adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5836e0bd-461c-4b54-afba-4448950d210f.json

272 lines
292 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5836e0bd-461c-4b54-afba-4448950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-30T10:52:47.000Z",
"modified": "2016-11-30T10:52:47.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5836e0bd-461c-4b54-afba-4448950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-30T10:52:47.000Z",
"modified": "2016-11-30T10:52:47.000Z",
"name": "Cerber 5.0 through Google via onion gateway",
"published": "2016-11-30T10:52:55Z",
"object_refs": [
"indicator--5836e2c0-5720-418e-bed8-4708950d210f",
"indicator--5836e2c1-9ab4-40ee-b46f-41cb950d210f",
"indicator--5836e2c1-36ec-4df9-bee8-4d3b950d210f",
"indicator--5836e2f1-3adc-4b8a-bf6b-4dde950d210f",
"indicator--5836e2f2-1b5c-4851-8d3a-4df5950d210f",
"indicator--5836e2f2-10d0-4945-a306-4415950d210f",
"observed-data--5836e42e-3bd4-494f-b5ef-4ce702de0b81",
"url--5836e42e-3bd4-494f-b5ef-4ce702de0b81",
"indicator--583eaf7e-dce4-479f-b857-2481950d210f",
"indicator--583eaf7e-3f38-4d8e-a736-2481950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"ecsirt:malicious-code=\"ransomware\"",
"ms-caro-malware:malware-type=\"Ransom\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2c0-5720-418e-bed8-4708950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:53:20.000Z",
"modified": "2016-11-24T12:53:20.000Z",
"description": "download location redirect (Google)",
"pattern": "[url:value = 'https://www.google.com/url?hl=en&q=https://pvjk6aukijrdwwqs.onion.to/00562206.doc?id\\\\%3D23964551\\\\%26apr\\\\%3D0333&source=gmail&ust=1480036825671000&usg=AFQjCNEyM-vUZ9C8Kf8fbmS88Il7gWapLg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:53:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2c1-9ab4-40ee-b46f-41cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:53:21.000Z",
"modified": "2016-11-24T12:53:21.000Z",
"description": "download location (onion.to)",
"pattern": "[url:value = 'https://pvjk6aukijrdwwqs.onion.to/svchost32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:53:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2c1-36ec-4df9-bee8-4d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:53:21.000Z",
"modified": "2016-11-24T12:53:21.000Z",
"description": "payment site",
"pattern": "[url:value = 'http://ffoqr3ug7m726zou.vofy7f.top/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:53:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2f1-3adc-4b8a-bf6b-4dde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:54:09.000Z",
"modified": "2016-11-24T12:54:09.000Z",
"description": "Cerber ransomware",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMVmeElDH+r60kkDAP+SAwAgABwANzAwZGE2MzgzN2Y5MmRmZmJhY2EzMDQyMTAyNzMwYzdVVAkAA/HiNljx4jZYdXgLAAEEIQAAAAQhAAAALZxrnIq8qRfCYrhPGWvYtlYTBX/K8lSkipX9hnvnh2HL+/jKOX9gCc+3ETtvEYx7BFra4hLgzydClmJDY0Er+6Lzzf4NRi0SOdDLwStSYQDjqejsYw1xNe2GkBexAEnEhwka5RRz2BESZ82GjfqvxlDTX8DN9MWFIgXBQjB7hzCrR5v6oHLWkh1souJ1HhXvd8qBpimAGZwyD6MJ9S1D2sscg5ZSWkAY3ApfxDutVdbj1Jp0YHz12vOVAneX+wwgHn7KZ5/0U6tTCUiVqB2k3bCwIseWMsr0rgzN7FDtJIAledGyrHqCHyeJywoCddY6jCAQtxB3Yli6y2nS6vzttmooZNOycImdx9uqD+LIq9p1uybPFxYXX1fr4/+P66MQEgORipgE8+BsQq3/0lP2ANRkTvrUuiYyemUuH8kLlM9EAExrmys06JfDbEVYDfN2w1PFs1kSH3+CjiDsmBiev3ZiibZ6JsMkd6SySGWol/NJd/I4lFsR/G9d1A5H87Zxh6r77p783kGhy2cPmxlEha182GmlSyW9WscFDGMFiP/bzHOTuMyHRP1aVv19C5NOuSNZ+k8votbH6C1B3/vUXXdMaG7RU/8iwoLwnSg9Wz8zukMtwbCnqpqar6q3wwXHUk9HMDlx9VO4MWC4GsVSKvRwVCyzJKCPWsuwnrmp1SsNr4vQ2LRWk25AXuSvF8DdulgQIPSceqCqTU0ZLYd4Ti0Q0sbm3fYst77X46eFviCzwCEo14qEW5H4hVnylDEpdyXX3QPbhvecMyYAPC3rA/iTFIMfAq8tulk/N8SCMBPmfsS63iyayn610GmVpHV1oP8XCdTOAYZHn7/QIqUEv9Tg7CuG+FXissYBTvIZDSR05pspd8RpqhKaucZF/VYXWbOF0efnGkfz0VcR+GKXiehKf21PYYD0i+KEg4L28I6f1rsQ7n2ytEKlb20HTeiYErE7NJfmPNVZ6nqme8CRzXHmHHA++WyTVbWk34R8q1s/Owwm2hfOW5MnU4i2J75Db6UxiAuj+D/vw6lcwaZi/RpXvDmTfCAfZRYPAQc2BzLk49U61f0yB1Xd/AXNF0gBxpTEjcPtQrbmEwCYFQ0W1hP8U4gtrzy+osZBAXtIMhBXBE9/xmlK0e4EGsVP+7//BKe3Dw3Ngzk7xljYlV65tOGYOT58hevLsdQvA/VmDnPPwQpTdfo1L+NvCcYm3QHMdCI2IN1eyVaPDjtQBMdfsI+xqBUigplMzL0Mg/hk8t/PGzYmtdHWSmGOYaA8veQnnAgXNbU154VlGeNT11w+wkfXPdD2HDgs3P2dMe7PowjRlXvx0tSJwNu+c0+WvWWunpn5xZ0bnPfGhv7xQL/J0L4AVF+lwoxXK4/TlUuAykX5MBOL5RRTI46+Lta5djbfe6gFXZ1HBxrDMbAU0TBEC2+Kqykp1yHlCHby6RmirePx+xeU9F+HRrLd39ZRxAtSScFK9/AAAYxS3Mvl/ovA0ORpcKriIWBMuv+x4d69jmkKIGIr7IEo2r4LTDaH1DnrwjxaOmycpTklPclq/v9HYnaNXqwKFUW12uchyBTZ5fZzCgxqSF/gmj8FopZRP7+yg892fNqg8x680bJet/gQS+ieLbG5uj4ouz7fapXQKOzvZ6czCYZTU2MtvF3A7QqhtAl6LO9i1qGVvEahLxV1VkkddHwLorVECTo5i65lJxU3vl4POdbln3P0pvu4QzL/xQFferQWVM8oLF96WoOuD/FibjBVRgpwFyPatrPQASePPQwnLE34/fqH8a5he+78miv4Apkn8bOTRQTDq9LN6cwyeQHsWamzjS4xv1XWwt+oXSMoP6N8q6q+fj+0Np8S1IhrOl2lGBBIk5nLlk37j/E+ADGK0eaNGsPvT7ucE011pV37BOVA3dcx3owi8jMcqzADHH5yAHSEwI0oVMOU63dOKuZrpB5d7nI8RjEsA+EySpJYNYK8toXn0KNL6Kf6RbpaWtTrWl8TtNred1Hua8QBMGdEgSwhlsIHTdeRNdfe/JTMptK0SgxfwxnHNv4RWDtothcvtNUHzV15ijNsNufllfjkxf2LcVGCB8k/6Tr2Y9lmlYnjMK0/8YIgYXW3IwvXEZg0sT6xy1frhm9MtIJ1Qv4Xs+lRGc511d5uuJ/sNIz5bcy7/W5cl4dhPt8nj0+rrZq6ZMAqebeUDcgif3rI1E2A0MYAQd4us/Wq8eIaE4vPZQ4LBLA+raFe6CZB1/tIxjc3aUjxoM2mwcXLqjSLKCda0UlC+v8qb7V2DCksl+7GHWKHYIrFyfP3AjdOSZXaleBXmra6/dUp3U2MbkD95/0ychm8ScDGgZfG9j2xnSCAKd/w1kdUaUya8YUxwjBwtILiaDn/mt0UGqxr64RdpWgOaHNdCwwSA/tbwSiZPkJ7nPtvaqRQiuYen3v+f3KiUFXEftqv2dsst6wEaCLFx7QtIknISMMQ7rM77sQr3AVTyncTC6DCBArZXECBnd728KQHiMmIOKkHJtgnD3Gen7vcmZlAXRnBxO0cr5iAOC0jRHzj7KX1oByphAw2x1chUxcGXQjbJT90Y+ektxLL7zEwSGn/EzCC6Y9aD9TnT2chkopwC6zmkTzq9wjOdImxhgG/Af71PQBAeFtocGw7Gzf/JC94fJFIs7u6YvrmGjWQxra2DZXalwwhVCDGjzOb7aSSWha01Ob7vvnYIOKDi2KBHksvMRaxAocAPhhl/8P2n+I6PQaaVM0L6nCNoI3eC7PqXg/PIsWiCSNIHcYNDNvdW2sqwuoTgqxpyXZLD+Mcmjd47m5Iz1j/G2jpQ95rxkxD1f7qkBR7m16XmNDA1E2Y7vcKttez8bKnLBoUDlrayZvhvUBsPV77IZKZ7Bza7LuhcokRApYCfr0X3J/lgnRe4G04JJtTbJ2WASyPSbO9uD7vMkoSPd0IqWrieGweDq/hXOIhIA5nXLCfJyAoFvGFCs7LiVLC8jd+v10DKLfxjjqI5QZ1P4hBjrJQOgsq3fiIE1nEfvE0xt/GDoF4Cmk5mTF2xJVVrBLw/j7dmQ0wiREl1Tj2bzpOxmDSbT9ySkSDhsUk1nZ6wt2nmlwcLO3C+RVIBlzrWALdZwRpHb7oCI6VAD0ZE8njABK1ud1PRzeZ/5GFBpwdlxtUwc+quNx9zuJP9DAvrTsUQGz3xm7EGCEwMyVOHaZErR3n6LilWcxXF7xdUkaQmPw5JOySPvVH/2H2ItvzN6WhyMGOk9dH+BGP+tEcPvGmB+Diwm8jG8eDznu1/LaAhi3GPrQBnBnRberEbBV/ewHarIr3oh8a/TeVZv1fHI9E82+cj3b5HYsis7t9Y61Nx9UvNvtBm0GymvBkmmGRpO2i6/59O7QKu9u4aOEHelYpDWWL1H7/3gQVHIq6TdvhZO7ljhLkaSyNrp3N67C3ptGITzUIWvDLwa5LPCNn19OAfKD25UK1UEHW1/7e7HlbOVmZ4jf8h8d0qeM+I7omHG9SDoVnvzBMsIau0V3vZDhhd/9Tpwva7xG8px/edQNfKVYiwVoRhpojljxNOLoODkG55V0Sx9Kya8Nfc6L1mPKG2SnELeu9MrvRPcOnq0jp9oLjiUucMnE33X6hAvn76g6KW49CB8Q+z+cTwhy68iZX1Ky6pQggY9lph+QMG8m+5oRnX/GzSVvWOQ+76kl9dnHHyDyiUkQNbpfeJXc4TnVSgPPIAcPOs3pYvWKeVTGSYjlQkqzw7JWjbn95JC6Bcyt2zIUcW23+IXtezddBJ09wpc7iun+/dYJ6PnOSxAn7GFFF1gDg+viA/wGOI2wu5kGUtY/9mnv03wOR84HaMWZw7SghcbAE13r3JNoYnZ+7/5nk+cT0IbFdQ9eMY4V4HbeofNyjkKCil3Gi0rwFYuH4R/2LiZEH2M7nz7gUWj
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:54:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2f2-1b5c-4851-8d3a-4df5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:54:10.000Z",
"modified": "2016-11-24T12:54:10.000Z",
"description": "Cerber ransomware",
"pattern": "[file:name = 'svchost32.exe' AND file:hashes.SHA1 = '86e4fe06a8bc2efe8f16e418866cc6581da0e9e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5836e2f2-10d0-4945-a306-4415950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:54:10.000Z",
"modified": "2016-11-24T12:54:10.000Z",
"description": "Cerber ransomware",
"pattern": "[file:name = 'svchost32.exe' AND file:hashes.SHA256 = 'bdaacb4e4d0f3a33c3a9199fd3cbaa2ab0047c269068d41773a754379c9c75c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-24T12:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5836e42e-3bd4-494f-b5ef-4ce702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-24T12:59:26.000Z",
"modified": "2016-11-24T12:59:26.000Z",
"first_observed": "2016-11-24T12:59:26Z",
"last_observed": "2016-11-24T12:59:26Z",
"number_observed": 1,
"object_refs": [
"url--5836e42e-3bd4-494f-b5ef-4ce702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5836e42e-3bd4-494f-b5ef-4ce702de0b81",
"value": "https://www.virustotal.com/file/bdaacb4e4d0f3a33c3a9199fd3cbaa2ab0047c269068d41773a754379c9c75c5/analysis/1479991440/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--583eaf7e-dce4-479f-b857-2481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-30T10:52:46.000Z",
"modified": "2016-11-30T10:52:46.000Z",
"pattern": "[domain-name:value = 'pvjk6aukijrdwwqs.onion.to']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-30T10:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--583eaf7e-3f38-4d8e-a736-2481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-30T10:52:46.000Z",
"modified": "2016-11-30T10:52:46.000Z",
"pattern": "[domain-name:value = 'ffoqr3ug7m726zou.vofy7f.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-11-30T10:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink