2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5af150f7-bd58-4f06-9228-89a8950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:22.000Z" ,
"modified" : "2018-05-08T12:28:22.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5af150f7-bd58-4f06-9228-89a8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:22.000Z" ,
"modified" : "2018-05-08T12:28:22.000Z" ,
"name" : "OSINT - APT28 malicious NATO document" ,
"published" : "2018-05-08T12:28:24Z" ,
"object_refs" : [
"observed-data--5af1511a-333c-4fdd-9825-8a40950d210f" ,
"url--5af1511a-333c-4fdd-9825-8a40950d210f" ,
"observed-data--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"file--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"artifact--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"observed-data--5af156c5-dac4-4740-8470-8a10950d210f" ,
"url--5af156c5-dac4-4740-8470-8a10950d210f" ,
"x-misp-attribute--5af156d8-c22c-4488-9446-bc7c950d210f" ,
"indicator--5af16243-724c-44a5-b3eb-89b8950d210f" ,
"indicator--5af16244-2650-4b7a-95b3-89b8950d210f" ,
"indicator--5af16245-58cc-4991-9b0e-89b8950d210f" ,
"indicator--5af16246-2858-4dba-b44f-89b8950d210f" ,
"indicator--5af16247-9004-4e6c-a4dc-89b8950d210f" ,
"indicator--5af16248-7084-4076-a2fe-89b8950d210f" ,
"indicator--5af16af4-09fc-4123-80dc-4e9d950d210f" ,
"indicator--5af16af5-97fc-4555-a7bc-4f62950d210f" ,
"indicator--5af16af5-bd34-482f-a3d7-4cec950d210f" ,
"indicator--5af16af5-fa40-45b4-acb6-472c950d210f" ,
"indicator--5af16af6-2e68-46b9-aed6-4e01950d210f" ,
"indicator--5af15388-01e8-4295-a1a9-869f950d210f" ,
"indicator--5af15557-07bc-460e-a2f5-8a40950d210f" ,
"indicator--5af15f3e-209c-41ad-b60a-865b950d210f" ,
"indicator--5af16169-1004-4119-afde-d122950d210f" ,
"indicator--5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"indicator--7a42f9fb-8627-4774-b30c-6e1c6bd191ab" ,
"x-misp-object--0872ca3b-4554-460d-9ee7-a6c35c63275f" ,
2023-12-14 13:47:04 +00:00
"relationship--d31e5cc5-7474-4304-ada7-ac5ceaf0e3bf" ,
"relationship--6394f901-cb88-41d1-a220-da371081cc8a" ,
"relationship--5ab9e71c-9ff9-48f7-9a23-5762647fadde" ,
"relationship--aa46337d-eab3-4c7e-81a8-f10adf9f4b18" ,
"relationship--db89ac3d-17a1-457e-81ff-a2d0723ba407" ,
"relationship--80368b30-5360-4c32-90db-6881ab0ec9d7" ,
"relationship--bc554d1e-a095-4dbe-a201-80f7a916e4a1" ,
"relationship--5d138064-df0e-498d-bebc-41ec0c168586"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"" ,
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"" ,
"osint:source-type=\"blog-post\"" ,
"circl:incident-classification=\"malware\"" ,
"misp-galaxy:threat-actor=\"Sofacy\"" ,
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af1511a-333c-4fdd-9825-8a40950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:27:50.000Z" ,
"modified" : "2018-05-08T12:27:50.000Z" ,
"first_observed" : "2018-05-08T12:27:50Z" ,
"last_observed" : "2018-05-08T12:27:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5af1511a-333c-4fdd-9825-8a40950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5af1511a-333c-4fdd-9825-8a40950d210f" ,
"value" : "https://threatreconblog.com/2017/02/03/apt28-malicious-document/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:18.000Z" ,
"modified" : "2018-05-08T12:20:18.000Z" ,
"first_observed" : "2018-05-08T12:20:18Z" ,
"last_observed" : "2018-05-08T12:20:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"artifact--5af156a0-9630-4c40-b48a-86a0950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"name" : "screen1.png" ,
"content_ref" : "artifact--5af156a0-9630-4c40-b48a-86a0950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5af156a0-9630-4c40-b48a-86a0950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B A k A A A M H C A I A A A D U y J k o A A A B f G l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A q S S w o y G F h Y G D I z S s p C n J 3 U o i I j F J g v 8 P A z c D D I M R g x S C e m F x c 4 B g Q 4 M O A E 3 y 7 x s A I o i / r g s x K 8 / x 506 a 1 f P 4 W N q + Z c l Y l O r j 1 g Q F 3 S m p x M g M D I w e Q n Z x S n J w L Z O c A 2 T r J B U U l Q P Y M I F u 3 v K Q A x D 4 B Z I s U A R 0 I Z N 8 B s d M h 7 A 8 g d h K Y z c Q C V h M S 5 A x k S w D Z A k k Q t g a I n Q 5 h W 4 D Y y R m J K U C 2 B 8 g u i B v A g N P D R c H c w F L X k Y C 7 S Q a 5 O a U w O 0 C h x Z O a F x o M c g c Q y z B 4 M L g w K D C Y M x g w W D L o M j i W p F a U g B Q 65 x d U F m W m Z 5 Q o O A J D N l X B O T + 3 o L Q k t U h H w T M v W U 9 H w c j A 0 A C k D h R n E K M / B 4 F N Z x Q 7 j x D L X 8 j A Y K n M w M D c g x B L m s b A s H 0 P A 4 P E K Y S Y y j w G B n 5 r B o Z t 5 w o S i x L h D m f 8 x k K I X 5 x m b A R h 8 z g x M L D e + ///sxoDA/skBoa/E////73o//+/i4H2A+PsQA4AJHdp4IxrEg8AAAGeaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA1LjQuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIj4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjEwMzM8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+Nzc1PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CnnoY4AAB2CESURBVHja7N13tCRneS76usv2ufcs+5IXHGyDbRzAJvmAAWOTjRBgMDmDyRkBigjJBCHARgIJIZQ1ykgwSqM4I43SKEckgcLkmT1hzw4dK3z5fZ/7x1fdu/fWyL73rONrCT2/VSxGvburq6urq97n+76qKs4857xbbr9n6/bZdZu2rdu4be3GqbUbt27Ysm3j1m0bt05NThu2bB1PG7dObZraxokTJ06cOHHixIkTp0fItKR6f8i07YH1mx9Yv2XT1ukH129du3Fq89SuDVt2rNu4bd3GbRu27Lj8imuLc5av2LhlJwABERERERH9xvICl5Arfx09qIACCbjtzl8Vp5x+9v3rNgfBsInGwwTULkUgceLEiRMnTpw4ceLE6TdoarzUThLgBUGQAJ8QFAIEweprbixOXHbG2g1bMfpDUARBxH8wcc1y4sSJEydOnDhx4vSImv7DAt4n+IQEuAgX4RNqm1yEAgJcfd1NxQknn7Z+49bcszA55TcY/1sWv7Fw4sSJEydOnDhx4sTpETYtqdsnHxQgKST3EiSEiBBhvYTYDiu67vpbihNOOnX9xs2T2UAnpkn6kGFJnDhx4sSJEydOnDhxekRNeEgx/9CqHoAqUj73QCAKAGuuv6U44aRTJrKBClShunQORERERET0G0EBQAWSAIUItM0GNxcnnHjK+o2bsBAMcj8DswERERER0W9iMPh3ssHxJy4bZQOMsgH7DYiIiIiIfnPjAbMBERERERH9f8gG0p6NwGxARERERPSYyga3FMefcPI4G2jOBpqYDYiIiIiIHlvZ4IZbiuOOf0g2ALMBERERERGzAbMBEREREdFjMxsce/xJHFNERERERPQYzwbX33BLcdwJJ6/fMD4XWQSJ5yITERERET0Ws8FJy05bt2FjzgZRYtSoi26xTEREREREj41scPKy09etn8gGwmxARERERPQYzQanMRsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEb/EfZQJkNiIiIiIiYDdhvQERERETEbLCQDVKUpAwGRERERESP0WywYZwNJIowGRARERERPTazwakT/QYaRZkNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDZgNiIiIiIiYDXafDU5adsq6DeNsgCTQ9vlERERERPRYygYnnrxs3YZNORskRVJmAyIiIiKix2g2OIXZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiI2YDZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiIjZgIiIiIiImA2IiIiIiOi/MBssW7dhY5sNhNmAiIiIiOixmg1OXnbqxk1bcjYQQBSizAZERERERI+9bLDslNM2bZnK2UBH8YDZgIiIiIjoMZcNTmY2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiJiNmA2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiImI2ICIiIiIiZgMiIiIiIvovygbLmA2IiIiIiJgN2G9ARERERMRsMMoGy07duHnrQjZQJFFmAyIiIiKix1w2OGnZqRs3b1maDRgOiIiIiIiYDdhvQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBsQERERETEbMBs8F/yBejoa4AqRJHaVT7xp9FzFUhon5Aw+jYUqkgKaWcokzNMigik8UPtDPUhkyxZGEj7mIzeVB9+2QXjxX6YpzzcH5YsgkAFsvBZJpZD8ZBFWfL6h10MIiIiImI2eFQEAwESUoJTF+AEFvBAhAIREhATGo/SekEUNMF3fT2HVAMChQvJq09wAp+soAECkPKMJcEm1ALbPvQw9XhbcVtVE/P3HQEPeGhEUBjAKOJCma9taBBAIIAHHOBzaT4RCASaoLIQWFTz/xLayDJ+/wgEwCN6uIjQvkF+NAIJCfCABRqkMpokkp8gFgh5hXrRWtQgRwsiIiIiYjZ4NK39UfkbI4zUDlXAMKFUtRAgIFqEiNKgV9kAG7XvzM6mvwWuC00QGJuMNgFVgol1wgBwQIQIPILHMKCbUAJhUeeALE4FOQoMVYceCSK5BEcD8bCKUlEqnIyzgQA6ru8TYIAaMEBQiOYEALTdAKq6uDF/suaPC6kgv6kzaDysQto04NpPFIAGqIA+4qwbhJhyKpEKsHnuTdJ+0nK3vRxERERExGzwyCYQD0QASHABQysdEzouVClCEyRCEkSRFDZUCX2gK2FGfAfR5UI/wDr0E5q2fDZAgA+oY91g3mNOMFjIBkumcYu9BWqgARKCT3WKFVAhORjBABj+O9lA26I99y2MA8dkd4FAE6BLugviRI+DByy0hq1Ru8lsYDVnAw9
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af156c5-dac4-4740-8470-8a10950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:27:51.000Z" ,
"modified" : "2018-05-08T12:27:51.000Z" ,
"first_observed" : "2018-05-08T12:27:51Z" ,
"last_observed" : "2018-05-08T12:27:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5af156c5-dac4-4740-8470-8a10950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5af156c5-dac4-4740-8470-8a10950d210f" ,
"value" : "http://malware.prevenity.com/2017/01/ataki-na-instytucje-rzadowe-grudzien.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5af156d8-c22c-4488-9446-bc7c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:17.000Z" ,
"modified" : "2018-05-08T12:20:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "In our quest to track criminals and expose their misconduct, we regularly monitor the threat actor that goes by the name APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit. Granted some of these names are toolsets used by the criminals a name for a group. If tomorrow, they\u00e2\u20ac\u2122d come to use different toolsets these names would have no real meaning. I\u00e2\u20ac\u2122d prefer to use the term APT28 because it is easier than making up ours, and there are enough already. Sofacy/Sednit are the toolsets used by APT28 among others such as XAgent."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16243-724c-44a5-b3eb-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:21.000Z" ,
"modified" : "2018-05-08T12:20:21.000Z" ,
"pattern" : "[domain-name:value = 'ulli_neu80.mail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16244-2650-4b7a-95b3-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:20.000Z" ,
"modified" : "2018-05-08T12:20:20.000Z" ,
"pattern" : "[email-message:from_ref.value = 'ulli_neu80@mail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16245-58cc-4991-9b0e-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:20.000Z" ,
"modified" : "2018-05-08T12:20:20.000Z" ,
"pattern" : "[domain-name:value = 'wee7_nim.centrum.cz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16246-2858-4dba-b44f-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:19.000Z" ,
"modified" : "2018-05-08T12:20:19.000Z" ,
"pattern" : "[email-message:from_ref.value = 'wee7_nim@centrum.cz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16247-9004-4e6c-a4dc-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:19.000Z" ,
"modified" : "2018-05-08T12:20:19.000Z" ,
"pattern" : "[domain-name:value = 'info.bacloud.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16248-7084-4076-a2fe-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:19.000Z" ,
"modified" : "2018-05-08T12:20:19.000Z" ,
"pattern" : "[email-message:from_ref.value = 'olavi_nieminen@suomi24.fi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16af4-09fc-4123-80dc-4e9d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:22.000Z" ,
"modified" : "2018-05-08T12:20:22.000Z" ,
"pattern" : "[domain-name:value = 'lxwo.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16af5-97fc-4555-a7bc-4f62950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:22.000Z" ,
"modified" : "2018-05-08T12:20:22.000Z" ,
"pattern" : "[domain-name:value = 'mail.lxwo.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16af5-bd34-482f-a3d7-4cec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:21.000Z" ,
"modified" : "2018-05-08T12:20:21.000Z" ,
"pattern" : "[email-message:from_ref.value = 'ter_bafian@centrum.cz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16af5-fa40-45b4-acb6-472c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:22.000Z" ,
"modified" : "2018-05-08T12:20:22.000Z" ,
"pattern" : "[domain-name:value = 'rolstug.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16af6-2e68-46b9-aed6-4e01950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:23.000Z" ,
"modified" : "2018-05-08T12:20:23.000Z" ,
"pattern" : "[email-message:from_ref.value = 'nemolin1@gmx.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af15388-01e8-4295-a1a9-869f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T07:55:18.000Z" ,
"modified" : "2018-05-08T07:55:18.000Z" ,
"pattern" : "[file:hashes.MD5 = '9fe3a0fb3304d749aeed2c3e2e5787eb' AND file:name = 'NATO Secretary meeting.doc' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T07:55:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af15557-07bc-460e-a2f5-8a40950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T08:54:37.000Z" ,
"modified" : "2018-05-08T08:54:37.000Z" ,
"pattern" : "[domain-name:value = 'miropc.org' AND domain-name:resolves_to_refs[*].value = '86.106.131.43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T08:54:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af15f3e-209c-41ad-b60a-865b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T08:26:38.000Z" ,
"modified" : "2018-05-08T08:26:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '58d7585cc7decec9cf046aa0d8ffcc4d' AND file:name = 'prtray.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T08:26:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af16169-1004-4119-afde-d122950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T08:55:05.000Z" ,
"modified" : "2018-05-08T08:55:05.000Z" ,
"pattern" : "[domain-name:value = 'gtranm.com' AND domain-name:resolves_to_refs[*].value = '89.42.212.141']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T08:55:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T09:10:53.000Z" ,
"modified" : "2018-05-08T09:10:53.000Z" ,
"pattern" : "[domain-name:value = 'zpfgr.com' AND domain-name:resolves_to_refs[*].value = '94.177.12.74' AND domain-name:resolves_to_refs[*].value = '91.216.163.80' AND domain-name:resolves_to_refs[*].value = '185.86.149.54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T09:10:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7a42f9fb-8627-4774-b30c-6e1c6bd191ab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:26.000Z" ,
"modified" : "2018-05-08T12:20:26.000Z" ,
"pattern" : "[file:hashes.MD5 = '9fe3a0fb3304d749aeed2c3e2e5787eb' AND file:hashes.SHA1 = '9001f4cfe62367a282efc08b072a13a5e2e403db' AND file:hashes.SHA256 = 'ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0872ca3b-4554-460d-9ee7-a6c35c63275f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:25.000Z" ,
"modified" : "2018-05-08T12:20:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-01T10:40:02" ,
"category" : "Other" ,
"uuid" : "5af19609-132c-4341-8984-4f3002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/58" ,
"category" : "Other" ,
"uuid" : "5af19609-8000-4f84-b71c-426f02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763/analysis/1519900802/" ,
"category" : "External analysis" ,
"uuid" : "5af19609-de80-4ba9-936c-425902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--d31e5cc5-7474-4304-ada7-ac5ceaf0e3bf" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T07:45:20.000Z" ,
"modified" : "2018-05-08T07:45:20.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af15388-01e8-4295-a1a9-869f950d210f" ,
"target_ref" : "indicator--5af15557-07bc-460e-a2f5-8a40950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--6394f901-cb88-41d1-a220-da371081cc8a" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:54:24.000Z" ,
"modified" : "2018-05-08T08:54:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af15557-07bc-460e-a2f5-8a40950d210f" ,
"target_ref" : "indicator--5af16243-724c-44a5-b3eb-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--5ab9e71c-9ff9-48f7-9a23-5762647fadde" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:54:33.000Z" ,
"modified" : "2018-05-08T08:54:33.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af15557-07bc-460e-a2f5-8a40950d210f" ,
"target_ref" : "indicator--5af16244-2650-4b7a-95b3-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--aa46337d-eab3-4c7e-81a8-f10adf9f4b18" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:54:50.000Z" ,
"modified" : "2018-05-08T08:54:50.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af16169-1004-4119-afde-d122950d210f" ,
"target_ref" : "indicator--5af16246-2858-4dba-b44f-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--db89ac3d-17a1-457e-81ff-a2d0723ba407" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:55:02.000Z" ,
"modified" : "2018-05-08T08:55:02.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af16169-1004-4119-afde-d122950d210f" ,
"target_ref" : "indicator--5af16245-58cc-4991-9b0e-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--80368b30-5360-4c32-90db-6881ab0ec9d7" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:51:24.000Z" ,
"modified" : "2018-05-08T08:51:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"target_ref" : "indicator--5af16248-7084-4076-a2fe-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--bc554d1e-a095-4dbe-a201-80f7a916e4a1" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T08:51:34.000Z" ,
"modified" : "2018-05-08T08:51:34.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af1617f-d9b8-4ccf-b74a-c50b950d210f" ,
"target_ref" : "indicator--5af16247-9004-4e6c-a4dc-89b8950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--5d138064-df0e-498d-bebc-41ec0c168586" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:26.000Z" ,
"modified" : "2018-05-08T12:20:26.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7a42f9fb-8627-4774-b30c-6e1c6bd191ab" ,
"target_ref" : "x-misp-object--0872ca3b-4554-460d-9ee7-a6c35c63275f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
