2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5cd4446a-b318-40d6-8120-473a950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:22:57.000Z" ,
"modified" : "2019-05-09T15:22:57.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5cd4446a-b318-40d6-8120-473a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:22:57.000Z" ,
"modified" : "2019-05-09T15:22:57.000Z" ,
"name" : "OSINT - keepass(dot)com spreading malware acting as the official site for KeePass password manager. Download for .dmg and .exe files are available on the site." ,
"published" : "2019-05-09T15:24:00Z" ,
"object_refs" : [
"indicator--5cd444bb-5100-4607-ab39-4e98950d210f" ,
"indicator--5cd444bb-b15c-4760-b152-4fda950d210f" ,
"indicator--5cd444ed-5814-49ff-a3f9-466a950d210f" ,
"indicator--9bc5279d-fa53-4c2f-92f1-9aac47fe4658" ,
"x-misp-object--b6903b23-45ff-4d75-ab0d-ebc19a94a7e6" ,
"indicator--2ec00d74-5d8a-4db5-9d43-1845fcfd8917" ,
"x-misp-object--b6b594cd-778d-4c19-a1e8-b04a78d6154d" ,
"x-misp-object--5cd44594-ead8-4e11-8ccb-4a0e950d210f" ,
2023-05-19 09:05:37 +00:00
"relationship--b3bd4059-a1e9-4133-99b5-337beb36cf96" ,
"relationship--a7c4cdad-9573-4d00-9619-71704f0007a6"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:mitre-attack-pattern=\"Unconditional client-side exploitation/Injected Website/Driveby - T1372\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cd444bb-5100-4607-ab39-4e98950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:19.000Z" ,
"modified" : "2019-05-09T15:18:19.000Z" ,
"pattern" : "[file:hashes.SHA256 = '4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-09T15:18:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cd444bb-b15c-4760-b152-4fda950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:19.000Z" ,
"modified" : "2019-05-09T15:18:19.000Z" ,
"pattern" : "[file:hashes.SHA256 = '41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-09T15:18:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cd444ed-5814-49ff-a3f9-466a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:19:09.000Z" ,
"modified" : "2019-05-09T15:19:09.000Z" ,
"pattern" : "[domain-name:value = 'lifopp-sacoho.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-09T15:19:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9bc5279d-fa53-4c2f-92f1-9aac47fe4658" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '3590c4b2cfa63655dc14bef32659f675' AND file:hashes.SHA1 = '5b0825a4436e4908501667e1cfa91e9e39e82302' AND file:hashes.SHA256 = '4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-09T15:18:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b6903b23-45ff-4d75-ab0d-ebc19a94a7e6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-08T10:03:22" ,
"category" : "Other" ,
"uuid" : "9268cd71-c418-4b6c-8ae7-b2755788dedc"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4090224f97db5601e5b293f81ec6fe28f86d7e3d8f4592f6b9d0765831e2c966/analysis/1557309802/" ,
"category" : "Payload delivery" ,
"uuid" : "fea2b397-1408-4777-ab45-308963ac7d8b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/72" ,
"category" : "Payload delivery" ,
"uuid" : "584d4279-982a-4ca3-bedf-933dd6a5b6bb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2ec00d74-5d8a-4db5-9d43-1845fcfd8917" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '0211036d4f551610892d3da2f2377b95' AND file:hashes.SHA1 = 'b4f5d93b0eb93812018646f6b358da9592ae6499' AND file:hashes.SHA256 = '41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-05-09T15:18:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b6b594cd-778d-4c19-a1e8-b04a78d6154d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-05-07T11:36:35" ,
"category" : "Other" ,
"uuid" : "a6d53689-a303-42fe-8c7f-def94d11e653"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/41c82089de60c0a2fe9a51d0f8f919261d0e73cf1da0d61b835194c177787b4e/analysis/1557228995/" ,
"category" : "Payload delivery" ,
"uuid" : "eceb9e59-eff8-433b-8169-b854da49308d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/56" ,
"category" : "Payload delivery" ,
"uuid" : "05cda147-431f-4496-807b-50aa24c3c031"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5cd44594-ead8-4e11-8ccb-4a0e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-05-09T15:21:56.000Z" ,
"modified" : "2019-05-09T15:21:56.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "keepass(dot)com spreading malware acting as the official site for KeePass password manager. Download for .dmg and .exe files are available on the site. @malwrhunterteam" ,
"category" : "Other" ,
"uuid" : "5cd44595-8944-400e-b668-4629950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5cd44595-c004-4e7e-83c1-442b950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://twitter.com/berkcgoksel/status/1125727590440931329" ,
"category" : "Network activity" ,
"uuid" : "5cd44595-d14c-4a3d-bb69-4f53950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "berkcgoksel" ,
"category" : "Other" ,
"uuid" : "5cd44595-720c-4b7b-9eb2-42a8950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--b3bd4059-a1e9-4133-99b5-337beb36cf96" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9bc5279d-fa53-4c2f-92f1-9aac47fe4658" ,
"target_ref" : "x-misp-object--b6903b23-45ff-4d75-ab0d-ebc19a94a7e6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--a7c4cdad-9573-4d00-9619-71704f0007a6" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-05-09T15:18:28.000Z" ,
"modified" : "2019-05-09T15:18:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2ec00d74-5d8a-4db5-9d43-1845fcfd8917" ,
"target_ref" : "x-misp-object--b6b594cd-778d-4c19-a1e8-b04a78d6154d"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}