fc-861e-1cc5719286be",
                "indicator--5eb84f9f-d2cc-4aaa-be04-4a71b4ca6913",
                "indicator--3ed9104f-e09a-4848-9062-eb264e1b0af1",
                "indicator--e9593349-d51d-4d3d-9589-7c3b96c84d67",
                "indicator--3617f3a2-4306-4fb7-a5ef-73f1626781fb",
                "indicator--ef7abb3f-5284-4037-acc1-c0660742c554",
                "indicator--68043e34-4b6c-46f8-a070-b583955b123e",
                "indicator--af269dea-2782-4ae0-8f3c-b7ca7a8ae8bd",
                "indicator--1b6ec8a8-37db-43e9-8350-9ee65d50fbc8",
                "indicator--d6ad5a5c-f1d5-42fb-b847-acf611499b2b",
                "indicator--b2b87013-7b3d-477d-8d23-d6ea46f07ea6",
                "indicator--4a91b975-4f8f-44e8-9383-a7b34548aff7",
                "indicator--d727e503-a054-4d7b-aa97-d6fa32db600c",
                "indicator--ef79f351-a17f-488f-9390-d16bf731c623",
                "indicator--d5b32b6c-6920-4b49-abec-025adb873dcb",
                "indicator--c4437d79-4776-4a5f-9922-06b3828f45bf",
                "indicator--40bb31e3-5630-45bb-8a13-f6f57e455f12",
                "indicator--cab3b3ed-97bd-4dff-93fd-e8cf7f1d9147",
                "indicator--0edbab56-c01e-44ca-8afc-e28f7a7bf584",
                "indicator--d90f830c-e37b-4495-b0e5-9e2b3396d8e9",
                "indicator--fda032e3-8407-4e7e-842b-30d56a0fdc1c",
                "indicator--46921f59-3e20-4a79-8b50-d32a3706e896",
                "indicator--8e27e1f9-0276-4cf0-a0a6-98c1648a9cf9",
                "indicator--81ac4f77-b7c7-4d2c-b9e8-f6b3d4266096",
                "indicator--60433c38-74cf-46a6-b604-a1770d74aa0b",
                "x-misp-object--3cd4c249-725a-4f19-acba-86619bf3dbe9",
                "x-misp-object--1476d0bd-4a64-42c4-8454-beaf24730937",
                "observed-data--01cf21c7-6d5c-4fdf-9c9c-04e96ed26571",
                "user-account--01cf21c7-6d5c-4fdf-9c9c-04e96ed26571",
                "indicator--59332375-f44b-4f5e-8229-addcf54061f9",
                "x-misp-object--049485c0-eed6-407f-9f4f-93bd021f153b",
                "indicator--72f4f7c1-d888-4f44-848a-077ae461c27f",
                "x-misp-object--1a387662-9877-4a53-b7e7-574bfe50a465",
                "indicator--5c4d1a81-b57c-4506-974a-95e91d2ff10e",
                "x-misp-object--6c767512-a840-4aeb-9ad0-a26b79c64b14",
                "indicator--0169990c-9b31-46ab-980e-1afe3c03ffba",
                "x-misp-object--fa61597a-b824-47d0-96c2-47e43c4d71cf",
                "indicator--93a7efc9-90a9-4cea-a6fd-a754fca62e27",
                "x-misp-object--aebc3c13-ac5c-41b2-85e3-e1eb16dfad53",
                "relationship--9ee6ebfe-61e3-41fd-b1d0-db145dc71e1e",
                "relationship--f2bacd29-deb3-402e-94da-ffc6b522fffa",
                "relationship--862e1ec8-bf13-4e23-b239-6e8e8eb26903",
                "relationship--253a1b51-e89e-4c63-9d8a-90b6a0c52ee7",
                "relationship--52eacefc-598c-4722-b2b1-ce51c96d66a0"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT",
                "osint:lifetime=\"perpetual\"",
                "misp-galaxy:amitt-misinformation-pattern=\"Create fake Social Media Profiles / Pages / Groups\"",
                "misp-galaxy:mitre-attack-pattern=\"Build social network persona - T1341\"",
                "misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1249\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--3ddc418c-c483-4997-8583-e168c228cb23",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T08:57:07.000Z",
            "modified": "2021-01-26T08:57:07.000Z",
            "first_observed": "2021-01-26T08:57:07Z",
            "last_observed": "2021-01-26T08:57:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--3ddc418c-c483-4997-8583-e168c228cb23"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--3ddc418c-c483-4997-8583-e168c228cb23",
            "value": "https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--90703a7a-b168-449b-92ad-892d5a596759",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'angeldonationblog.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bfc356d9-a325-4b9d-8f8d-7e411ab28fa0",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'codevexillium.org']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--15259cb8-80cb-4886-843f-9736ea9e33b7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'investbooking.de']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6994061b-3bf9-4bd4-96b9-1cb0cac35b11",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'krakenfolio.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--87f6afcb-08be-479d-8a61-333dfd5a8161",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'opsonew3org.sg']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--cb189fbf-7a7e-416b-852c-a87fba7b5306",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'transferwiser.io']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fd742a3c-0671-49dc-aa15-e4bc6837829b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:11:55.000Z",
            "modified": "2021-01-26T09:11:55.000Z",
            "description": "C2 Domains: Attacker-Owned",
            "pattern": "[domain-name:value = 'transplugin.io']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:11:55Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--93576121-0bdc-438d-bdcf-0157754f9afb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:20.000Z",
            "modified": "2021-01-26T09:12:20.000Z",
            "first_observed": "2021-01-26T09:12:20Z",
            "last_observed": "2021-01-26T09:12:20Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--93576121-0bdc-438d-bdcf-0157754f9afb"
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--93576121-0bdc-438d-bdcf-0157754f9afb",
            "value": "trophylab.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--8e5c482e-34b5-4f7c-b646-160eda4a05a7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:20.000Z",
            "modified": "2021-01-26T09:12:20.000Z",
            "first_observed": "2021-01-26T09:12:20Z",
            "last_observed": "2021-01-26T09:12:20Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--8e5c482e-34b5-4f7c-b646-160eda4a05a7"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--8e5c482e-34b5-4f7c-b646-160eda4a05a7",
            "value": "www.colasprint.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--43a1a468-a130-49af-98f6-e40b30be5bb2",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:20.000Z",
            "modified": "2021-01-26T09:12:20.000Z",
            "first_observed": "2021-01-26T09:12:20Z",
            "last_observed": "2021-01-26T09:12:20Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--43a1a468-a130-49af-98f6-e40b30be5bb2"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--43a1a468-a130-49af-98f6-e40b30be5bb2",
            "value": "www.dronerc.it"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--1a10a76f-b26a-4147-8e60-67c473a9ce3a",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:20.000Z",
            "modified": "2021-01-26T09:12:20.000Z",
            "first_observed": "2021-01-26T09:12:20Z",
            "last_observed": "2021-01-26T09:12:20Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--1a10a76f-b26a-4147-8e60-67c473a9ce3a"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--1a10a76f-b26a-4147-8e60-67c473a9ce3a",
            "value": "www.edujikim.com"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--79dc595a-cfa6-4190-8b3a-34cebf4c4374",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:20.000Z",
            "modified": "2021-01-26T09:12:20.000Z",
            "first_observed": "2021-01-26T09:12:20Z",
            "last_observed": "2021-01-26T09:12:20Z",
            "number_observed": 1,
            "object_refs": [
                "domain-name--79dc595a-cfa6-4190-8b3a-34cebf4c4374"
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\""
            ]
        },
        {
            "type": "domain-name",
            "spec_version": "2.1",
            "id": "domain-name--79dc595a-cfa6-4190-8b3a-34cebf4c4374",
            "value": "www.fabioluciani.com"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--932b0250-5c28-420e-885c-e0351e5feef3",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:50.000Z",
            "modified": "2021-01-26T09:12:50.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://angeldonationblog.com/image/upload/upload.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f463d802-9144-41fc-861e-1cc5719286be",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:50.000Z",
            "modified": "2021-01-26T09:12:50.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://codevexillium.org/image/download/download.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5eb84f9f-d2cc-4aaa-be04-4a71b4ca6913",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:50.000Z",
            "modified": "2021-01-26T09:12:50.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://investbooking.de/upload/upload.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3ed9104f-e09a-4848-9062-eb264e1b0af1",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:50.000Z",
            "modified": "2021-01-26T09:12:50.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://transplugin.io/upload/upload.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e9593349-d51d-4d3d-9589-7c3b96c84d67",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:50.000Z",
            "modified": "2021-01-26T09:12:50.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://www.dronerc.it/forum/uploads/index.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3617f3a2-4306-4fb7-a5ef-73f1626781fb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://www.dronerc.it/shop_testbr/Core/upload.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ef7abb3f-5284-4037-acc1-c0660742c554",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://www.dronerc.it/shop_testbr/upload/upload.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--68043e34-4b6c-46f8-a070-b583955b123e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://www.edujikim.com/intro/blue/insert.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--af269dea-2782-4ae0-8f3c-b7ca7a8ae8bd",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'https://www.fabioluciani.com/es/include/include.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--1b6ec8a8-37db-43e9-8350-9ee65d50fbc8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'http://trophylab.com/notice/images/renewal/upload.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d6ad5a5c-f1d5-42fb-b847-acf611499b2b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:12:51.000Z",
            "modified": "2021-01-26T09:12:51.000Z",
            "description": "C2 URLs",
            "pattern": "[url:value = 'http://www.colasprint.com/_vti_log/upload.asp']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:12:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b2b87013-7b3d-477d-8d23-d6ea46f07ea6",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:13:18.000Z",
            "modified": "2021-01-26T09:13:18.000Z",
            "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\System32\\\\Nwsapagent.sys']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:13:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4a91b975-4f8f-44e8-9383-a7b34548aff7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:13:18.000Z",
            "modified": "2021-01-26T09:13:18.000Z",
            "pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\System32\\\\helpsvc.sys']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:13:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d727e503-a054-4d7b-aa97-d6fa32db600c",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:13:18.000Z",
            "modified": "2021-01-26T09:13:18.000Z",
            "pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\USOShared\\\\uso.bin']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:13:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ef79f351-a17f-488f-9390-d16bf731c623",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:13:18.000Z",
            "modified": "2021-01-26T09:13:18.000Z",
            "pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\VMware\\\\vmnat-update.bin']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:13:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d5b32b6c-6920-4b49-abec-025adb873dcb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:13:18.000Z",
            "modified": "2021-01-26T09:13:18.000Z",
            "pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\VirtualBox\\\\update.bin']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T09:13:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c4437d79-4776-4a5f-9922-06b3828f45bf",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:18:56.000Z",
            "modified": "2021-01-26T11:18:56.000Z",
            "description": "LinkedIn Accounts",
            "pattern": "[url:value = 'https://www.linkedin.com/in/billy-brown-a6678b1b8/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:18:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--40bb31e3-5630-45bb-8a13-f6f57e455f12",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:18:56.000Z",
            "modified": "2021-01-26T11:18:56.000Z",
            "description": "LinkedIn Accounts",
            "pattern": "[url:value = 'https://www.linkedin.com/in/guo-zhang-b152721bb/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:18:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--cab3b3ed-97bd-4dff-93fd-e8cf7f1d9147",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:18:56.000Z",
            "modified": "2021-01-26T11:18:56.000Z",
            "description": "LinkedIn Accounts",
            "pattern": "[url:value = 'https://www.linkedin.com/in/hyungwoo-lee-6985501b9/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:18:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0edbab56-c01e-44ca-8afc-e28f7a7bf584",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:18:56.000Z",
            "modified": "2021-01-26T11:18:56.000Z",
            "description": "LinkedIn Accounts",
            "pattern": "[url:value = 'https://www.linkedin.com/in/linshuang-li-aa696391bb/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:18:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d90f830c-e37b-4495-b0e5-9e2b3396d8e9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:18:56.000Z",
            "modified": "2021-01-26T11:18:56.000Z",
            "description": "LinkedIn Accounts",
            "pattern": "[url:value = 'https://www.linkedin.com/in/rimmer-trajan-2806b21bb/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:18:56Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fda032e3-8407-4e7e-842b-30d56a0fdc1c",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:22:23.000Z",
            "modified": "2021-01-26T11:22:23.000Z",
            "pattern": "[file:hashes.SHA256 = '4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:22:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--46921f59-3e20-4a79-8b50-d32a3706e896",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:22:23.000Z",
            "modified": "2021-01-26T11:22:23.000Z",
            "pattern": "[file:hashes.SHA256 = '68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:22:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8e27e1f9-0276-4cf0-a0a6-98c1648a9cf9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:22:23.000Z",
            "modified": "2021-01-26T11:22:23.000Z",
            "pattern": "[file:hashes.SHA256 = '25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:22:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--81ac4f77-b7c7-4d2c-b9e8-f6b3d4266096",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:22:23.000Z",
            "modified": "2021-01-26T11:22:23.000Z",
            "pattern": "[file:hashes.SHA256 = 'a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:22:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--60433c38-74cf-46a6-b604-a1770d74aa0b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:22:23.000Z",
            "modified": "2021-01-26T11:22:23.000Z",
            "pattern": "[file:hashes.SHA256 = 'a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:22:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--3cd4c249-725a-4f19-acba-86619bf3dbe9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:03:18.000Z",
            "modified": "2021-01-26T09:03:18.000Z",
            "labels": [
                "misp:name=\"report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "text",
                    "object_relation": "summary",
                    "value": "Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.\r\n\r\nIn order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control.",
                    "category": "Other",
                    "uuid": "e593399d-4d56-44ae-aa35-99d1f00a5810"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "report"
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--1476d0bd-4a64-42c4-8454-beaf24730937",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:14:27.000Z",
            "modified": "2021-01-26T09:14:27.000Z",
            "labels": [
                "misp:name=\"keybase-account\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "text",
                    "object_relation": "username",
                    "value": "zhangguo",
                    "category": "Other",
                    "uuid": "f04484b1-68f5-4813-9cd0-43957f449676"
                }
            ],
            "x_misp_comment": "https://keybase.io/zhangguo",
            "x_misp_meta_category": "misc",
            "x_misp_name": "keybase-account"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--01cf21c7-6d5c-4fdf-9c9c-04e96ed26571",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T09:43:10.000Z",
            "modified": "2021-01-26T09:43:10.000Z",
            "first_observed": "2021-01-26T09:43:10Z",
            "last_observed": "2021-01-26T09:43:10Z",
            "number_observed": 1,
            "object_refs": [
                "user-account--01cf21c7-6d5c-4fdf-9c9c-04e96ed26571"
            ],
            "labels": [
                "misp:name=\"telegram-account\"",
                "misp:meta-category=\"misc\"",
                "misp:to_ids=\"False\""
            ]
        },
        {
            "type": "user-account",
            "spec_version": "2.1",
            "id": "user-account--01cf21c7-6d5c-4fdf-9c9c-04e96ed26571",
            "account_login": "james50d",
            "account_type": "telegram"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--59332375-f44b-4f5e-8229-addcf54061f9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "pattern": "[file:hashes.MD5 = 'b52e05683b15c6ad56cebea4a5a54990' AND file:hashes.SHA1 = 'baf97d3b9095911fb7c9c8d7152fdc32ca7b33aa' AND file:hashes.SHA256 = '68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:24:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--049485c0-eed6-407f-9f4f-93bd021f153b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-01-26T11:03:02+00:00",
                    "category": "Other",
                    "uuid": "84f9619c-f70e-4fc6-9dfe-8eac9316a1c9"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7/detection/f-68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7-1611658982",
                    "category": "Payload delivery",
                    "uuid": "94b5a639-8264-4987-9d6c-6c1d49dd4c96"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "24/66",
                    "category": "Payload delivery",
                    "uuid": "f708ec77-f167-4744-9dd5-329999830dc5"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--72f4f7c1-d888-4f44-848a-077ae461c27f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "pattern": "[file:hashes.MD5 = '56018500f73e3f6cf179d3b853c27912' AND file:hashes.SHA1 = 'a3060a3efb9ac3da444ef8abc99143293076fe32' AND file:hashes.SHA256 = '4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:24:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--1a387662-9877-4a53-b7e7-574bfe50a465",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-01-26T11:01:49+00:00",
                    "category": "Other",
                    "uuid": "ed766e79-ceed-4899-aace-ce3f51c60485"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244/detection/f-4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244-1611658909",
                    "category": "Payload delivery",
                    "uuid": "598cd307-eb19-4627-ba19-0b985e83f405"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "20/69",
                    "category": "Payload delivery",
                    "uuid": "88620305-53de-49b0-bf92-2862935f1887"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5c4d1a81-b57c-4506-974a-95e91d2ff10e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "pattern": "[file:hashes.MD5 = 'ae17ce1eb59dd82f38efb9666f279044' AND file:hashes.SHA1 = '3b3acb4a55ba8e2da36223ae59ed420f856b0aaf' AND file:hashes.SHA256 = 'a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:24:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--6c767512-a840-4aeb-9ad0-a26b79c64b14",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-01-26T11:04:20+00:00",
                    "category": "Other",
                    "uuid": "58728f2e-d5c0-4b31-a8ac-8fc302c24385"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15/detection/f-a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15-1611659060",
                    "category": "Payload delivery",
                    "uuid": "577f6c8c-d8e2-468a-bc13-de832dd5ad4e"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "18/66",
                    "category": "Payload delivery",
                    "uuid": "a81b421f-f6ae-4acc-b4fc-378b428064cd"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0169990c-9b31-46ab-980e-1afe3c03ffba",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "pattern": "[file:hashes.MD5 = '9e9f69ed56482fff18933c5ec8612063' AND file:hashes.SHA1 = '4ff6c02140ab1daf217b6e01ec042460389e2e92' AND file:hashes.SHA256 = '25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:24:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--fa61597a-b824-47d0-96c2-47e43c4d71cf",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-01-26T11:03:31+00:00",
                    "category": "Other",
                    "uuid": "3082e9c7-6612-40aa-9b58-14b6953928a8"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc/detection/f-25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc-1611659011",
                    "category": "Payload delivery",
                    "uuid": "5cd6e244-cdf7-4dc4-ab13-759ba60dd633"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "13/70",
                    "category": "Payload delivery",
                    "uuid": "defe416d-b886-49ed-bbc3-4922e59f6318"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--93a7efc9-90a9-4cea-a6fd-a754fca62e27",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "pattern": "[file:hashes.MD5 = 'f5475608c0126582081e29927424f338' AND file:hashes.SHA1 = '8e88fd82378794a17a4211fbf2ee2506b9636b02' AND file:hashes.SHA256 = 'a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-01-26T11:24:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--aebc3c13-ac5c-41b2-85e3-e1eb16dfad53",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-01-26T11:24:03.000Z",
            "modified": "2021-01-26T11:24:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-01-26T11:03:46+00:00",
                    "category": "Other",
                    "uuid": "98cf22a7-60b7-4ad7-9100-c6f73ccda357"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855/detection/f-a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855-1611659026",
                    "category": "Payload delivery",
                    "uuid": "cc2e28ed-9f1c-4783-9717-4606c54e8f86"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "15/70",
                    "category": "Payload delivery",
                    "uuid": "f68a878a-618b-4c60-aa27-e096894602bf"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9ee6ebfe-61e3-41fd-b1d0-db145dc71e1e",
            "created": "1970-01-01T00:00:00.000Z",
            "modified": "1970-01-01T00:00:00.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--59332375-f44b-4f5e-8229-addcf54061f9",
            "target_ref": "x-misp-object--049485c0-eed6-407f-9f4f-93bd021f153b"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--f2bacd29-deb3-402e-94da-ffc6b522fffa",
            "created": "1970-01-01T00:00:00.000Z",
            "modified": "1970-01-01T00:00:00.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--72f4f7c1-d888-4f44-848a-077ae461c27f",
            "target_ref": "x-misp-object--1a387662-9877-4a53-b7e7-574bfe50a465"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--862e1ec8-bf13-4e23-b239-6e8e8eb26903",
            "created": "1970-01-01T00:00:00.000Z",
            "modified": "1970-01-01T00:00:00.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--5c4d1a81-b57c-4506-974a-95e91d2ff10e",
            "target_ref": "x-misp-object--6c767512-a840-4aeb-9ad0-a26b79c64b14"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--253a1b51-e89e-4c63-9d8a-90b6a0c52ee7",
            "created": "1970-01-01T00:00:00.000Z",
            "modified": "1970-01-01T00:00:00.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--0169990c-9b31-46ab-980e-1afe3c03ffba",
            "target_ref": "x-misp-object--fa61597a-b824-47d0-96c2-47e43c4d71cf"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--52eacefc-598c-4722-b2b1-ce51c96d66a0",
            "created": "1970-01-01T00:00:00.000Z",
            "modified": "1970-01-01T00:00:00.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--93a7efc9-90a9-4cea-a6fd-a754fca62e27",
            "target_ref": "x-misp-object--aebc3c13-ac5c-41b2-85e3-e1eb16dfad53"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}