adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/565d5025-a6bc-4a5f-b19b-a175950d210b.json

450 lines
19 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--565d5025-a6bc-4a5f-b19b-a175950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:52:48.000Z",
"modified": "2015-12-01T07:52:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--565d5025-a6bc-4a5f-b19b-a175950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:52:48.000Z",
"modified": "2015-12-01T07:52:48.000Z",
"name": "OSINT - PlugX-\u00d1\u201a \u00d3\u00a9\u00d1\u20ac\u00d1\u201a\u00d1\u0081\u00d3\u00a9\u00d0\u00bd \u00d1\u0081\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b5\u00d0\u00bc\u00d0\u00b8\u00d0\u00b9\u00d0\u00b3 \u00d1\u2020\u00d1\u008d\u00d0\u00b2\u00d1\u008d\u00d1\u20ac\u00d0\u00bb\u00d1\u008d\u00d1\u2026 \u00d0\u00bd\u00d1\u0152",
"published": "2015-12-01T07:55:34Z",
"object_refs": [
"observed-data--565d50a0-00c4-44a3-a0d7-ebbc950d210b",
"url--565d50a0-00c4-44a3-a0d7-ebbc950d210b",
"indicator--565d50cd-7a1c-4ee9-90e3-c759950d210b",
"indicator--565d50ce-736c-44e8-8cd0-c759950d210b",
"indicator--565d50ce-3a40-4ad0-b0aa-c759950d210b",
"indicator--565d50ce-1e74-4ef6-8aca-c759950d210b",
"indicator--565d511d-256c-4ed1-a7a7-a18a950d210b",
"indicator--565d511e-0044-404a-af6e-a18a950d210b",
"indicator--565d5155-d3e8-41e0-a5b5-ed8e950d210b",
"indicator--565d5155-ad04-4be9-bf41-ed8e950d210b",
"indicator--565d5155-f11c-4a5a-bb67-ed8e950d210b",
"indicator--565d5156-698c-46f3-873f-ed8e950d210b",
"indicator--565d5156-0bc0-48e1-a9c8-ed8e950d210b",
"indicator--565d5157-875c-49f2-85d6-ed8e950d210b",
"indicator--565d5157-9c84-455a-b1db-ed8e950d210b",
"indicator--565d5157-32fc-4263-a45e-ed8e950d210b",
"observed-data--565d5198-14d8-4147-aabe-ebed950d210b",
"url--565d5198-14d8-4147-aabe-ebed950d210b",
"x-misp-attribute--565d51d0-5414-4538-a2a9-a18a950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--565d50a0-00c4-44a3-a0d7-ebbc950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:47:44.000Z",
"modified": "2015-12-01T07:47:44.000Z",
"first_observed": "2015-12-01T07:47:44Z",
"last_observed": "2015-12-01T07:47:44Z",
"number_observed": 1,
"object_refs": [
"url--565d50a0-00c4-44a3-a0d7-ebbc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--565d50a0-00c4-44a3-a0d7-ebbc950d210b",
"value": "http://blog.safebit.mn/2015/11/plugx.html"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d50cd-7a1c-4ee9-90e3-c759950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:48:29.000Z",
"modified": "2015-12-01T07:48:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.64.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:48:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d50ce-736c-44e8-8cd0-c759950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:48:30.000Z",
"modified": "2015-12-01T07:48:30.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.207.152.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d50ce-3a40-4ad0-b0aa-c759950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:48:30.000Z",
"modified": "2015-12-01T07:48:30.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.126.24.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d50ce-1e74-4ef6-8aca-c759950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:48:30.000Z",
"modified": "2015-12-01T07:48:30.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.208.206.172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d511d-256c-4ed1-a7a7-a18a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:49:49.000Z",
"modified": "2015-12-01T07:49:49.000Z",
"pattern": "[domain-name:value = 'catologipdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:49:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d511e-0044-404a-af6e-a18a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:49:50.000Z",
"modified": "2015-12-01T07:49:50.000Z",
"pattern": "[domain-name:value = 'google.lookipv6.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5155-d3e8-41e0-a5b5-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:45.000Z",
"modified": "2015-12-01T07:50:45.000Z",
"pattern": "[domain-name:value = 'teever.mn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5155-ad04-4be9-bf41-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:45.000Z",
"modified": "2015-12-01T07:50:45.000Z",
"pattern": "[domain-name:value = 'goodmongol.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5155-f11c-4a5a-bb67-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:45.000Z",
"modified": "2015-12-01T07:50:45.000Z",
"pattern": "[domain-name:value = 'baatarhuu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5156-698c-46f3-873f-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:46.000Z",
"modified": "2015-12-01T07:50:46.000Z",
"pattern": "[domain-name:value = 'mongolbaatar.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5156-0bc0-48e1-a9c8-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:46.000Z",
"modified": "2015-12-01T07:50:46.000Z",
"pattern": "[domain-name:value = 'mol-government.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5157-875c-49f2-85d6-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:47.000Z",
"modified": "2015-12-01T07:50:47.000Z",
"pattern": "[domain-name:value = 'molnews.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5157-9c84-455a-b1db-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:47.000Z",
"modified": "2015-12-01T07:50:47.000Z",
"pattern": "[domain-name:value = 'heritageblog.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565d5157-32fc-4263-a45e-ed8e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:50:47.000Z",
"modified": "2015-12-01T07:50:47.000Z",
"pattern": "[domain-name:value = 'firefox-sync.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-12-01T07:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--565d5198-14d8-4147-aabe-ebed950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:51:52.000Z",
"modified": "2015-12-01T07:51:52.000Z",
"first_observed": "2015-12-01T07:51:52Z",
"last_observed": "2015-12-01T07:51:52Z",
"number_observed": 1,
"object_refs": [
"url--565d5198-14d8-4147-aabe-ebed950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--565d5198-14d8-4147-aabe-ebed950d210b",
"value": "http://labs.lastline.com/an-analysis-of-plugx"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--565d51d0-5414-4538-a2a9-a18a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-12-01T07:52:48.000Z",
"modified": "2015-12-01T07:52:48.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "PlugX\r\nPlugX (Korplug / Sogu / Gulpix / Thoper / Destroy RAT) used in attacks in several art Remote Access Trojan (RAT) is a type of harmful software. This program is expected to come from China and used in attacks directed mainly to Asian countries. In 2012, the first known to the world, and are registered in several versions since then.\r\nAccording to the researchers, the program has developed a high level of software projects. PlugX-configuration and security experts, Antivirus masking technologies are always updated with the \"hard parts\".\r\n\r\nPlugX attacks in Mongolia\r\nOur state of the harmful information on the program affected by several attacks\r\nexternal sites, the researchers cited in the story. In 2013, the \"Royal Quest\" international military maneuvers used to file to the Ministry of Defense in 2014 there was information about an attack aimed at a children's cancer diagnosis, and treatment-related attacks, according to the center. In addition, private companies are more likely to be attacked using the editor.\r\nIn this article, our experts based their analysis on the company\r\nPlugX prepared in general, information on how to clean the system under attack, is lead counsel."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink