adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a3bd35f-7140-48d0-8b88-4555950d210f.json

466 lines
20 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a3bd35f-7140-48d0-8b88-4555950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:55:42.000Z",
"modified": "2018-10-26T13:55:42.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a3bd35f-7140-48d0-8b88-4555950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:55:42.000Z",
"modified": "2018-10-26T13:55:42.000Z",
"name": "OSINT - Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns",
"published": "2018-10-28T08:58:19Z",
"object_refs": [
"observed-data--5a3bd36b-b630-478e-a75e-4746950d210f",
"url--5a3bd36b-b630-478e-a75e-4746950d210f",
"x-misp-attribute--5bd31462-8b84-4a33-9161-482d950d210f",
"indicator--5bd315c6-b0c4-4f4f-988d-4ada950d210f",
"indicator--5bd315c7-3898-4af5-b731-495a950d210f",
"indicator--5bd315c7-5868-414f-9f7b-424c950d210f",
"indicator--5bd315c8-6c8c-4a3b-8a41-44f7950d210f",
"indicator--5bd31728-42ac-43a6-97e3-467b950d210f",
"indicator--5bd3175a-c93c-443e-b60a-4ba7950d210f",
"indicator--5bd31784-2454-4dbf-8f89-453f950d210f",
"indicator--5bd31799-3030-4f6a-a36c-4818950d210f",
"indicator--5bd317b3-b98c-4655-9b12-4137950d210f",
"indicator--5bd31883-a8e4-4dc7-863f-4f86950d210f",
"indicator--5bd318b4-844c-4ddb-b452-40b1950d210f",
"indicator--5bd31bee-8f4c-4393-8f1b-4e60950d210f",
"indicator--5bd31c00-3d08-4882-8269-433b950d210f",
"indicator--5bd31c16-5978-48e0-a441-4722950d210f",
"indicator--5bd31c31-bba0-47bc-b92b-4b39950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Locky\"",
"misp-galaxy:ransomware=\"Fake Globe Ransomware\"",
"workflow:state=\"complete\"",
"malware_classification:malware-category=\"Ransomware\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bd36b-b630-478e-a75e-4746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:55:31.000Z",
"modified": "2018-10-26T13:55:31.000Z",
"first_observed": "2018-10-26T13:55:31Z",
"last_observed": "2018-10-26T13:55:31Z",
"number_observed": 1,
"object_refs": [
"url--5a3bd36b-b630-478e-a75e-4746950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a3bd36b-b630-478e-a75e-4746950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-pushed-alongside-fakeglobe-upgraded-spam-campaigns/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bd31462-8b84-4a33-9161-482d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:55:42.000Z",
"modified": "2018-10-26T13:55:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "n the beginning of September, a sizeable spam campaign was detected distributing the latest Locky variant. Locky is a notorious ransomware that was first detected in the early months of 2016 and has continued to evolve and spread through different methods, particularly spam mail. A thorough look at samples from recent campaigns shows that cybercriminals are using sophisticated distribution methods, affecting users in more than 70 countries."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd315c6-b0c4-4f4f-988d-4ada950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:25:26.000Z",
"modified": "2018-10-26T13:25:26.000Z",
"pattern": "[url:value = 'http://qolseaboomdog.top/support.php?f=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:25:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd315c7-3898-4af5-b731-495a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:25:27.000Z",
"modified": "2018-10-26T13:25:27.000Z",
"pattern": "[url:value = 'http://newhostrcm.top/admin.php?f=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd315c7-5868-414f-9f7b-424c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:25:27.000Z",
"modified": "2018-10-26T13:25:27.000Z",
"pattern": "[url:value = 'http://qolseaboomdog.top/support.php?f=2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:25:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd315c8-6c8c-4a3b-8a41-44f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:25:28.000Z",
"modified": "2018-10-26T13:25:28.000Z",
"pattern": "[url:value = 'http://newhostrcm.top/admin.php?f=2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31728-42ac-43a6-97e3-467b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:31:20.000Z",
"modified": "2018-10-26T13:31:20.000Z",
"description": "VBScript files (downloaders) detected as VBS_NEMUCOD.ELDSAUO",
"pattern": "[file:hashes.SHA256 = '39256f126bba17770310c2115586b9f22b858cf15c43ab36bd7cfb18ad63a0c2' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:31:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd3175a-c93c-443e-b60a-4ba7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:32:10.000Z",
"modified": "2018-10-26T13:32:10.000Z",
"description": "VBScript files (downloaders) detected as VBS_NEMUCOD.ELDSAUO",
"pattern": "[file:hashes.SHA256 = 'a299f3de0c9277c0ce7dd3f7dc9aee57a7abe78b155919b1ecced1896c69653b' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31784-2454-4dbf-8f89-453f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:32:52.000Z",
"modified": "2018-10-26T13:32:52.000Z",
"description": "VBScript files (downloaders) detected as VBS_NEMUCOD.ELDSAUO",
"pattern": "[file:hashes.SHA256 = '4d4a0e1d7218180452e22e6b52a7f9a0db1e0c0aa51a48f9a79c600b51030050' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:32:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31799-3030-4f6a-a36c-4818950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:33:13.000Z",
"modified": "2018-10-26T13:33:13.000Z",
"description": "VBScript files (downloaders) detected as VBS_NEMUCOD.ELDSAUO",
"pattern": "[file:hashes.SHA256 = '0f6ae637a9d15503a0af42be649388f01f8637ca16b15526e318a94b7f34bf6e' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd317b3-b98c-4655-9b12-4137950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:33:39.000Z",
"modified": "2018-10-26T13:33:39.000Z",
"description": "LOCKY from VBS detected as RANSOM_FAKEGLOBE.ASUUB",
"pattern": "[file:hashes.SHA256 = 'bb1df4a93fc27c54c78f84323e0ea7bb2b54469893150e3ea991826c81b56f47' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:33:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31883-a8e4-4dc7-863f-4f86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:37:07.000Z",
"modified": "2018-10-26T13:37:07.000Z",
"description": "FAKEGLOBE from VBS detected as RANSOM_LOCKY.TH905",
"pattern": "[file:hashes.SHA256 = 'e75e5d374f20c386b1114252647cca7bd407190cafb26c6cfbd42c5f9223fe6c' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd318b4-844c-4ddb-b452-40b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:37:56.000Z",
"modified": "2018-10-26T13:37:56.000Z",
"description": "FAKEGLOBE from DOC detected as RANSOM_FAKEGLOBE.ASUUG",
"pattern": "[file:hashes.SHA256 = '12e75bdbc3f0b489a89104c646aee10a71277c22b6abbc6e346d1ba6f17edf6d' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31bee-8f4c-4393-8f1b-4e60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:51:42.000Z",
"modified": "2018-10-26T13:51:42.000Z",
"description": "DOC files (downloaders) detected as W2KM_POWLOAD.AUSJST",
"pattern": "[file:hashes.SHA256 = '067eb2754a823953a6efa1dfe9353eeabf699f171d21ffbff8e2303f7f678139' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:51:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31c00-3d08-4882-8269-433b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:52:00.000Z",
"modified": "2018-10-26T13:52:00.000Z",
"description": "DOC files (downloaders) detected as W2KM_POWLOAD.AUSJST",
"pattern": "[file:hashes.SHA256 = '6bdf46209fda582d7af5b74770b0eccf6abd3dbeabce3bdfb88db2f252ee778a' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:52:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31c16-5978-48e0-a441-4722950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:52:22.000Z",
"modified": "2018-10-26T13:52:22.000Z",
"description": "DOC files (downloaders) detected as W2KM_POWLOAD.AUSJSP",
"pattern": "[file:hashes.SHA256 = 'efb154bccff1e9a0f090a6afd7a08bf2c1fffea745b575a0bf31f22998688973' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:52:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bd31c31-bba0-47bc-b92b-4b39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T13:52:49.000Z",
"modified": "2018-10-26T13:52:49.000Z",
"description": "LOCKY from DOC detected as RANSOM_LOCKY.TH908",
"pattern": "[file:hashes.SHA256 = '3cb4484976676ac043fae870addaa57e858c1286cdb17d01ef8c973c5ec5b015' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T13:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink