adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5ec2382b-1f78-40cf-b07b-4d5d950d210f.json

428 lines
17 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5ec2382b-1f78-40cf-b07b-4d5d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:37:33.000Z",
"modified": "2020-05-18T07:37:33.000Z",
"name": "MalwareMustDie",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5ec2382b-1f78-40cf-b07b-4d5d950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:37:33.000Z",
"modified": "2020-05-18T07:37:33.000Z",
"name": "KuGou trojan backdoor campaign aim RDP on HFS panels",
"published": "2020-05-18T07:37:41Z",
"object_refs": [
"observed-data--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"network-traffic--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"ipv4-addr--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"observed-data--5ec2394a-f734-48cb-8aba-459e950d210f",
"network-traffic--5ec2394a-f734-48cb-8aba-459e950d210f",
"ipv4-addr--5ec2394a-f734-48cb-8aba-459e950d210f",
"observed-data--5ec23980-1e14-49e1-b225-4c42950d210f",
"network-traffic--5ec23980-1e14-49e1-b225-4c42950d210f",
"ipv4-addr--5ec23980-1e14-49e1-b225-4c42950d210f",
"observed-data--5ec239db-3410-4faf-8e04-45d4950d210f",
"domain-name--5ec239db-3410-4faf-8e04-45d4950d210f",
"observed-data--5ec239db-0060-4a17-8f3e-4c40950d210f",
"domain-name--5ec239db-0060-4a17-8f3e-4c40950d210f",
"observed-data--5ec23a17-d498-49bd-ad7e-4882950d210f",
"file--5ec23a17-d498-49bd-ad7e-4882950d210f",
"observed-data--5ec23a17-432c-4a62-b39f-4b43950d210f",
"file--5ec23a17-432c-4a62-b39f-4b43950d210f",
"observed-data--5ec23a17-a228-41c4-9f53-4cf8950d210f",
"file--5ec23a17-a228-41c4-9f53-4cf8950d210f",
"observed-data--5ec23a17-1c44-4a72-9f22-48cb950d210f",
"file--5ec23a17-1c44-4a72-9f22-48cb950d210f",
"observed-data--5ec23a17-7688-428f-8682-4184950d210f",
"file--5ec23a17-7688-428f-8682-4184950d210f",
"observed-data--5ec23a61-9110-4bbe-86aa-4805950d210f",
"file--5ec23a61-9110-4bbe-86aa-4805950d210f",
"observed-data--5ec23a62-0924-4357-88d9-44ce950d210f",
"file--5ec23a62-0924-4357-88d9-44ce950d210f",
"observed-data--5ec23acb-c50c-4331-aad2-4e25950d210f",
"url--5ec23acb-c50c-4331-aad2-4e25950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ms-caro-malware:malware-type=\"Backdoor\"",
"ms-caro-malware:malware-type=\"TrojanDownloader\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:29:06.000Z",
"modified": "2020-05-18T07:29:06.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-17T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"ipv4-addr--5ec23942-0cd4-4e0e-b8a2-4374950d210f"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"src_ref": "ipv4-addr--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"value": "192.161.86.218"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec2394a-f734-48cb-8aba-459e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:29:14.000Z",
"modified": "2020-05-18T07:29:14.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-17T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec2394a-f734-48cb-8aba-459e950d210f",
"ipv4-addr--5ec2394a-f734-48cb-8aba-459e950d210f"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec2394a-f734-48cb-8aba-459e950d210f",
"src_ref": "ipv4-addr--5ec2394a-f734-48cb-8aba-459e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec2394a-f734-48cb-8aba-459e950d210f",
"value": "162.209.193.211"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23980-1e14-49e1-b225-4c42950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:30:08.000Z",
"modified": "2020-05-18T07:30:08.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-17T00:00:00Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5ec23980-1e14-49e1-b225-4c42950d210f",
"ipv4-addr--5ec23980-1e14-49e1-b225-4c42950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5ec23980-1e14-49e1-b225-4c42950d210f",
"dst_ref": "ipv4-addr--5ec23980-1e14-49e1-b225-4c42950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5ec23980-1e14-49e1-b225-4c42950d210f",
"value": "111.229.231.218"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec239db-3410-4faf-8e04-45d4950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:31:39.000Z",
"modified": "2020-05-18T07:31:39.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-17T00:00:00Z",
"number_observed": 1,
"object_refs": [
"domain-name--5ec239db-3410-4faf-8e04-45d4950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5ec239db-3410-4faf-8e04-45d4950d210f",
"value": "a222222.f3322.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec239db-0060-4a17-8f3e-4c40950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:31:39.000Z",
"modified": "2020-05-18T07:31:39.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-17T00:00:00Z",
"number_observed": 1,
"object_refs": [
"domain-name--5ec239db-0060-4a17-8f3e-4c40950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5ec239db-0060-4a17-8f3e-4c40950d210f",
"value": "moqi.f3322.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a17-d498-49bd-ad7e-4882950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:32:39.000Z",
"modified": "2020-05-18T07:32:39.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a17-d498-49bd-ad7e-4882950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a17-d498-49bd-ad7e-4882950d210f",
"hashes": {
"MD5": "ca3f461b313f3daec1f01a901b56c24e"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a17-432c-4a62-b39f-4b43950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:32:39.000Z",
"modified": "2020-05-18T07:32:39.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a17-432c-4a62-b39f-4b43950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a17-432c-4a62-b39f-4b43950d210f",
"hashes": {
"MD5": "d5a36d65adf01a8bbad1546c3e113695"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a17-a228-41c4-9f53-4cf8950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:32:39.000Z",
"modified": "2020-05-18T07:32:39.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a17-a228-41c4-9f53-4cf8950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a17-a228-41c4-9f53-4cf8950d210f",
"hashes": {
"MD5": "27ce0cd60fd409023e84fcbd03b113c0"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a17-1c44-4a72-9f22-48cb950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:32:39.000Z",
"modified": "2020-05-18T07:32:39.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a17-1c44-4a72-9f22-48cb950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a17-1c44-4a72-9f22-48cb950d210f",
"hashes": {
"MD5": "8c19d83ff359a1b77cb06939c2e5f0cb"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a17-7688-428f-8682-4184950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:32:39.000Z",
"modified": "2020-05-18T07:32:39.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a17-7688-428f-8682-4184950d210f"
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a17-7688-428f-8682-4184950d210f",
"hashes": {
"MD5": "1444bebbb5deb71e3243aec2ac0d78e5"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a61-9110-4bbe-86aa-4805950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:33:53.000Z",
"modified": "2020-05-18T07:33:53.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a61-9110-4bbe-86aa-4805950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a61-9110-4bbe-86aa-4805950d210f",
"name": "1521"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23a62-0924-4357-88d9-44ce950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:33:54.000Z",
"modified": "2020-05-18T07:33:54.000Z",
"first_observed": "2020-05-16T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"file--5ec23a62-0924-4357-88d9-44ce950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ec23a62-0924-4357-88d9-44ce950d210f",
"name": "NetSyst96.dl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ec23acb-c50c-4331-aad2-4e25950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2020-05-18T07:37:33.000Z",
"modified": "2020-05-18T07:37:33.000Z",
"first_observed": "2020-05-15T00:00:00Z",
"last_observed": "2020-05-18T00:00:00Z",
"number_observed": 1,
"object_refs": [
"url--5ec23acb-c50c-4331-aad2-4e25950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"Internal reference\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ec23acb-c50c-4331-aad2-4e25950d210f",
"value": "https://twitter.com/malwaremustd1e/status/1262274362872229888"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink