adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/595c89fd-d638-433e-b586-4a60950d210f.json

432 lines
18 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--595c89fd-d638-433e-b586-4a60950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-06T07:48:26.000Z",
"modified": "2017-07-06T07:48:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--595c89fd-d638-433e-b586-4a60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-06T07:48:26.000Z",
"modified": "2017-07-06T07:48:26.000Z",
"name": "OSINT - Analysis of TeleBots\u00e2\u20ac\u2122 cunning backdoor",
"published": "2017-07-06T07:48:29Z",
"object_refs": [
"observed-data--595c8a1b-87b0-47d3-b8c1-4488950d210f",
"url--595c8a1b-87b0-47d3-b8c1-4488950d210f",
"x-misp-attribute--595c8a34-a9c8-4848-9d2a-4059950d210f",
"x-misp-attribute--595c8a44-7348-442b-ad78-4150950d210f",
"observed-data--595c8a55-dea4-4b76-91d5-4095950d210f",
"domain-name--595c8a55-dea4-4b76-91d5-4095950d210f",
"indicator--595c8a67-f748-4d4b-9e6d-4231950d210f",
"indicator--595c8a67-f3e8-4c1f-92ef-49aa950d210f",
"indicator--595c8a67-873c-4735-a362-4f7d950d210f",
"indicator--595c8b18-cad4-4836-b9f1-4c8702de0b81",
"indicator--595c8b18-1e74-4a88-adfa-492802de0b81",
"observed-data--595c8b18-58b0-4e77-a3b9-4b5402de0b81",
"url--595c8b18-58b0-4e77-a3b9-4b5402de0b81",
"indicator--595c8b18-85d0-48bd-8690-430602de0b81",
"indicator--595c8b18-04d4-4133-b4c6-4b5502de0b81",
"observed-data--595c8b18-8d78-458a-bde0-43b902de0b81",
"url--595c8b18-8d78-458a-bde0-43b902de0b81",
"indicator--595c8b18-91b0-46d6-90d4-415602de0b81",
"indicator--595c8b18-0f48-4815-988c-4cbf02de0b81",
"observed-data--595c8b18-5990-458f-a79b-440b02de0b81",
"url--595c8b18-5990-458f-a79b-440b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--595c8a1b-87b0-47d3-b8c1-4488950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:47:03.000Z",
"modified": "2017-07-05T06:47:03.000Z",
"first_observed": "2017-07-05T06:47:03Z",
"last_observed": "2017-07-05T06:47:03Z",
"number_observed": 1,
"object_refs": [
"url--595c8a1b-87b0-47d3-b8c1-4488950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--595c8a1b-87b0-47d3-b8c1-4488950d210f",
"value": "https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--595c8a34-a9c8-4848-9d2a-4059950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:47:03.000Z",
"modified": "2017-07-05T06:47:03.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, the malware authors\u00e2\u20ac\u2122 intention was to cause damage, so they did all that they could to make data decryption very unlikely.\r\nIn our previous blogpost, we attributed this attack to the TeleBots group and uncovered details about other similar supply chain attacks against Ukraine. This article reveals details about the initial distribution vector that was used during the DiskCoder.C outbreak."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--595c8a44-7348-442b-ad78-4150950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/TeleDoor.A"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--595c8a55-dea4-4b76-91d5-4095950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"first_observed": "2017-07-05T06:45:44Z",
"last_observed": "2017-07-05T06:45:44Z",
"number_observed": 1,
"object_refs": [
"domain-name--595c8a55-dea4-4b76-91d5-4095950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--595c8a55-dea4-4b76-91d5-4095950d210f",
"value": "upd.me-doc.com.ua"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8a67-f748-4d4b-9e6d-4231950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"pattern": "[file:hashes.SHA1 = '7b051e7e7a82f07873fa360958acc6492e4385dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8a67-f3e8-4c1f-92ef-49aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"pattern": "[file:hashes.SHA1 = '7f3b1c56c180369ae7891483675bec61f3182f27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8a67-873c-4735-a362-4f7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"pattern": "[file:hashes.SHA1 = '3567434e2e49358e8210674641a20b147e0bd23c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-cad4-4836-b9f1-4c8702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 3567434e2e49358e8210674641a20b147e0bd23c",
"pattern": "[file:hashes.SHA256 = '2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-1e74-4a88-adfa-492802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 3567434e2e49358e8210674641a20b147e0bd23c",
"pattern": "[file:hashes.MD5 = '3efe62f6cb7285153114f888900a0962']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--595c8b18-58b0-4e77-a3b9-4b5402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"first_observed": "2017-07-05T06:45:44Z",
"last_observed": "2017-07-05T06:45:44Z",
"number_observed": 1,
"object_refs": [
"url--595c8b18-58b0-4e77-a3b9-4b5402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--595c8b18-58b0-4e77-a3b9-4b5402de0b81",
"value": "https://www.virustotal.com/file/2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277/analysis/1499236176/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-85d0-48bd-8690-430602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 7f3b1c56c180369ae7891483675bec61f3182f27",
"pattern": "[file:hashes.SHA256 = 'd462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-04d4-4133-b4c6-4b5502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 7f3b1c56c180369ae7891483675bec61f3182f27",
"pattern": "[file:hashes.MD5 = '87db6af04613f4bd70467720239117e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--595c8b18-8d78-458a-bde0-43b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"first_observed": "2017-07-05T06:45:44Z",
"last_observed": "2017-07-05T06:45:44Z",
"number_observed": 1,
"object_refs": [
"url--595c8b18-8d78-458a-bde0-43b902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--595c8b18-8d78-458a-bde0-43b902de0b81",
"value": "https://www.virustotal.com/file/d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac/analysis/1499232770/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-91b0-46d6-90d4-415602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 7b051e7e7a82f07873fa360958acc6492e4385dd",
"pattern": "[file:hashes.SHA256 = 'f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595c8b18-0f48-4815-988c-4cbf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"description": "- Xchecked via VT: 7b051e7e7a82f07873fa360958acc6492e4385dd",
"pattern": "[file:hashes.MD5 = '8f5718be4ba2c6e4f8ce1597248bb03f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-05T06:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--595c8b18-5990-458f-a79b-440b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-05T06:45:44.000Z",
"modified": "2017-07-05T06:45:44.000Z",
"first_observed": "2017-07-05T06:45:44Z",
"last_observed": "2017-07-05T06:45:44Z",
"number_observed": 1,
"object_refs": [
"url--595c8b18-5990-458f-a79b-440b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--595c8b18-5990-458f-a79b-440b02de0b81",
"value": "https://www.virustotal.com/file/f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740/analysis/1499234664/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink