misp-circl-feed/feeds/circl/stix-2.1/5761398f-31d0-46b0-808f-41de950d210f.json

317 lines
13 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5761398f-31d0-46b0-808f-41de950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T14:29:39.000Z",
"modified": "2016-06-15T14:29:39.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5761398f-31d0-46b0-808f-41de950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T14:29:39.000Z",
"modified": "2016-06-15T14:29:39.000Z",
"name": "OSINT Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team report by iSight",
"published": "2016-06-15T14:37:12Z",
"object_refs": [
"observed-data--576139cd-c990-43a1-a4a8-4bf3950d210f",
"url--576139cd-c990-43a1-a4a8-4bf3950d210f",
"indicator--576139e6-3f30-4918-b364-4153950d210f",
"indicator--57613a1d-35ec-44c0-8aec-4b7f950d210f",
"indicator--57613a1d-2914-4a97-aa60-44c8950d210f",
"indicator--57613a1d-6308-40a1-845c-4a40950d210f",
"indicator--57613a1d-13dc-43ee-8402-4e0c950d210f",
"x-misp-attribute--57613a36-abb0-413a-abcf-48ea950d210f",
"x-misp-attribute--57613a37-0114-48a8-8e8a-4be9950d210f",
"x-misp-attribute--57613a37-a08c-4103-874e-403f950d210f",
"indicator--57616653-a3f8-4374-9d69-b45602de0b81",
"indicator--57616653-8898-4177-ae78-b45602de0b81",
"observed-data--57616654-5384-4905-8b97-b45602de0b81",
"url--57616654-5384-4905-8b97-b45602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"OSINT",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576139cd-c990-43a1-a4a8-4bf3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:19:41.000Z",
"modified": "2016-06-15T11:19:41.000Z",
"first_observed": "2016-06-15T11:19:41Z",
"last_observed": "2016-06-15T11:19:41Z",
"number_observed": 1,
"object_refs": [
"url--576139cd-c990-43a1-a4a8-4bf3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576139cd-c990-43a1-a4a8-4bf3950d210f",
"value": "https://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leveraged-by-tsar-team/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576139e6-3f30-4918-b364-4153950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:20:06.000Z",
"modified": "2016-06-15T11:20:06.000Z",
"pattern": "[file:hashes.MD5 = '112c64f7c07a959a1cbff6621850a4ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T11:20:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613a1d-35ec-44c0-8aec-4b7f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:01.000Z",
"modified": "2016-06-15T11:21:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.172.11.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T11:21:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613a1d-2914-4a97-aa60-44c8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:01.000Z",
"modified": "2016-06-15T11:21:01.000Z",
"pattern": "[domain-name:value = 'wscapi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T11:21:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613a1d-6308-40a1-845c-4a40950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:01.000Z",
"modified": "2016-06-15T11:21:01.000Z",
"pattern": "[domain-name:value = 'tabsync.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T11:21:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613a1d-13dc-43ee-8402-4e0c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:01.000Z",
"modified": "2016-06-15T11:21:01.000Z",
"pattern": "[domain-name:value = 'storsvc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T11:21:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57613a36-abb0-413a-abcf-48ea950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:26.000Z",
"modified": "2016-06-15T11:21:26.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "APT28"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57613a37-0114-48a8-8e8a-4be9950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:27.000Z",
"modified": "2016-06-15T11:21:27.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Sofacy"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57613a37-a08c-4103-874e-403f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T11:21:27.000Z",
"modified": "2016-06-15T11:21:27.000Z",
"labels": [
"misp:type=\"threat-actor\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "threat-actor",
"x_misp_value": "Tsar Team"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57616653-a3f8-4374-9d69-b45602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T14:29:39.000Z",
"modified": "2016-06-15T14:29:39.000Z",
"description": "- Xchecked via VT: 112c64f7c07a959a1cbff6621850a4ad",
"pattern": "[file:hashes.SHA256 = '9e5fbd79d8febe7a162cd5200041772db60dc83244605b1ff37ef8d14334f512']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T14:29:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57616653-8898-4177-ae78-b45602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T14:29:39.000Z",
"modified": "2016-06-15T14:29:39.000Z",
"description": "- Xchecked via VT: 112c64f7c07a959a1cbff6621850a4ad",
"pattern": "[file:hashes.SHA1 = 'e7f7f6caaede6cc29c2e7e4888019f2d1be37cef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T14:29:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57616654-5384-4905-8b97-b45602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-06-15T14:29:40.000Z",
"modified": "2016-06-15T14:29:40.000Z",
"first_observed": "2016-06-15T14:29:40Z",
"last_observed": "2016-06-15T14:29:40Z",
"number_observed": 1,
"object_refs": [
"url--57616654-5384-4905-8b97-b45602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57616654-5384-4905-8b97-b45602de0b81",
"value": "https://www.virustotal.com/file/9e5fbd79d8febe7a162cd5200041772db60dc83244605b1ff37ef8d14334f512/analysis/1464765865/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}