adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/588dc8e3-8530-4b69-b71c-45ab02de0b81.json

571 lines
24 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--588dc8e3-8530-4b69-b71c-45ab02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:16:29.000Z",
"modified": "2017-01-29T11:16:29.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--588dc8e3-8530-4b69-b71c-45ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:16:29.000Z",
"modified": "2017-01-29T11:16:29.000Z",
"name": "OSINT - Spotlight on Shamoon",
"published": "2017-01-29T11:17:08Z",
"object_refs": [
"observed-data--588dc908-c720-44cd-ac77-48ba02de0b81",
"url--588dc908-c720-44cd-ac77-48ba02de0b81",
"x-misp-attribute--588dc921-8708-4d83-bd8d-427c02de0b81",
"indicator--588dc968-bb78-4c41-96f1-408b02de0b81",
"indicator--588dc969-8bdc-486c-9926-418a02de0b81",
"x-misp-attribute--588dcc50-9730-4404-8bf4-433e02de0b81",
"indicator--588dcdf5-4d30-4209-a9dc-42da02de0b81",
"indicator--588dcdf6-29fc-40c5-8cb4-49f602de0b81",
"indicator--588dcdf7-80bc-40f7-9b7b-4cf802de0b81",
"indicator--588dcdf7-d8e4-4c84-a739-4a5702de0b81",
"indicator--588dce3e-8374-40a5-8022-4b9302de0b81",
"indicator--588dce3f-ac54-47f8-8b58-460b02de0b81",
"observed-data--588dce40-8284-43bc-9271-480b02de0b81",
"url--588dce40-8284-43bc-9271-480b02de0b81",
"indicator--588dce40-69b4-44af-a9c6-4cee02de0b81",
"indicator--588dce41-08fc-43e9-a174-4f7302de0b81",
"observed-data--588dce42-8154-46d5-8412-447f02de0b81",
"url--588dce42-8154-46d5-8412-447f02de0b81",
"indicator--588dce43-c0f0-4c74-b4ef-4a9702de0b81",
"indicator--588dce43-d4d8-4cc6-9df0-42af02de0b81",
"observed-data--588dce44-56e4-463c-af1d-422402de0b81",
"url--588dce44-56e4-463c-af1d-422402de0b81",
"x-misp-attribute--588dce8a-7690-4918-9ab5-4b9302de0b81",
"x-misp-attribute--588dce8b-51a0-4787-85a9-490802de0b81",
"x-misp-attribute--588dce8c-fc80-44b6-bd92-41b502de0b81",
"observed-data--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Shamoon\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588dc908-c720-44cd-ac77-48ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:16:06.000Z",
"modified": "2017-01-29T11:16:06.000Z",
"first_observed": "2017-01-29T11:16:06Z",
"last_observed": "2017-01-29T11:16:06Z",
"number_observed": 1,
"object_refs": [
"url--588dc908-c720-44cd-ac77-48ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588dc908-c720-44cd-ac77-48ba02de0b81",
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/spotlight-on-shamoon/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588dc921-8708-4d83-bd8d-427c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T10:51:13.000Z",
"modified": "2017-01-29T10:51:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "All of the initial analysis pointed to Shamoon emerging in the Middle East. There were a number of similarities that we highlighted in our earlier blogs (on McAfee.com). This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 \u00e2\u20ac\u02dcShamoon incidents\u00e2\u20ac\u2122 had been reported from public to private sector."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dc968-bb78-4c41-96f1-408b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T10:52:24.000Z",
"modified": "2017-01-29T10:52:24.000Z",
"description": "hash 146a112cb01cd4b8e06d36304f6bdf7b and bf4b07c7b4a4504c4192bd68476d63b5 were connecting to this site",
"pattern": "[domain-name:value = 'winappupdater.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T10:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dc969-8bdc-486c-9926-418a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T10:52:25.000Z",
"modified": "2017-01-29T10:52:25.000Z",
"description": "hash 146a112cb01cd4b8e06d36304f6bdf7b and bf4b07c7b4a4504c4192bd68476d63b5 were connecting to this site",
"pattern": "[domain-name:value = 'update.winupdater.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T10:52:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588dcc50-9730-4404-8bf4-433e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:04:48.000Z",
"modified": "2017-01-29T11:04:48.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "winappupdater.com domain registered on 2016-11-25 by benyamin987@mail.com",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "benyamin987@mail.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dcdf5-4d30-4209-a9dc-42da02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:11:49.000Z",
"modified": "2017-01-29T11:11:49.000Z",
"pattern": "[file:hashes.MD5 = '146a112cb01cd4b8e06d36304f6bdf7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:11:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dcdf6-29fc-40c5-8cb4-49f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:11:50.000Z",
"modified": "2017-01-29T11:11:50.000Z",
"pattern": "[file:hashes.MD5 = 'bf4b07c7b4a4504c4192bd68476d63b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:11:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dcdf7-80bc-40f7-9b7b-4cf802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:11:51.000Z",
"modified": "2017-01-29T11:11:51.000Z",
"pattern": "[file:hashes.MD5 = 'a96d211795852b6b14e61327bbcc3473']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dcdf7-d8e4-4c84-a739-4a5702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:11:51.000Z",
"modified": "2017-01-29T11:11:51.000Z",
"pattern": "[file:hashes.SHA1 = '1507a4fdf65952dfa439e32480f42ccf1460b96f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce3e-8374-40a5-8022-4b9302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:02.000Z",
"modified": "2017-01-29T11:13:02.000Z",
"description": "- Xchecked via VT: a96d211795852b6b14e61327bbcc3473",
"pattern": "[file:hashes.SHA256 = '6b28a43eda5b6f828a65574e3f08a6d00e0acf84cbb94aac5cec5cd448a4649d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce3f-ac54-47f8-8b58-460b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:03.000Z",
"modified": "2017-01-29T11:13:03.000Z",
"description": "- Xchecked via VT: a96d211795852b6b14e61327bbcc3473",
"pattern": "[file:hashes.SHA1 = '4c85c5062ece9aec26b6bf6a785ec7e60c824b0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588dce40-8284-43bc-9271-480b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:04.000Z",
"modified": "2017-01-29T11:13:04.000Z",
"first_observed": "2017-01-29T11:13:04Z",
"last_observed": "2017-01-29T11:13:04Z",
"number_observed": 1,
"object_refs": [
"url--588dce40-8284-43bc-9271-480b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588dce40-8284-43bc-9271-480b02de0b81",
"value": "https://www.virustotal.com/file/6b28a43eda5b6f828a65574e3f08a6d00e0acf84cbb94aac5cec5cd448a4649d/analysis/1485493393/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce40-69b4-44af-a9c6-4cee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:04.000Z",
"modified": "2017-01-29T11:13:04.000Z",
"description": "- Xchecked via VT: bf4b07c7b4a4504c4192bd68476d63b5",
"pattern": "[file:hashes.SHA256 = '7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce41-08fc-43e9-a174-4f7302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:05.000Z",
"modified": "2017-01-29T11:13:05.000Z",
"description": "- Xchecked via VT: bf4b07c7b4a4504c4192bd68476d63b5",
"pattern": "[file:hashes.SHA1 = 'd843a65ad0e3c2f2fd87c30c6cb0f6b66d6355d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588dce42-8154-46d5-8412-447f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:06.000Z",
"modified": "2017-01-29T11:13:06.000Z",
"first_observed": "2017-01-29T11:13:06Z",
"last_observed": "2017-01-29T11:13:06Z",
"number_observed": 1,
"object_refs": [
"url--588dce42-8154-46d5-8412-447f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588dce42-8154-46d5-8412-447f02de0b81",
"value": "https://www.virustotal.com/file/7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c/analysis/1485493795/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce43-c0f0-4c74-b4ef-4a9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:06.000Z",
"modified": "2017-01-29T11:13:06.000Z",
"description": "- Xchecked via VT: 146a112cb01cd4b8e06d36304f6bdf7b",
"pattern": "[file:hashes.SHA256 = '319a001d09ee9d754e8789116bbb21a3c624c999dae9cf83fde90a3fbe67ee6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588dce43-d4d8-4cc6-9df0-42af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:07.000Z",
"modified": "2017-01-29T11:13:07.000Z",
"description": "- Xchecked via VT: 146a112cb01cd4b8e06d36304f6bdf7b",
"pattern": "[file:hashes.SHA1 = '0e47a027651133ab980dd040d3347d2028ffd32d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-29T11:13:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588dce44-56e4-463c-af1d-422402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:13:08.000Z",
"modified": "2017-01-29T11:13:08.000Z",
"first_observed": "2017-01-29T11:13:08Z",
"last_observed": "2017-01-29T11:13:08Z",
"number_observed": 1,
"object_refs": [
"url--588dce44-56e4-463c-af1d-422402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588dce44-56e4-463c-af1d-422402de0b81",
"value": "https://www.virustotal.com/file/319a001d09ee9d754e8789116bbb21a3c624c999dae9cf83fde90a3fbe67ee6c/analysis/1485491896/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588dce8a-7690-4918-9ab5-4b9302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:14:18.000Z",
"modified": "2017-01-29T11:14:18.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "F:\\Projects\\Bot Fresh\\Release\\Bot Fresh.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588dce8b-51a0-4787-85a9-490802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:14:19.000Z",
"modified": "2017-01-29T11:14:19.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588dce8c-fc80-44b6-bd92-41b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:14:20.000Z",
"modified": "2017-01-29T11:14:20.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "G:\\Projects\\Bot\\Bots\\Bot5\\Release\\Ism.pdb"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-29T11:16:29.000Z",
"modified": "2017-01-29T11:16:29.000Z",
"first_observed": "2017-01-29T11:16:29Z",
"last_observed": "2017-01-29T11:16:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"src_ref": "ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
"value": "58.158.177.102"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink