cti-python-stix2/stix2/test/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json

{
    "id": "bundle--96a6ea7a-fcff-4aab-925b-a494bcdf0480",
    "objects": [
        {
            "aliases": [
                "DragonOK"
            ],
            "created": "2017-05-31T21:31:53.197755Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "description": "DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. [[Citation: Operation Quantum Entanglement]][[Citation: Symbiotic APT Groups]] It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. [[Citation: New DragonOK]]",
            "external_references": [
                {
                    "external_id": "G0017",
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/wiki/Group/G0017"
                },
                {
                    "description": "Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015.",
                    "source_name": "Operation Quantum Entanglement",
                    "url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf"
                },
                {
                    "description": "Haq, T. (2014, October). An Insight into Symbiotic APT Groups. Retrieved November 4, 2015.",
                    "source_name": "Symbiotic APT Groups",
                    "url": "https://dl.mandiant.com/EE/library/MIRcon2014/MIRcon%202014%20R&D%20Track%20Insight%20into%20Symbiotic%20APT.pdf"
                },
                {
                    "description": "Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.",
                    "source_name": "New DragonOK",
                    "url": "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/"
                }
            ],
            "id": "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a",
            "modified": "2017-05-31T21:31:53.197755Z",
            "name": "DragonOK",
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "intrusion-set"
        }
    ],
    "spec_version": "2.0",
    "type": "bundle"
}