misp-circl-feed/feeds/circl/stix-2.1/013585af-ba0a-480a-8f2f-48df896d9229.json

541 lines
22 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--013585af-ba0a-480a-8f2f-48df896d9229",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T12:40:21.000Z",
"modified": "2022-08-19T12:40:21.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--013585af-ba0a-480a-8f2f-48df896d9229",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T12:40:21.000Z",
"modified": "2022-08-19T12:40:21.000Z",
"name": "OSINT - JSSLoader: the shellcode edition",
"published": "2022-08-19T12:40:55Z",
"object_refs": [
"indicator--33ff2767-0cd0-4f23-8d5e-ef4e7c599a31",
"indicator--328fe82a-fbab-4589-9a7b-11e5caef263a",
"indicator--42764a9c-4661-481b-acd0-66649ddcf5cb",
"indicator--6b066e8f-f78f-43f4-9331-8cdd54c8e719",
"indicator--3d35309b-d8b1-4c14-b565-2d158cbc6b59",
"indicator--92e60ec9-126c-4708-b444-04ade49d2d2c",
"indicator--2281dea8-11e1-4763-976a-f312d7fb0154",
"indicator--9a498744-8261-428a-98bf-49d000228346",
"indicator--b765a67f-1c41-4c2f-92c0-c654b37adff5",
"indicator--e081fdb9-1972-4090-bfc4-123e792897a1",
"indicator--6d0ce48e-c437-46de-ae24-7472fbea594b",
"indicator--1406da62-389f-4c9b-8112-8a2eeb651c48",
"indicator--8d74be00-dc29-43aa-8497-db3684056d65",
"indicator--79754502-9a01-49f3-858f-9696336fd465",
"indicator--d72a4609-ff18-46b7-8921-eac3740002d4",
"indicator--00698b4e-497c-459d-94fa-e12da80c9008",
"indicator--cfdc5e5b-057b-49cd-b9db-646250947783",
"x-misp-object--aaff4760-ea84-46a6-a79a-27919f325ed3",
"observed-data--9560a135-3e58-4c09-bade-b3109a40ec35",
"user-account--9560a135-3e58-4c09-bade-b3109a40ec35",
"observed-data--c41f294b-2395-4d53-a671-577483c9180b",
"user-account--c41f294b-2395-4d53-a671-577483c9180b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\"",
"misp-galaxy:threat-actor=\"FIN7\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33ff2767-0cd0-4f23-8d5e-ef4e7c599a31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = 'cc2171d14d0d3c4d117155185f7c911f781aac15b57adef6c32eb0149d5da3ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--328fe82a-fbab-4589-9a7b-11e5caef263a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = 'bf1371e2d79115fc7cfc89266cd7a59c02b04a74e1246435392eb5e20c661d8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--42764a9c-4661-481b-acd0-66649ddcf5cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = 'b08e713196b712c42da2df9da7836d270306065fbf6d4720f25d80e4104daf38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6b066e8f-f78f-43f4-9331-8cdd54c8e719",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = '7a234d1a2415834290a3a9c7274aadb7253dcfe24edb10b22f1a4a33fd027a08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3d35309b-d8b1-4c14-b565-2d158cbc6b59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = '7a17ef218eebfdd4d3e70add616adcd5b78105becd6616c88b79b261d1a78fdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--92e60ec9-126c-4708-b444-04ade49d2d2c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = '410cd107dfd37752936bd20d022ea614cd373aa9d37db255f65dc434e653236a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2281dea8-11e1-4763-976a-f312d7fb0154",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:56:44.000Z",
"modified": "2022-08-19T11:56:44.000Z",
"pattern": "[file:hashes.SHA256 = '35f5c781d61d398ce47a8881228346a81afb4915bf083518bf2b4cc8d6a2685b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a498744-8261-428a-98bf-49d000228346",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.SHA1 = '529f476f952fd1526d2038cb0012e5bdd8a702f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b765a67f-1c41-4c2f-92c0-c654b37adff5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.SHA1 = '0eaf6289dd7ebe8ae0879a4a72d1518e1d4ffac9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e081fdb9-1972-4090-bfc4-123e792897a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.MD5 = 'f1aff007c04c6fd3739dbeac537edaaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d0ce48e-c437-46de-ae24-7472fbea594b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.MD5 = '4a1e60be00e59617d53122d70c64506c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1406da62-389f-4c9b-8112-8a2eeb651c48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.MD5 = '4961aec62fac8beeafffa5bfc841fab8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8d74be00-dc29-43aa-8497-db3684056d65",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.MD5 = '2956c03bff952b22387eed8172a26ba5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79754502-9a01-49f3-858f-9696336fd465",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:58:24.000Z",
"modified": "2022-08-19T11:58:24.000Z",
"pattern": "[file:hashes.MD5 = '1e12ac069c1898ffe271ebdfcbd689c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d72a4609-ff18-46b7-8921-eac3740002d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:59:12.000Z",
"modified": "2022-08-19T11:59:12.000Z",
"pattern": "[file:hashes.SHA1 = 'd2742d7c4b7454745795c547594bb4f9dbddecfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:59:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00698b4e-497c-459d-94fa-e12da80c9008",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:59:12.000Z",
"modified": "2022-08-19T11:59:12.000Z",
"pattern": "[file:hashes.SHA1 = '9d0f6c8be3214eee1dda6ebb4bb41ef97cfe28b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:59:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cfdc5e5b-057b-49cd-b9db-646250947783",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T11:59:12.000Z",
"modified": "2022-08-19T11:59:12.000Z",
"pattern": "[file:hashes.SHA1 = '5c7b4da950b0f1845b38ef1aa11ca41b4731c766']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-19T11:59:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aaff4760-ea84-46a6-a79a-27919f325ed3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T12:05:45.000Z",
"modified": "2022-08-19T12:05:45.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://malwarebytes.app.box.com/s/ym6r7o5hq0rx2nxjbctfv2sw5vx386ni",
"category": "External analysis",
"uuid": "fadbc54c-4adb-46b8-9d9e-b001f35b0f44"
},
{
"type": "text",
"object_relation": "summary",
"value": "JSSLoader: the shellcode edition",
"category": "Other",
"uuid": "ddcaf51a-7f89-4427-b93d-82804562da14"
},
{
"type": "text",
"object_relation": "type",
"value": "Report",
"category": "Other",
"uuid": "8555a473-687e-475b-943b-1d9cdb633669"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--9560a135-3e58-4c09-bade-b3109a40ec35",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T12:11:14.000Z",
"modified": "2022-08-19T12:11:14.000Z",
"first_observed": "2022-08-19T12:11:14Z",
"last_observed": "2022-08-19T12:11:14Z",
"number_observed": 1,
"object_refs": [
"user-account--9560a135-3e58-4c09-bade-b3109a40ec35"
],
"labels": [
"misp:name=\"github-user\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"False\""
]
},
{
"type": "user-account",
"spec_version": "2.1",
"id": "user-account--9560a135-3e58-4c09-bade-b3109a40ec35",
"account_login": "hasherezade",
"account_type": "github",
"x_misp_repository": "https://gist.github.com/hasherezade/6eb355c2c81e640e7470fafe4db3f069"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--c41f294b-2395-4d53-a671-577483c9180b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-08-19T12:13:37.000Z",
"modified": "2022-08-19T12:13:37.000Z",
"first_observed": "2022-08-19T12:13:37Z",
"last_observed": "2022-08-19T12:13:37Z",
"number_observed": 1,
"object_refs": [
"user-account--c41f294b-2395-4d53-a671-577483c9180b"
],
"labels": [
"misp:name=\"github-user\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"False\""
]
},
{
"type": "user-account",
"spec_version": "2.1",
"id": "user-account--c41f294b-2395-4d53-a671-577483c9180b",
"account_login": "hasherezade",
"account_type": "github",
"x_misp_repository": "https://gist.github.com/hasherezade/4048e435cda43be374277afb06744ab1"
}
]
}