misp-circl-feed/feeds/circl/misp/5afabbf7-4bd8-4c5a-954f-407d950d210f.json

315 lines
162 KiB
JSON
Raw Normal View History

2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5afabbf7-4bd8-4c5a-954f-407d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T15:47:36.000Z",
"modified": "2018-05-15T15:47:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5afabbf7-4bd8-4c5a-954f-407d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T15:47:36.000Z",
"modified": "2018-05-15T15:47:36.000Z",
"name": "OSINT - StalinLocker Deletes Your Files Unless You Enter the Right Code",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5afad4b7-3ef8-4b63-be67-4153950d210f",
"file--5afad4b7-3ef8-4b63-be67-4153950d210f",
"artifact--5afad4b7-3ef8-4b63-be67-4153950d210f",
"observed-data--5afad493-03dc-48e6-9e37-4d18950d210f",
"windows-registry-key--5afad493-03dc-48e6-9e37-4d18950d210f",
"indicator--5afad492-9004-468d-b450-4228950d210f",
"indicator--5afad187-83b4-4977-91c3-195a950d210f",
"indicator--5afad187-3b74-443e-b568-195a950d210f",
"indicator--5afad185-171c-4f6d-a38e-195a950d210f",
"indicator--5afad186-a304-4a88-81b7-195a950d210f",
"x-misp-attribute--5afabdcb-1944-4916-942d-407d950d210f",
"observed-data--5afabdb1-8418-4aea-af8b-6af7950d210f",
"url--5afabdb1-8418-4aea-af8b-6af7950d210f",
"x-misp-object--116343d3-a28c-45b6-92ad-33038ffb3af0",
"x-misp-object--666e3305-6776-40de-8d19-84a8d18ed470",
"relationship--256e17cb-6115-4074-bf46-b51fb7ab992b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"workflow:todo=\"create-missing-misp-galaxy-cluster\"",
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
"workflow:todo=\"add-tagging\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5afad4b7-3ef8-4b63-be67-4153950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:38:15.000Z",
"modified": "2018-05-15T12:38:15.000Z",
"first_observed": "2018-05-15T12:38:15Z",
"last_observed": "2018-05-15T12:38:15Z",
"number_observed": 1,
"object_refs": [
"file--5afad4b7-3ef8-4b63-be67-4153950d210f",
"artifact--5afad4b7-3ef8-4b63-be67-4153950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5afad4b7-3ef8-4b63-be67-4153950d210f",
"name": "stalinlocker.jpg",
"content_ref": "artifact--5afad4b7-3ef8-4b63-be67-4153950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5afad4b7-3ef8-4b63-be67-4153950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/4gl0SUNDX1BST0ZJTEUAAQEAAAlkAAAAAAIAAABtbnRyUkdCIFhZWiAH1AAMABcACQABAAlhY3NwTVNGVAAAAABTRUMgRlBEIAAAAAAAAAAAAAAAAQAA9tUAAQAAAADTLFNFQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1jcHJ0AAABIAAAADhkZXNjAAABWAAAAIBkbW5kAAAB2AAAAHpkbWRkAAACVAAAAGJyWFlaAAACuAAAABRnWFlaAAACzAAAABRiWFlaAAAC4AAAABR3dHB0AAAC9AAAABRyVFJDAAADCAAAAgxnVFJDAAAFFAAAAgxiVFJDAAAHIAAAAgxjYWx0AAAJLAAAABR2aWV3AAAJQAAAACR0ZXh0AAAAAENvcHlyaWdodCAoYykgMjAwMyBTYW1zdW5nIEVsZWN0cm9uaWNzIENvLiwgTHRkAGRlc2MAAAAAAAAAJFNhbXN1bmcgLSBOYXR1cmFsIENvbG9yIFBybyAxLjAgSUNNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAdU2Ftc3VuZyBFbGVjdHJvbmljcyBDby4sIEx0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAABSAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAfDQAAEMMAAAB01hZWiAAAAAAAABVQQAApCYAABhWWFlaIAAAAAAAACVgAAAY0QAAuQNYWVogAAAAAAAA8z4AAQAAAAEWcGN1cnYAAAAAAAABAAAAAAAAAQADAAcACwARABgAIAApADQAQQBOAF0AbgCAAJQAqQDAANgA8gENASoBSQFpAYsBrwHUAfsCJAJPAnsCqQLZAwoDPQNyA6kD4gQcBFkElwTXBRkFXQWiBeoGMwZ+BssHGgdrB74IEwhqCMMJHQl6CdkKOQqcCwELZwvQDDoMpw0WDYYN+Q5uDuUPXg/ZEFYQ1RFWEdkSXhLmE28T+xSJFRkVqhY/FtUXbRgIGKQZQxnkGocbLBvUHH4dKR3XHocfOh/uIKUhXiIZItcjliRYJRwl4yarJ3YoQykSKeQqtyuOLGYtQC4dLvwv3jDBMacykDN6NGc1VjZINzw4MjkqOiU7IjwhPSM+Jz8uQDZBQUJPQ19EcUWFRpxHtUjRSe9LD0wyTVdOf0+pUNVSBFM1VGhVnlbXWBFZTlqOW9BdFF5bX6Rg8GI+Y49k4mY3Z49o6WpGa6VtB25rb9JxO3KndBV1hXb4eG555ntgfN1+XX/fgWOC6oRzhf+HjokfirKMSI3hj3yRGZK5lFyWAZepmVObAJyvnmGgFaHMo4alQqcBqMKqhaxMrhWv4LGus3+1UrcouQC627y4vpjAe8JgxEjGMsggyg/MAc32z+7R6NPl1eTX5tnq2/Hd++AI4hfkKOY96FTqbeyJ7qjwyvLu9RX3Pvlq+5n9yv//Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAQCwsLDAsQDAwQFw8NDxcbFBAQFBsfFxcXFxcfHhcaGhoaFx4eIyUnJSMeLy8zMy8vQEBAQEBAQEBAQEBAQEBA/9sAQwERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUwMDU1QEA/QEBAQEBAQEBAQEBA/8IAEQgDagY/AwEiAAIRAQMRAf/EABoAAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb/xAAZAQEBAQEBAQAAAAAAAAAAAAAAAQIDBAX/2gAMAwEAAhADEAAAAfQpVx7jHYA6GmgDQTKGmCYMUoc8RnsYmD0VmlOrE7QCAYiTSpVLKTVxKavNJiIaZGmulTU7aNU3KpSgFJNSkXDMgryJZcJUrlMoTBUMJKJJKZJSJTKAamkXOjYOg2SsGqoaIaAASaWU1ZKed5WpTGzx3z3kCdD3fC93Xl4ut6Xj5fF1cufV6WuXZfPxb6Qnj+543tzd+L6nDc5et5Pqr5/fwd9nOmRTW9nj7XGfR63n+jnry14fs+M7rr4+2dfT4O3xdeb2vGrLPb1MtcLy5va8P3LfM9Ly/TZ8vt5O+a38r0OZz8v3fD9118f1J3cvK9PzPTXyeb2eab8wadvXmovm0vO0w3w9E8CPf8udNtse28/Dj1PMnb2eLu85y7efnlv0sN+Vjr5ujA68N5Z8yOvino+g4O3z3L1OLr4JPUw2wc8MWY9Pq+N7fDrz9Xi+74m7p6nDvZHh/Q/Pzq89M7n6Gk85GFjARiYNNACmAgEK+Z4Z6nO8J6XKHRAXTE0
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5afad493-03dc-48e6-9e37-4d18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:37:39.000Z",
"modified": "2018-05-15T12:37:39.000Z",
"first_observed": "2018-05-15T12:37:39Z",
"last_observed": "2018-05-15T12:37:39Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5afad493-03dc-48e6-9e37-4d18950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5afad493-03dc-48e6-9e37-4d18950d210f",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Stalin"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5afad492-9004-468d-b450-4228950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:37:38.000Z",
"modified": "2018-05-15T12:37:38.000Z",
"pattern": "[file:hashes.SHA256 = '853177d9a42fab0d8d62a190894de5c27ec203240df0d9e70154a675823adf04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-15T12:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5afad187-83b4-4977-91c3-195a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:24:39.000Z",
"modified": "2018-05-15T12:24:39.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\fl.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-15T12:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5afad187-3b74-443e-b568-195a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:24:39.000Z",
"modified": "2018-05-15T12:24:39.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\stalin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-15T12:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5afad185-171c-4f6d-a38e-195a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:24:37.000Z",
"modified": "2018-05-15T12:24:37.000Z",
"pattern": "[file:name = 'USSR_Anthem.mp3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-15T12:24:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5afad186-a304-4a88-81b7-195a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T12:24:38.000Z",
"modified": "2018-05-15T12:24:38.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\USSR_Anthem.mp3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-15T12:24:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5afabdcb-1944-4916-942d-407d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T11:01:13.000Z",
"modified": "2018-05-15T11:01:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "A new in-development screenlocker/wiper called StalinLocker, or StalinScreamer, was discovered by MalwareHunterTeam that gives you 10 minutes to enter a code or it will try to delete the contents of the drives on the computer. While running, it will display screen that shows Stalin while playing the USSR anthem and displaying a countdown until files are deleted."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5afabdb1-8418-4aea-af8b-6af7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T11:01:04.000Z",
"modified": "2018-05-15T11:01:04.000Z",
"first_observed": "2018-05-15T11:01:04Z",
"last_observed": "2018-05-15T11:01:04Z",
"number_observed": 1,
"object_refs": [
"url--5afabdb1-8418-4aea-af8b-6af7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5afabdb1-8418-4aea-af8b-6af7950d210f",
"value": "https://www.bleepingcomputer.com/news/security/stalinlocker-deletes-your-files-unless-you-enter-the-right-code/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--116343d3-a28c-45b6-92ad-33038ffb3af0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T15:47:18.000Z",
"modified": "2018-05-15T15:47:18.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--666e3305-6776-40de-8d19-84a8d18ed470",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-15T15:47:17.000Z",
"modified": "2018-05-15T15:47:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--256e17cb-6115-4074-bf46-b51fb7ab992b",
"created": "2018-05-15T15:47:18.000Z",
"modified": "2018-05-15T15:47:18.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--116343d3-a28c-45b6-92ad-33038ffb3af0",
"target_ref": "x-misp-object--666e3305-6776-40de-8d19-84a8d18ed470"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}