adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5c51800b-4054-4a1d-9f2d-4810950d210f.json

241 lines
52 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c51800b-4054-4a1d-9f2d-4810950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T12:02:37.000Z",
"modified": "2019-01-30T12:02:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5c51800b-4054-4a1d-9f2d-4810950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T12:02:37.000Z",
"modified": "2019-01-30T12:02:37.000Z",
"name": "OSINT - New LockerGoga Ransomware Allegedly Used in Altran Attack",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5c5180b6-03ec-477c-b914-1747950d210f",
"url--5c5180b6-03ec-477c-b914-1747950d210f",
"x-misp-attribute--5c518120-9f24-4cae-8aca-4485950d210f",
"indicator--5c518732-a570-40b4-a402-9f0b950d210f",
"indicator--5c518732-40d8-4b84-850a-9f0b950d210f",
"observed-data--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"file--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"artifact--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"indicator--5c51852f-de8c-4a99-a0f9-4c01950d210f",
"indicator--5c518643-345c-473f-a3b4-1746950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"dnc:malware-type=\"Ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"",
"ecsirt:malicious-code=\"ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"veris:action:malware:variety=\"Ransomware\"",
"Ransomware",
"ms-caro-malware:malware-type=\"Ransom\"",
"ms-caro-malware-full:malware-type=\"Ransom\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\"",
"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c5180b6-03ec-477c-b914-1747950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T10:49:30.000Z",
"modified": "2019-01-30T10:49:30.000Z",
"first_observed": "2019-01-30T10:49:30Z",
"last_observed": "2019-01-30T10:49:30Z",
"number_observed": 1,
"object_refs": [
"url--5c5180b6-03ec-477c-b914-1747950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c5180b6-03ec-477c-b914-1747950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c518120-9f24-4cae-8aca-4485950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T10:49:29.000Z",
"modified": "2019-01-30T10:49:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and their own assets, Altran decided to shut down its network and applications.\r\n\r\nThe attack occurred on January 24, but the French engineering consultancy released a public statement only yesterday and kept details to a bare minimum, saying that third-party technical experts and digital forensics specialists are on the case."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c518732-a570-40b4-a402-9f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T11:14:58.000Z",
"modified": "2019-01-30T11:14:58.000Z",
"pattern": "[email-message:from_ref.value = 'cottleakela@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-30T11:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c518732-40d8-4b84-850a-9f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T11:14:58.000Z",
"modified": "2019-01-30T11:14:58.000Z",
"pattern": "[email-message:from_ref.value = 'qyavauzehyco1994@o2.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-30T11:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T12:01:21.000Z",
"modified": "2019-01-30T12:01:21.000Z",
"first_observed": "2019-01-30T12:01:21Z",
"last_observed": "2019-01-30T12:01:21Z",
"number_observed": 1,
"object_refs": [
"file--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"artifact--5c519211-9a30-4a2f-9deb-f4ec950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"name": "LockerGoga-ransom-note.png",
"content_ref": "artifact--5c519211-9a30-4a2f-9deb-f4ec950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c519211-9a30-4a2f-9deb-f4ec950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA7kAAAHiCAIAAACiE5yKAAB810lEQVR42uy9ifMkR3Xv23/EjRuOeI4b4RdxhV/YRIAEhONn+70Ir8++19v1wyBkI/DS99rXxub5Yix2b2BAwA9jGRCIxYAQQkjGNs0mtIBAC9JImpFG0rSWkWY0o3UkzUiAeZjfq96qMivPycxTXdXr5xNHo/51V+VyMivr21nZeXq9P/tYac8DAAAAANhWfvAHf/AHfuAHXHncK1XyT/3UT33xi188cuTIHgAAAADA9vG9731v+PBj/9tP/+J/+I//sdLKhVB+17vedfTo0ff96y0YhmEYhmEYts22/8lvf+rg4alcLv4rZpQLofz+f70VwzAMwzAMw7CrTzzzg//PWSOtXEwqF0sv3v+5WzEMwzAMwzAMm9ilDz89WrtcaOVijfL5g/0YhmEYhmEYhk3s4oefKX7qN9LK3/72tz/w+QMYhmEYhmEYhk3swuNPFzp5pJWLH/1d8IXbMAzDMAzDMAyb2EePOVr5Q1+8DcMwDMMwDMOwiX3wQUcrf/hLBzEMwzAMwzAMm9h7jz5TaeWPfvmOHHvje86P/IthGIZhGIatlL374mv+8E3v/60//tt2rUizSHlhWXzkwst/6yd/6af/w//erhVpFilrrvu7B542aOUP7Lv75/7bb1z34GM/+yu/fsXhh4t/Pzt8sPj347ffX/x77nW3v+OaW/7xH99Dj8QwDMMwDFsd+70/2/3i126576GT7VqRZpHywrL4ldOe/6XzP/D0gRvbtSLNIuUsrfyPl98ZsY9dcee7brjr7hOn7njsqVsefuL6Y49ffeTRL9z30GXDBz9x8P4L9t/711fve/vXbn73X788ng6GYRiGYRi2SDv7T95a6M6v3Xa8XSvSLFJeWBbFHPCpW294+FMfbNeKNIuUNde9435HK3/8irtids3wfTcNDz3+1O2PPLXv+IlvHH3sivsf/tw9xz5z6MjHDh4+/5Z73vSVb15w4x2FVk6kg2EYhmEYhi3QXvbKt917/OTVB463a0WaRcoLy6JQtCf3XXf8wvc/9MmxXTi1yTvHJy9mrx/y7PzpWReeX504e1GkWaSsue4thx2t/IkrD0XsgmsPfeKW+66798jX7nngikOHBwfvvezA8JM33/nhmw7+w3UHihnlV1765Ytuur3Qyv6JH/ypXsVP/W3kzZH92X/t9f7rB7XT//P//LL3vnfkyN75P5/b6z33tz4ey0JPoXhncu7Y/vZFYb5F8ZykguOD8rRhqXJ2bgvODsMwDMOwlu3lUyF7rF0r0ixSzsnizbsf/fXf6GtWfJqTRaFon/zmNcf+8bzKPja28ev3vuZ1ZYLFa/Gd0B78x/OKNIuUNdf91b2OVv7kVXdH7LzrD126/4H9jzx500Mnrj32+FUPPPz5+45fNjx64R33X3DgvnffNPzTf/nqLQ89Xmhl/8QLfrp3+ks/MX791hf3ei9+de1N1z7xutN+5MU//SPuR+6RxetCNV5Qvn/aj9QSGR8wPV7Jwi/YaT/S++m3akUtT//KS3+kd9offmX6/rQA49L2Zu9fdfe7/vD08vUnr4oXIFm27HLOm3huAVpNEMMwDMOwhdrL/9+333P85JUHjrdrRZpFyjlZFGr1ezrFpzlZFIr2ieuuPvqh3aMXjOzI7MXEikT2ZhSv/+HV59TeOVKc4hw/SmecQpFmkbLmutff42jli66+J2LvuO7Ofzlw9Oq7H7j8rtGk8qUHhhfdfNdHbrrjH6677V1f3/9XV930Py783H0PP1ZoZf/EC36md/rZF9Zeu29W9u4/Ov20P7pi8q90+j0XXfj603pn/vns/Z/5JffIey5625m9XzoznkW9YG97/Wk/+vp31/O64uwf7f3M25yDy3wvrI4vyvkzf/T6037pgvExxSm17CIFSJYts5zzJ55dgDYTxDAMwzBsofbbf3puITqvOHC8Xbv7+Kki5ZwsklpZO7FIs8yiULSPX/OVB9739vvfP7b3nTt7Mfr3vFe9ukjn32fUXhefPjA+ePLv2M6dvC7SLFLWXHfO3Y5W/tTX7tHsoq/d/c4b7rps/wM3HH/860cfLVYqD+49ftmh0aTyhw7ce97N97z52ttePbjm37///UIr++eOldZF49dvP7NXCL7am5WN5Wbx5kVjXRiePj2m9zNvL98v/j3zHO/08ngxC6Fg5/xy77RXXOHlddFIGZ8jlq3+oiyAW5LJnzN++fVFmadZjDxw+mnVRxdEfJ4u59cmRZ0yc4ufeHVAWc7Tz3779M1ZgqPE60W6qDzm9SlPYhiGYRi20jYWsqeuOPBQuzbRymUWd4/mlR8SrdTKtdUXzryyfKKbxUQr33feW+77+7cU/x4+b/Rv+eLw37/l7//Xq4qkvutTvFO8Pz3s76uz7pudNdHKmuv+dHiq0sqfvuY+zT769bvfd9Pdn771/i/eed8/337PJfsPXXjznR+68eBoUvmaW//mq/teM/j6a//5yhNPPVVoZf/cD/9spd4+LLzZO/M1kzcvesNpP/qG94xeX/WyHz39ZReVR5avJx/1fvbc6v3X/PLkz/L08ngpi3rByiP9F1VJwnzLHD/8s+NjXvPL41POPdOpXVjy4nVRhsm/YaXippdzXMeq+vVP/dfnnnnaK66aumVSu+oUMa9pyu95xek9Q2kxDMMwDFs5+53/9Y7rbj/6vs/eKNqf/sV5kcXExafaiUWaRco5WRTpPDymeBF/M5JFoWjvOv+dX/jpH43YX/7SfymTnaRcvBM/pUizSFlz3SsOOVr5kq8f1uz8a+/+6L57L7z58NVHH/nS4Yf+5e5jnz505OMHD39w/33v2Td86zfvfOMVN5137YEikUIr++eO5NfLP3X4kk+94Vm9l7y29qZz5Hv++PRn/fHV5etCekpHXv3yH5386SRbKL+vH35tIWHf4R4fZDEqwIRJMZwD3vGScXZiUWv5zg6enjIttlv4S8Q6Fsf3JiWUqx8UT0onWs7AA26a0+8qtaxnp0yLN8bzqlpaDMMwDMPWxwq5ef3Bo+f/802iuet6Q4pPtROLNIuUvSz+5SbRikQeGFMT4uWb2onXH3ywzGKilb/8C2d86RfP+PIvTv8d2/O+/AvPK1781a/9cplmSfFO8f7ogOLEsY2OH51yxsQmWllz3e/f5WjlS6+9X7Pd6+4qhPI/7rvvstvuvvjWQx/bd8cHbrz9vOsOvKOYVL5632svv/FPL7vio9fdOplX9s/9yM/1zvjti0evz/uTM571J1fX3nQOq/GS14VHXvzGZ9Xfv/q3n33Gb7/zjc969hvP894Ps7hfK9g4kd7PvdNNs/jTObjKd/z62W983Z+cMT2g+PNX3zgqw8WR9O+/9J0jMTpLM1m2vHK6pbr2/tf96iR953j/ACU197CrpxW5uPSntbQYhmEYhq2c/e6r3nHDHQ9+8HM3i1aoybt1ik+1E4s0i5TdLC743M2iJbPQTrzhjmNlFoWiPXTBu6/89f8zsJ8s/v2bF/66m0vtdfGpdOLIijSLlFXX3eFo5X+67gHN3nbtnR/fd/jDN943uPfYpYeOfvKOBz582+H33nL3u2469Jbr73z9NcVi5a9/8+gjk3ll/9yPFkrrdy6pvXbfHNu7zuo9+03vrc766u8UMu5d4emTN/33i3N7vWe98quJLOrmH3DJm8ZTsG6aZ72hOrJMf1q2nl8q/+CwAMXr4oDJvzllyyyn45DR+2HitZL775SnlM4fvVNP+b2vPKNnKC2GYRiGYStnv/dn79x39yMfv+JO0QopeYdO8al2YpFmkfLCsigU7T0fe981L/3Fr730vxR2zdm/WLwuzc2ieP2Wl5xZe+ea8pSzx1b8OT6xSLNIWXPd2bc7Wvmz1x8V7ZLrjrzr+rs+se/+Yl55slL5Izfd8f4bbv+7b+x/+zW3vvnqfa+/4pt/8MnBXccenswr+6d/7Od7Z/zuZ6Z/vq8QXs9+0/tGb1b88CuveeOvjf51Txwd+Wsf+6x3ZJWOn+w1v/vss95Yf7+eRVAvr2D
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c51852f-de8c-4a99-a0f9-4c01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T11:06:23.000Z",
"modified": "2019-01-30T11:06:23.000Z",
"pattern": "[file:name = 'X:\\\\work\\\\Projects\\\\LockerGoga\\\\cl-src-last\\\\cryptopp\\\\src\\\\rijndael_simd.cpp' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-30T11:06:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c518643-345c-473f-a3b4-1746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-01-30T11:10:59.000Z",
"modified": "2019-01-30T11:10:59.000Z",
"description": "ransomnote",
"pattern": "[file:name = 'README-NOW.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-01-30T11:10:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink