misp-circl-feed/feeds/circl/misp/5a38299e-326c-45d6-9279-481102de0b81.json

331 lines
566 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a38299e-326c-45d6-9279-481102de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T03:00:44.000Z",
"modified": "2017-12-20T03:00:44.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a38299e-326c-45d6-9279-481102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-20T03:00:44.000Z",
"modified": "2017-12-20T03:00:44.000Z",
"name": "OSINT - Operation Dragonfly Analysis Suggests Links to Earlier Attacks",
"published": "2017-12-28T13:31:53Z",
"object_refs": [
"x-misp-attribute--5a3829b8-3de0-473e-91ce-8dbe02de0b81",
"observed-data--5a3829c5-4d84-4e8a-b73e-40ac02de0b81",
"url--5a3829c5-4d84-4e8a-b73e-40ac02de0b81",
"observed-data--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"file--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"artifact--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"indicator--5a3829f7-d57c-42c0-996b-486602de0b81",
"indicator--5a382a56-2654-45a7-ab35-8e6702de0b81",
"indicator--e04bdc0b-5070-445d-8c65-d069baa29a8b",
"x-misp-object--b49ac891-a300-4741-9602-e1b67d398af8",
"indicator--a12dbcc3-13b7-4c1c-9eeb-1efef4b067f9",
"x-misp-object--5538a69d-615d-4ee1-bb37-0b1483ad4db5",
"relationship--b1224eed-54dc-43cd-8629-beb38295d59e",
"relationship--d070355b-ac72-494b-bef1-c0f16c4f6d33",
"relationship--cd2fd760-7164-4112-80b5-2c6262c350ce"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-intrusion-set=\"Dragonfly\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a3829b8-3de0-473e-91ce-8dbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:52.000Z",
"modified": "2017-12-18T20:55:52.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017. This attack was effectively Dragonfly 2.0, an update to a campaign that began in 2014.\r\n\r\nMoving beyond our 2014 analysis of Dragonfly, our current focus looks at the attack\u00e2\u20ac\u2122s indicators to determine whether we can glean any further information regarding the source and possible motivations of those behind the campaign. The campaign targets energy companies around the world by leveraging spear-phishing emails that, once successful, allow the attackers to download Trojan software. The Trojans provide access to the victims\u00e2\u20ac\u2122 systems and networks."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3829c5-4d84-4e8a-b73e-40ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:52.000Z",
"modified": "2017-12-18T20:55:52.000Z",
"first_observed": "2017-12-18T20:55:52Z",
"last_observed": "2017-12-18T20:55:52Z",
"number_observed": 1,
"object_refs": [
"url--5a3829c5-4d84-4e8a-b73e-40ac02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a3829c5-4d84-4e8a-b73e-40ac02de0b81",
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/operation-dragonfly-analysis-suggests-links-to-earlier-attacks/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:52.000Z",
"modified": "2017-12-18T20:55:52.000Z",
"first_observed": "2017-12-18T20:55:52Z",
"last_observed": "2017-12-18T20:55:52Z",
"number_observed": 1,
"object_refs": [
"file--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"artifact--5a382adf-4198-4b5d-ab93-4a3702de0b81"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"name": "20171213-DragonFly-1.png",
"content_ref": "artifact--5a382adf-4198-4b5d-ab93-4a3702de0b81"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a382adf-4198-4b5d-ab93-4a3702de0b81",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABNIAAALkCAYAAADK/BhZAAAMJGlDQ1BJQ0MgUHJvZmlsZQAASImVVwdUk8kWnr+kkoQSQEBK6E2UXqWGFqlSBRshCSSUEANBxY4uKrAWVCxgQ1dFFF0LIIsNe1kUe18QUVHWxYINlDdJAF33lfPuOfef79y5985355+ZMwOAajRXIslC1QDIFudJY0ICWBOSklmkdqACyIABNIEKl5cr8Y+ODgdQhtq/y/tbAJG31+3kuf7Z/19FnS/I5QGAREOcys/lZUN8CADclSeR5gFA6IZ20+l5EoiJkCXQlEKCEJvJcboSu8txqhKHK3ziYtgQpwBApnG50nQAGHJerHxeOszDKIXYXswXiSFugtiHJ+TyIe6HeFR2dg7EqlYQW6V+lyf9bzlTh3NyuenDWFmLQsiBolxJFnfm/zkd/1uys2RDY5hCpQmloTHymuXzlpkTJsc0iM+LUyOjINaA+IaIr/CX46dCWWj8oP9HXi4bzhnQBgCl8bmBYRDrQ2wiy4z3H8Q+XKkiFvqjyQXCuERlflQszYkZzI8WiLMiwwfzlAoFnCFcJcgNih3ySRMFcyCG/xBtEOVx4gZzns8XJURCzID4QW5mbNhg7IsCITtyeCxZjJwz/OcYyM4dqgUzS5MGxyj9MVehiBM5aA/PE8aFKmOxKTyugoMOxBmC3AnhQ3z4gsAgJR+sUCCOH+SJlUnyAmIG/bdLsqIH/bEmQVaI3G4CcUtufuxQbE8eXGzKWnCQwR0XrRwX15TkRccpueEsEA7YIBCwgAxqKsgBGUDU0l3fDYZ6ggEXSEE6EAC7QctQRKKiRwy/saAA/AmRAOQOxwUoegUgH9q/DFuVXzuQpujNV0RkgqcQZ+N6uA/uhYfDrx9UR9wd9xiKY6kOjUoMIgYSQ4nBROupokLpD3lZgAcryIIqBWGwFcCq5BzEQ9y/5SE8JbQSHhNuEtoId0ECeAL9RP+o8Fs20bAtArTBrMGD1aV+Xx1uAVm74AG4N+QPuePauB6ww51hJf64L6zNBVq/zdq/4y4bYk2xp6CUERQ/itWPfgwbhstwjLy273kqeaUOV8Ie7vlxNPZ3tfFhG/ajJ7YEO4idw05iF7AmrB6wsONYA3YZOyrHw2vjiWJtDI0Wo+CTCfOIhnzsa+y77Pt/GJs7OL5U8f9BnmBGnnzjsHMkM6WidGEeyx+e1gIWR8wbPYrlaO/gBoD87FceLT1XFGc6oqv+zTY/B4Cx5gMDA0e+2SIpAByGe4fa9s1mNQVu5yUAnF/Fk0nzlTZc/iEAKlCFO0UXGMKzywpW5AhcgRfwA0FgHIgCcSAJTIHzLATZkPV0MBssAEWgBKwAa8AGsBlsA7vAXnAA1IMmcBKcBZfAVXAT3IdrpRO8BD3gPehDEISE0BEmoosYIeaILeKIuCM+SBASjsQgSUgKko6IERkyG1mIlCBlyAZkK1KN/IocQU4iF5BW5C7SjnQhb5DPKIbSUE3UALVAx6DuqD8ahsahk9F0dBpagC5Cl6Hr0Cp0D1qHnkQvoTfRNvQl2osBTAXTxowxO8wdY2NRWDKWhkmxuVgxVo5VYbVYI/zT17E2rBv7hBNxJs7C7eB6DcXjcR4+DZ+Ll+Ib8F14HX4av4634z34VwKdoE+wJXgSOIQJhHTCdEIRoZywg3CYcAbuqU7CeyKRqE20JLrBvZpEzCDOIpYSNxL3EU8QW4kdxF4SiaRLsiV5k6JIXFIeqYi0nrSHdJx0jdRJ+khWIRuRHcnB5GSymFxILifvJh8jXyM/I/dR1CjmFE9KFIVPmUlZTtlOaaRcoXRS+qjqVEuqNzWOmkFdQF1HraWeoT6gvlVRUTFR8VAZryJSma+yTmW/ynmVdpVPNA2aDY1Nm0ST0ZbRdtJO0O7S3tLpdAu6Hz2ZnkdfRq+mn6I/on9kMBmjGRwGnzGPUcGoY1xjvFKlqJqr+qtOUS1QLVc9qHpFtVuNomahxlbjqs1Vq1A7onZbrVedqe6gHqWerV6qvlv9gvpzDZKGhUaQBl9jkcY2jVMaHUyMacpkM3nMhcztzDPMTk2ipqUmRzNDs0Rzr2aLZo+WhpazVoLWDK0KraNabdqYtoU2RztLe7n2Ae1b2p9HGIzwHyEYsXRE7YhrIz7ojNTx0xHoFOvs07mp81mXpRukm6m7Urde96EermejN15vut4mvTN63SM1R3qN5I0sHnlg5D19VN9GP0Z/lv42/cv6vQaGBiEGEoP1BqcMug21Df0MMwxXGx4z7DJiGvkYiYxWGx03esHSYvmzsljrWKdZPcb6xqHGMuOtxi3GfSaWJvEmhSb7TB6aUk3dTdNMV5s2m/aYGZlFmM02qzG7Z04xdzcXmq81P2f+wcLSItFisUW9xXNLHUuOZYFljeUDK7qVr9U0qyqrG9ZEa3frTOuN1ldtUBsXG6FNhc0VW9TW1VZku9G2dRRhlMco8aiqUbftaHb+dvl2NXbto7VHh48uHF0/+tUYszHJY1aOOTfmq72LfZb9dvv7DhoO4xwKHRod3jjaOPIcKxxvONGdgp3mOTU4vXa2dRY4b3K+48J0iXBZ7NLs8sXVzVXqWuva5WbmluJW6XbbXdM92r3U/bwHwSPAY55Hk8cnT1fPPM8Dnn952Xlleu32ej7Wcqxg7PaxHd4m3lzvrd5tPiyfFJ8tPm2+xr5c3yrfx36mfny/HX7P/K39M/z3+L8KsA+QBhwO+MD2ZM9hnwjEAkMCiwNbgjSC4oM2BD0KNglOD64J7glxCZkVciKUEBoWujL0NseAw+NUc3rGuY2bM+50GC0sNmxD2ONwm3BpeGMEGjEuYlXEg0jzSHFkfRSI4kStinoYbRk9Lfq38cTx0eMrxj+NcYiZHXMulhk7NXZ37Pu4gLjlcffjreJl8c0JqgmTEqoTPiQGJpYltk0YM2HOhEtJekmipIZkUnJC8o7k3olBE9dM7JzkMqlo0q3JlpNnTL4wRW9K1pSjU1WncqceTCGkJKbsTunnRnGruL2pnNTK1B4em7eW95Lvx1/N7xJ4C8oEz9K808rSnqd7p69K7xL6CsuF3SK2aIPodUZoxuaMD5lRmTszB7ISs/Zlk7NTso+INcSZ4tM5hjkzcloltpIiSds0z2lrpvVIw6Q7cpHcybkNeZrwkn1ZZiX7Sdae75Nfkf9xesL0gzPUZ4hnXJ5pM3PpzGcFwQW/zMJn8WY1zzaevWB2+xz/OVvnInNT5zbPM523aF7n/JD5uxZQF2Qu+L3QvrCs8N3CxIWNiwwWzV/U8VPITzVFjCJp0e3FXos3L8GXiJa0LHVaun7p12J+8cUS+5Lykv5SXunFnx1+XvfzwLK0ZS3LXZdvWkFcIV5xa6Xvyl1l6mUFZR2rIlbVrWatLl79bs3UNRfKncs3r6Wula1tWxe+rmG92foV6/s3CDfcrAio2FepX7m08sNG/sZrm/w21W422Fyy+fMW0ZY7W0O21lVZVJVvI27L3/Z0e8L2c7+4/1K9Q29HyY4vO8U723bF7Dpd7VZdvVt/9/IatEZW07Vn0p6rewP3NtTa1W7dp72vZD/YL9v/4teUX28dCDvQfND9YO0h80OVh5mHi+uQupl1PfXC+raGpIbWI+OONDd6NR7+bfRvO5uMmyqOah1dfox6bNGxgeMFx3tPSE50n0w/2dE8tfn+qQmnbpwef7rlTNiZ82eDz54653/u+Hnv800XPC8cueh+sf6S66W6yy6XD//u8vvhFteWuituVxquelxtbB3beuya77WT1wOvn73BuXHpZuTN1lvxt+7cnnS77Q7/zvO7WXdf38u/13d//gPCg+KHag/LH+k/qvrD+o99ba5tR9sD2y8/jn18v4PX8fJJ7pP+zkVP6U/Lnxk9q37u+LypK7jr6ouJLzpfSl72dRf9qf5n5SurV4f+8vvrcs+Ens7X0tcDb0rf6r7d+c75XXNvdO+j99nv+z4Uf9T9uOuT+6dznxM/P+ub3k/qX/fF+kvj17CvDwayBwYkXClXcRXAoKJpaQC82QkAPQkA5lV4f5iofJspBFG
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3829f7-d57c-42c0-996b-486602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:49:59.000Z",
"modified": "2017-12-18T20:49:59.000Z",
"pattern": "[file:hashes.MD5 = 'da9d8c78efe0c6c8be70e6b857400fb1' AND file:hashes.SHA256 = 'fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9' AND file:x_misp_text = 'One of the starting points was a Trojan in the 2017 campaign' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-18T20:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a382a56-2654-45a7-ab35-8e6702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:51:53.000Z",
"modified": "2017-12-18T20:51:53.000Z",
"pattern": "[file:hashes.MD5 = '4bfdda1a5f21d56afdc2060b9ce5a170' AND file:hashes.SHA256 = '07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4' AND file:name = 'fl.exe' AND file:x_misp_text = 'Comparing this code, we discovered another sample from the group that was used in a July 2013 attack:' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-18T20:51:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e04bdc0b-5070-445d-8c65-d069baa29a8b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:55.000Z",
"modified": "2017-12-18T20:55:55.000Z",
"pattern": "[file:hashes.MD5 = 'da9d8c78efe0c6c8be70e6b857400fb1' AND file:hashes.SHA1 = 'cd9519127efcc9a65068befe17ae038c94085358' AND file:hashes.SHA256 = 'fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-18T20:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b49ac891-a300-4741-9602-e1b67d398af8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:53.000Z",
"modified": "2017-12-18T20:55:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9/analysis/1512363514/",
"category": "External analysis",
"uuid": "5a382b59-1fa0-4df0-98c2-8df402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/68",
"category": "Other",
"uuid": "5a382b59-a224-432f-87f0-8df402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-04T04:58:34",
"category": "Other",
"uuid": "5a382b59-6bbc-45bc-aa29-8df402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a12dbcc3-13b7-4c1c-9eeb-1efef4b067f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:56.000Z",
"modified": "2017-12-18T20:55:56.000Z",
"pattern": "[file:hashes.MD5 = '4bfdda1a5f21d56afdc2060b9ce5a170' AND file:hashes.SHA1 = 'a582c87f411150e58e18c929194be797685434f7' AND file:hashes.SHA256 = '07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-18T20:55:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5538a69d-615d-4ee1-bb37-0b1483ad4db5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-18T20:55:53.000Z",
"modified": "2017-12-18T20:55:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/07bd08b07de611b2940e886f453872aa8d9b01f9d3c61d872d6cfe8cde3b50d4/analysis/1513461661/",
"category": "External analysis",
"uuid": "5a382b59-75bc-4dd3-8107-8df402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/68",
"category": "Other",
"uuid": "5a382b59-4b04-4b50-bc35-8df402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-16T22:01:01",
"category": "Other",
"uuid": "5a382b59-50dc-4977-8b72-8df402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b1224eed-54dc-43cd-8629-beb38295d59e",
"created": "2017-12-28T13:31:53.000Z",
"modified": "2017-12-28T13:31:53.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "related-to",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--5a382a56-2654-45a7-ab35-8e6702de0b81",
"target_ref": "indicator--5a3829f7-d57c-42c0-996b-486602de0b81"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d070355b-ac72-494b-bef1-c0f16c4f6d33",
"created": "2017-12-28T13:31:53.000Z",
"modified": "2017-12-28T13:31:53.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--e04bdc0b-5070-445d-8c65-d069baa29a8b",
"target_ref": "x-misp-object--b49ac891-a300-4741-9602-e1b67d398af8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cd2fd760-7164-4112-80b5-2c6262c350ce",
"created": "2017-12-28T13:31:53.000Z",
"modified": "2017-12-28T13:31:53.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--a12dbcc3-13b7-4c1c-9eeb-1efef4b067f9",
"target_ref": "x-misp-object--5538a69d-615d-4ee1-bb37-0b1483ad4db5"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}