{
    "type": "bundle",
    "id": "bundle--6cb112c1-67f3-461d-8389-88e26776c061",
    "spec_version": "2.0",
    "objects": [
        {
            "aliases": [
                "Moafee"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--2e5d3a83-fe00-41a5-9b60-237efc84832f",
            "type": "intrusion-set",
            "created": "2017-05-31T21:31:46.025Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0002",
                    "external_id": "G0002"
                },
                {
                    "source_name": "Moafee",
                    "description": "(Citation: Haq 2014)"
                },
                {
                    "url": "https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html",
                    "description": "Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.",
                    "source_name": "Haq 2014"
                }
            ],
            "modified": "2020-03-30T19:09:42.298Z",
            "name": "Moafee",
            "description": "[Moafee](https://attack.mitre.org/groups/G0002) is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group [DragonOK](https://attack.mitre.org/groups/G0017). (Citation: Haq 2014)",
            "x_mitre_version": "1.1",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}