adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59a3d08d-5dc8-4153-bc7c-456d950d210f.json

218 lines
9.2 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--59a3d08d-5dc8-4153-bc7c-456d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:36.000Z",
"modified": "2017-08-28T14:24:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59a3d08d-5dc8-4153-bc7c-456d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:36.000Z",
"modified": "2017-08-28T14:24:36.000Z",
"name": "OSINT - New Arena Crysis Ransomware Variant Released",
"published": "2017-08-28T14:25:29Z",
"object_refs": [
"observed-data--59a3d0bb-a884-438b-b79f-4005950d210f",
"url--59a3d0bb-a884-438b-b79f-4005950d210f",
"x-misp-attribute--59a3d0cd-96f4-4f05-9ec5-40a7950d210f",
"indicator--59a3d176-7af0-4784-a3aa-47b3950d210f",
"indicator--59a3d190-0bb8-4bcd-b0d4-45df950d210f",
"indicator--59a427a0-9500-426e-a8d8-dfd702de0b81",
"indicator--59a427a0-f6f8-4178-9e7d-dfd702de0b81",
"observed-data--59a427a0-16f0-4270-a9a7-dfd702de0b81",
"url--59a427a0-16f0-4270-a9a7-dfd702de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Dharma Ransomware\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a3d0bb-a884-438b-b79f-4005950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"first_observed": "2017-08-28T14:24:32Z",
"last_observed": "2017-08-28T14:24:32Z",
"number_observed": 1,
"object_refs": [
"url--59a3d0bb-a884-438b-b79f-4005950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a3d0bb-a884-438b-b79f-4005950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-arena-crysis-ransomware-variant-released/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59a3d0cd-96f4-4f05-9ec5-40a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Yesterday, ID-Ransomware's Michael Gillespie discovered a new variant of the Crysis/Dharma ransomware that is appending the .arena extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Crysis was typically spread by hacking into Remote Desktop Services and manually installing the ransomware."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a3d176-7af0-4784-a3aa-47b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"pattern": "[file:hashes.SHA256 = 'a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-28T14:24:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a3d190-0bb8-4bcd-b0d4-45df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"description": "Email to contact in ransom note",
"pattern": "[email-message:from_ref.value = 'chivas@aolonline.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-28T14:24:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a427a0-9500-426e-a8d8-dfd702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"description": "- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e",
"pattern": "[file:hashes.SHA1 = '60cbe0e3a70ef3d56810bd9178ce232529c09c5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-28T14:24:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a427a0-f6f8-4178-9e7d-dfd702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"description": "- Xchecked via VT: a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e",
"pattern": "[file:hashes.MD5 = 'f2679bdabe46e10edc6352fff3c829bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-28T14:24:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a427a0-16f0-4270-a9a7-dfd702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-28T14:24:32.000Z",
"modified": "2017-08-28T14:24:32.000Z",
"first_observed": "2017-08-28T14:24:32Z",
"last_observed": "2017-08-28T14:24:32Z",
"number_observed": 1,
"object_refs": [
"url--59a427a0-16f0-4270-a9a7-dfd702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a427a0-16f0-4270-a9a7-dfd702de0b81",
"value": "https://www.virustotal.com/file/a683494fc0d017fd3b4638f8b84caaaac145cc28bc211bd7361723368b4bb21e/analysis/1503922016/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink