117 lines
267 KiB
JSON
117 lines
267 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5dbae2a1-4100-4d07-8d83-4974950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-11-04T11:47:22.000Z",
|
||
|
"modified": "2019-11-04T11:47:22.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--5dbae2a1-4100-4d07-8d83-4974950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-11-04T11:47:22.000Z",
|
||
|
"modified": "2019-11-04T11:47:22.000Z",
|
||
|
"name": "OSINT -Advisory: Turla group exploits Iranian APT to expand coverage of victims",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"observed-data--5dbae2d6-4698-4cda-9886-44d0950d210f",
|
||
|
"url--5dbae2d6-4698-4cda-9886-44d0950d210f",
|
||
|
"observed-data--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"file--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"artifact--5dbaff2b-a9f8-4a99-b4c0-4020950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"",
|
||
|
"misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"",
|
||
|
"misp-galaxy:threat-actor=\"Turla Group\"",
|
||
|
"misp-galaxy:malpedia=\"Nautilus\"",
|
||
|
"misp-galaxy:malpedia=\"Neuron\"",
|
||
|
"misp-galaxy:tool=\"Nautilus\"",
|
||
|
"misp-galaxy:tool=\"Neuron\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5dbae2d6-4698-4cda-9886-44d0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-10-31T13:34:14.000Z",
|
||
|
"modified": "2019-10-31T13:34:14.000Z",
|
||
|
"first_observed": "2019-10-31T13:34:14Z",
|
||
|
"last_observed": "2019-10-31T13:34:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5dbae2d6-4698-4cda-9886-44d0950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5dbae2d6-4698-4cda-9886-44d0950d210f",
|
||
|
"value": "https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2019-10-31T15:35:07.000Z",
|
||
|
"modified": "2019-10-31T15:35:07.000Z",
|
||
|
"first_observed": "2019-10-31T15:35:07Z",
|
||
|
"last_observed": "2019-10-31T15:35:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"artifact--5dbaff2b-a9f8-4a99-b4c0-4020950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"name": "Turla advisory UK FINAL.pdf",
|
||
|
"content_ref": "artifact--5dbaff2b-a9f8-4a99-b4c0-4020950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5dbaff2b-a9f8-4a99-b4c0-4020950d210f",
|
||
|
"payload_bin": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhlbi1HQikgL1N0cnVjdFRyZWVSb290IDQ0IDAgUi9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgMjA0IDAgUi9WaWV3ZXJQcmVmZXJlbmNlcyAyMDUgMCBSPj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCA2L0tpZHNbIDMgMCBSIDIxIDAgUiAzMiAwIFIgMzYgMCBSIDM5IDAgUiA0MSAwIFJdID4+DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YxIDUgMCBSL0YyIDkgMCBSL0YzIDE0IDAgUi9GNCAxNiAwIFI+Pi9FeHRHU3RhdGU8PC9HUzcgNyAwIFIvR1M4IDggMCBSPj4vWE9iamVjdDw8L0ltYWdlMTEgMTEgMCBSL0ltYWdlMTMgMTMgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VCL0ltYWdlQy9JbWFnZUldID4+L01lZGlhQm94WyAwIDAgNTk1LjMyIDg0MS45Ml0gL0NvbnRlbnRzIDQgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0UGFyZW50cyAwPj4NCmVuZG9iag0KNCAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCAxMjUyPj4NCnN0cmVhbQ0KeJzFWV1v2zYUfTfg/8BHu4ApXn6zCAIkTttlWNds9rYCQR9UR3ENNJYrK+ny73cpO6thi5Ht0G4eAlJidM69vB+HTHJWlJPbdFSSk5PkrCzT0Zfshlwnw3z2KRk+zrLkKh1Ppmk5yafJ4P5z6R/9kqU3WXF6Ss4v+uRbu8Uo8z/WGiCMKKeo4MRKoI6TImu3/nlFpu3W+bDdSt4CAaBMkuFtu+VXMwLEcMq4JMZpyiwZ3uG6dwNDxnP8NBlXM7ucvWu3rjuk+4kMf2233uAX/2i3IjDgzlBtVhlUwAfDU1xQKWPjxeH2tBuWUy1jciNv3vdJEgi487ws87twzL3N83LfmOMEFHW6bseFpfoAVpLkytv3vn95QVj8RFGOysaw2SAC8YhwxakSRDtGpV4jQvDjXJHhCBkdIFOVocrUI1eAPYmOcAeBNvgF9VOMNpK67Yz2I9LVNUP//gCFjFMrG5g9x2qN4PNLg6tWH8Y2UXN0vg2a2JB0vD7ptAUq9BMbrSmskgGLWKLCV5oKzHuEBwqCjHxzvLxLxxkAuchJHaRYgWwA4sCoVgsgRbkEIoBTvshs7VbhRAhOLuHQPMAiyyiAxN/calKgnyT3CKAqZMUMNYpIJ6iqaNy+8n7BR9+XHm1YP1gS+FZ9GOEAayHujl+IlVFaRdG7PwxcJap++GWrv12EhPA9Yj3q0UhNNDqPLSICfETAIiLObh4m87x4fL0RiS9E5Uz7PQnA1gfiYJZO/3eATn5Lp2PSyaa9vwbdaN7gYHxoBngN74uvaRczc1zk97PN9IyyFUrjVzags39nX/NJV3TKObks0mn0DcGcARMAn6DN8SEFq5bWQ0Z3rgBNecjAs6thdDysOkIeyzrJGMLUgZGeL2YKqn5e5tGBBaoneywzlxmCEljVpkg6vYmOCbhUqhDoKH/ICuwpJMccuY0ftU6iqA+BP0xG5eRu3tC2TbxegWUR+3eATZN8sJF7ltSYYbvTcLFpYBmD3WkA25MHyHoeAk9UxuzOA+LxwL+3lghpqBC7E+HRiaCgZ7A7ERGbCHfaH/R2JiKjEzFA/dFuVyL7ys0wEamo2yNGdDQi0l9AaMI5Hk82s/fvrJh3e6IzyafVWROHgAPqB+xlRT7sk3oqjT7Zt77X+IQb323AVVpwnQgHdAnvlF4Aez98QIeMcFL6Sf45K7rAFm84np4O5KQAt0Yn7dt8NokIPNBafKEtNXJdbPlbFTzXBO5OdkCWtcgIaeuRr08Yc/I0stOFc9QEAF+q7mrCj4kq/Orh+j6yiq7t5N/9aJGXcvE4n+HssVowGeOSL1VMLmMRX70sHGsvi5bhuJVrNsNxXxESzgspKNidifCIKmRJBE/Qdtsj/QqR6DLEcSr57lvD48mQZYvRhgLbJPIzWkyASqNP4iki4e+8FZGAlWyTyJ/e+Oy2qzpZkU19PxlVT17jE5/sv/tZHweDfvTio50vrgFivehwRvrrgQDch9kcLU68tR8/Ro8FlMV4ijuWpQpFRcDQ6m6CaZ+l2DAPphkCljZGfTz5LbmglmO3wD0/RiNFl1dCoRbO6zi1LuNw8KTjfNoVsXrnc51iK29sbst+h5GQoFKS9Fz1H9Uj6Sll6wEPo6dC5i3lVI4bXCenHjFCUEqhjlIHl/RbeeMpEv4D8siMgA0KZW5kc3RyZWFtDQplbmRvYmoNCjUgMCBvYmoNCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVUeXBlL05hbWUvRjEvQmFzZUZvbnQvQkNERUVFK0NhbGlicmkvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnREZXNjcmlwdG9yIDYgMCBSL0ZpcnN0Q2hhciAzMi9MYXN0Q2hhciAxMTEvV2lkdGhzIDE4OSAwIFI+Pg0KZW5kb2JqDQo2IDAgb2JqDQo8PC9UeXBlL0ZvbnREZXNjcmlwdG9yL0ZvbnROYW1lL0JDREVFRStDYWxpYnJpL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNjZW50IDc1MC9EZXNjZW50IC0yNTAvQ2FwSGVpZ2h0IDc1MC9BdmdXaWR0aCA1MjEvTWF4V2lkdGggMTc0My9Gb250V2VpZ2h0IDQwMC9YSGVpZ2h0IDI1MC9TdGVtViA1Mi9Gb250QkJveFsgLTUwMyAtMjUwIDEyNDAgNzUwXSAvRm9udEZpbGUyIDE5MCAwIFI+Pg0KZW5kb2JqDQo3IDAgb2JqDQo8PC9UeXBlL0V4dEdTdGF0ZS9CTS9Ob3JtYWwvY2EgMT4+DQplbmRvYmoNCjggMCBvYmoNCjw8L1R5cGUvRXh0R1N0YXRlL0JNL05vcm1hbC9DQSAxPj4NCmVuZG9iag0KOSAwIG9iag0KPDwvVHlwZS9Gb250L1N1YnR5cGUvVHJ1ZVR5cGUvTmFtZS9GMi9CYXNlRm9udC9BcmlhbC1Cb2xkTVQvRW5jb2RpbmcvV2luQW5zaUVuY29kaW5nL0ZvbnREZXNjcmlwdG9yIDEwIDAgUi9GaXJzdENoYXIgMzIvTGFzdENoYXIgMTIxL1dpZHRocyAxOTEgMCBSPj4NCmVuZG9iag0KMTAgMCBvYmoNCjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQXJpYWwtQm9sZE1UL0ZsYWdzIDMyL0l0YWxpY0FuZ2xlIDAvQXNjZW50IDkwNS9EZXNjZW50IC0yMTAvQ2FwSGVpZ2h0IDcyOC9BdmdXaWR0aCA0NzkvTWF4V2lkdGggMjYyOC9Gb250V2VpZ2h0IDcwMC9YSGVpZ2h0IDI1MC9MZWFkaW5nIDMzL1N0ZW1WIDQ3L0ZvbnRCQm94WyAtNjI4IC0yMTAgMjAwMCA3MjhdID4+DQplbmRvYmoNCjExIDAgb2JqDQo8PC9UeXBlL1hPYmplY3QvU3VidHlwZS9JbWFnZS9XaWR0aCAyNjYvSGVpZ2h0IDgzL0NvbG9yU3BhY2UvRGV2aWNlUkdCL0JpdHNQZXJDb21wb25lbnQgOC9JbnRlcnBvbGF0ZSBmYWxzZS9TTWFzayAxMiAwIFIvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA4NzcxPj4NCnN0cmVhbQ0KeJztndlyGzuShrnvm3aSIilbZ+k+0xNz0x0xl3PR7/9O8+H
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|