adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/598db7fd-47a8-45f8-9414-408b02de0b81.json

367 lines
15 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--598db7fd-47a8-45f8-9414-408b02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--598db7fd-47a8-45f8-9414-408b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"name": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
"published": "2017-08-11T14:01:50Z",
"object_refs": [
"indicator--598db84e-d5bc-4fc7-a9e7-43d002de0b81",
"indicator--598db84f-48cc-4420-a5b5-4c7a02de0b81",
"indicator--598db84f-f9a4-42a3-b8ed-4ec902de0b81",
"indicator--598db84f-fbcc-473b-890f-4f3b02de0b81",
"indicator--598db84f-f2bc-4f0b-baf7-4adc02de0b81",
"observed-data--598db870-f50c-441d-85e2-4f2f02de0b81",
"url--598db870-f50c-441d-85e2-4f2f02de0b81",
"x-misp-attribute--598db880-780c-4b6e-ab6d-447102de0b81",
"indicator--598db8c1-09e8-4253-b562-464802de0b81",
"indicator--598db8c1-8360-4ac9-85e3-47db02de0b81",
"observed-data--598db8c1-cc68-411c-ab76-41bb02de0b81",
"url--598db8c1-cc68-411c-ab76-41bb02de0b81",
"indicator--598db8c1-f310-4028-9f76-4e3602de0b81",
"indicator--598db8c1-d750-4c50-8a1b-473702de0b81",
"observed-data--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"estimative-language:likelihood-probability=\"likely\"",
"misp-galaxy:tool=\"ETERNALBLUE\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84e-d5bc-4fc7-a9e7-43d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:name = 'Hotel_Reservation_Form.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-48cc-4420-a5b5-4c7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:hashes.MD5 = '9b10685b774a783eabfecdb6119a8aa3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-f9a4-42a3-b8ed-4ec902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:hashes.MD5 = '1421419d1be31f1f9ea60e8ed87277db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-fbcc-473b-890f-4f3b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"description": "(C2) domains",
"pattern": "[domain-name:value = 'mvband.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-f2bc-4f0b-baf7-4adc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"description": "(C2) domains",
"pattern": "[domain-name:value = 'mvtband.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db870-f50c-441d-85e2-4f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"first_observed": "2017-08-11T14:01:36Z",
"last_observed": "2017-08-11T14:01:36Z",
"number_observed": 1,
"object_refs": [
"url--598db870-f50c-441d-85e2-4f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db870-f50c-441d-85e2-4f2f02de0b81",
"value": "https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--598db880-780c-4b6e-ab6d-447102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from Wi-Fi traffic, poisoning the NetBIOS Name Service, and spreading laterally via the EternalBlue exploit."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-09e8-4253-b562-464802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 1421419d1be31f1f9ea60e8ed87277db",
"pattern": "[file:hashes.SHA256 = '8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-8360-4ac9-85e3-47db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 1421419d1be31f1f9ea60e8ed87277db",
"pattern": "[file:hashes.SHA1 = 'f9fd3f1d8da4ffd6a494228b934549d09e3c59d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db8c1-cc68-411c-ab76-41bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"first_observed": "2017-08-11T14:01:37Z",
"last_observed": "2017-08-11T14:01:37Z",
"number_observed": 1,
"object_refs": [
"url--598db8c1-cc68-411c-ab76-41bb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db8c1-cc68-411c-ab76-41bb02de0b81",
"value": "https://www.virustotal.com/file/8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57/analysis/1500378259/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-f310-4028-9f76-4e3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 9b10685b774a783eabfecdb6119a8aa3",
"pattern": "[file:hashes.SHA256 = 'a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-d750-4c50-8a1b-473702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 9b10685b774a783eabfecdb6119a8aa3",
"pattern": "[file:hashes.SHA1 = 'f293a2bfb728060c54efeeb03c5323893b5c80df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"first_observed": "2017-08-11T14:01:37Z",
"last_observed": "2017-08-11T14:01:37Z",
"number_observed": 1,
"object_refs": [
"url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"value": "https://www.virustotal.com/file/a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797/analysis/1501657253/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink