adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5ce24b65-40d0-4010-b7ec-2c28950d210f.json

236 lines
11 KiB
JSON
Raw Normal View History

chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5ce24b65-40d0-4010-b7ec-2c28950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T07:10:46.000Z",
"modified": "2019-05-20T07:10:46.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5ce24b65-40d0-4010-b7ec-2c28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T07:10:46.000Z",
"modified": "2019-05-20T07:10:46.000Z",
"name": "OSINT - ATM Malware using CSCWCNG device handler",
"context": "suspicious-activity",
"object_refs": [
"x-misp-object--5ce24bd7-65d8-4ee8-a647-4a77950d210f",
"x-misp-object--5ce24d6e-33cc-4003-a107-23aa950d210f",
"indicator--5ce24f13-93d0-498d-9257-6a67950d210f",
"indicator--5ce24f57-d3e4-49a1-94ac-6c8f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:financial-fraud=\"ATM Black Box Attack\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"workflow:todo=\"expansion\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ce24bd7-65d8-4ee8-a647-4a77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T06:40:23.000Z",
"modified": "2019-05-20T06:40:23.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Another shitty #ATM #Malware using CSCWCNG device handler. Uploaded to VT yesterday from Mexico. 0 detected rate by AV vendors currently. (link: https://www.virustotal.com/gui/file/4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f/summary) virustotal.com/gui/file/4a75b\u2026",
"category": "Other",
"uuid": "5ce24bd7-9f24-48d2-b699-4e4f950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5ce24bd7-b958-42cc-98e8-4e90950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/r3c0nst/status/1129641730813366274",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24bd7-f854-404d-8cbf-45b5950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://t.co/ZSAQ5vmLko?amp=1",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24bd7-d450-4e07-86af-44d2950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.virustotal.com/gui/file/4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f/summary",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24bd7-5f0c-4b9f-b88a-4be6950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "May 18, 2019 8:55 AM",
"category": "Other",
"uuid": "5ce24bd7-768c-4257-9aac-4173950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "r3c0nst",
"category": "Other",
"uuid": "5ce24bd7-c840-4e40-ae93-46d7950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ce24d6e-33cc-4003-a107-23aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T06:47:10.000Z",
"modified": "2019-05-20T06:47:10.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Another Sample, same origin -> (link: https://www.virustotal.com/gui/file/7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6/summary) virustotal.com/gui/file/7dde7\u2026",
"category": "Other",
"uuid": "5ce24d6e-e85c-43bf-adbe-23aa950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5ce24d6e-d528-408f-b777-23aa950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/r3c0nst/status/1129651569006383104",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24d6e-3fb8-4347-8ef8-23aa950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://t.co/DCidfeiD8X?amp=1",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24d6e-67fc-49ee-8428-23aa950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.virustotal.com/gui/file/7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6/summary",
"category": "Network activity",
"to_ids": true,
"uuid": "5ce24d6e-7b68-4a59-ac22-23aa950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "May 18, 2019 9:34 AM",
"category": "Other",
"uuid": "5ce24d6e-5c54-4370-90ca-23aa950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "r3c0nst",
"category": "Other",
"uuid": "5ce24d6e-83d0-45d2-b22d-23aa950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ce24f13-93d0-498d-9257-6a67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T06:59:01.000Z",
"modified": "2019-05-20T06:59:01.000Z",
"pattern": "[file:hashes.MD5 = 'c76d7cd7beac5573158b22a37fde1b5f' AND file:hashes.SHA1 = '93b54b23a28101a1d874f55d0cadb570c34abed1' AND file:hashes.SHA256 = '4a75be18a3fe0033a9ebdb8f4af81c94e03581d19b5b4373e74e41283fd2615f' AND file:hashes.SSDEEP = '384:ibfcYkg5ypJg5yHSYkg5yk9JYkg5yoWbfcYkg5yH9yckg5yo6Sd/gm0uAJ0KA1+m:ehgH+oqgkAJ0KAMt8j' AND file:hashes.AUTHENTIHASH = 'b2e12a5c44e7e01965c971de559933cb95d64bbac245531fe7d057610b49b6c1' AND file:name = 'USBLOGGER.exe' AND file:size = '15360' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-20T06:59:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ce24f57-d3e4-49a1-94ac-6c8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-20T06:58:34.000Z",
"modified": "2019-05-20T06:58:34.000Z",
"pattern": "[file:hashes.MD5 = '731ab0f17372aea499046b9719e22c4e' AND file:hashes.SHA1 = '392023259d2aa32db16641d536b95f5d91a26276' AND file:hashes.SHA256 = '7dde7f6da73c44cb19cf12e5e9174c2b8b2635e380aff5b89a045204803488a6' AND file:hashes.SSDEEP = '384:rbfcYkg5yZJg5yZSYkg5y09JYkg5yoWbfcYkg5yW9yckg5yo60fqzN0uqC6jv1+a:xxuHuoBzyzbqC6DMts' AND file:hashes.AUTHENTIHASH = '74b65983fb079fd441233dcb3a46d51338292ab1cbec692e170234a43446b433' AND file:name = 'USBLOGGERzz.exe' AND file:size = '15360' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-20T06:58:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink