misp-circl-feed/feeds/circl/misp/5b28ffbe-0118-409f-8f26-4f0e950d210f.json

193 lines
117 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5b28ffbe-0118-409f-8f26-4f0e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:02:50.000Z",
"modified": "2018-06-24T06:02:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b28ffbe-0118-409f-8f26-4f0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-24T06:02:50.000Z",
"modified": "2018-06-24T06:02:50.000Z",
"name": "OSINT - Malware That Hit Pyeongchang Olympics Deployed in New Attacks",
"published": "2018-06-24T06:03:02Z",
"object_refs": [
"observed-data--5b290062-dc94-4159-8b37-4332950d210f",
"file--5b290062-dc94-4159-8b37-4332950d210f",
"artifact--5b290062-dc94-4159-8b37-4332950d210f",
"observed-data--5b29008f-2b3c-481f-a4ed-4f3a950d210f",
"url--5b29008f-2b3c-481f-a4ed-4f3a950d210f",
"x-misp-attribute--5b290112-f380-49b0-a09a-493d950d210f",
"indicator--5b29002d-92b8-468e-900d-4091950d210f",
"x-misp-object--2cbbe4ff-7a38-45fc-ae72-577c6b2a0edf",
"x-misp-object--dac822e3-0527-46dd-99a9-2a16d8310d75",
"relationship--63940611-2ebd-4731-b40c-fc1c878f61f0"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Olympic Destroyer\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b290062-dc94-4159-8b37-4332950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T13:09:12.000Z",
"modified": "2018-06-19T13:09:12.000Z",
"first_observed": "2018-06-19T13:09:12Z",
"last_observed": "2018-06-19T13:09:12Z",
"number_observed": 1,
"object_refs": [
"file--5b290062-dc94-4159-8b37-4332950d210f",
"artifact--5b290062-dc94-4159-8b37-4332950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b290062-dc94-4159-8b37-4332950d210f",
"name": "DgDJaCgWAAEIA01.jpg",
"content_ref": "artifact--5b290062-dc94-4159-8b37-4332950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b290062-dc94-4159-8b37-4332950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAI2A0IDASIAAhEBAxEB/8QAHAABAAMBAQEBAQAAAAAAAAAAAAMEBgUCAQcI/8QAGQEBAAMBAQAAAAAAAAAAAAAAAAIDBAEF/9oADAMBAAIQAxAAAAH9i8JiFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwhTCFMIUwilhmAIZoZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGaGU+vghngnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIZYpQCGeCcAAAAARVMTT6G2+ZW1DTqLP5xopV6U5l/ldNQrnXc7ydNx7Jfcn6dVQ9F1xvZ1nO+HScWY6jkSHTc76dBzoTrub8Om5cpfcS2dAAAAAAAABzYDsuLEd9Q5533OqnbceQ6jlQnbccdhypToOUOq4Ex2WdtnXcuE7QAAAAAAIZYpQCGeCcAAAAA5+T2eXz+v0rvueeXI9H7Yr3dyvYrafEil9iKOauTfJqxIk9EL77PHyWUg+SeyhW6XshTSlH1cFL7cFaDoCrHeFKacAAAAAAAAQePkR9RWD7BWtE8VewRe5KxZ+efp69fIiWTnWRYr/CnNY9xspe4vp89eZy1aJVnn0AAAAAQyRyAEU8E4AAAABXyesV6sp0eNXze23tDq3+WoX/l3nc+p2vRzq3a8HJr6HycqLuDmw9j4cq3bHIdfwcWz1Phw+6AAAAAAAAAAAAAFWP17KN+MefFusRebcJ7hpdMgsTVytYmkOfehFCez4Jfta0Uk1or/Pvk6Cv6PNivYAAAAAIZI5ACKevYAAAAHz6KlsPkcrnQ7xzelEVqnS8lKDs+ChT7XwoOlGV4r3o5rpiGr0oip56URS8XvRXg6sBaAAAAAAAAAAABya3bjM9800RyqOpjOd86I4kfenM10enGcG/0Phzamg8HCs9P6cWTsezNe9IM190gzFruiD1KAAAAAIZI/Z9fBFYr2AAAAAAAABTuVD74+QE8U9cng91y3LDWLqLyTS1LZ5QfRJUvHyzxuyAAAAAAAAAAAAAcuPsDNWO6KPB1gzc3eHF99cZeLWjiUdSMvLoxyubpxnOzaAAAAAAAAAEPvx7AIrFewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ+/HsAisV7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABD68+gCOxXsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEPrz6AIrNayAAAAAAAAAAAAAAAAAAAH5N2D9BgyWdP1ZgPh+gMXMa5+VfT9UfkXLP3F+c5g/bX5JIfq78dsH60/NeCftD8j7xvn4j+wl0AAAAAAAAAAAAAAAAAAEPrx7AIrNayAAAAAAAAAAAAAAAAAAAYzGfrccNGP5f6OMTV/QPRzuZrk8+CubEYq5qR+f+t8MZNrRga36OMtV2YwUm5GA21kAAAAAAAAAAAAAAAAAAAQe/HsAis1rIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABB78ej6+CK1VtAAAAAAAAAAAAAAAAAAHLrWsmdLW/l/wCgHQgymuM3U4uVP3TFaj8mP2B+RUj9o4+EtH6P7/nr9BN9yMDWP2Tx+ZYo/oOX87/QzHzZiY2DP886P6F/PH9DgAAAAAAAAAAAAAAAAAEHrz6AIrVW0AAAAAAAAAAAAAAAAAAVYegOR1wRyDl3pgoXxVz+qFX5bFGecVvNsVY7wg9yDkWroqw9Ac/oAAAAAAAAAAAAAAAAAABB68+gCK1VtAAAAABFnjTPHsPFA6RXLADm2C0AAAAgnCCcIJj6c86AABRLxzzoAAAK1kHMOmAViyAAAfD6o3gAAViyAo3gAr2A5/QADn9AAAAAAg+/PoBHaq2gAAAABj9gMT43IixO7H59b2w/O97OM1x96MJB+hDAWNuML93I/O+htBmbXcGA8foQ/P8Az+hDB9zQDNy98cDk7Ufn/wB34wUu4GAg/RoDj/NAPzvo7Mfnr9CFPi6Yfn1zajDUf0cYHm/qHIOvhN2MTqrgxEe7H51D+ljF/NqPzrqbEMDvhxa2jGQ4v6SMPDvh+fR/ooz3Q6I/M+zsxidsAAAAAEH359AI7VS2AAAAAUef0uGXfFOM7VOrnDaTcyqdqfxQL9T5yjvfefGdP7yPBruD3syd6hLzzzVvVTp2+T0iWlSmLnNr1jQ9LgaIyHc5I7tF6OfPWHc5E8HJI8B0I3br5+e9c2+f72fnnp3al8p+ZPhD5lmFd8PNutYINtiNYXcfuMydOXjWTpVvnCNBVck73UyWpOT2M13Th9Hj+ToeqXw7FFTOzQoyGp4vbzR2OjxO2AAAAAQffg+vgjt1LYAAAAAUuYaBk753XAiNIzlk7Tj2i85EB3mZ9GkZ+c7Lh/TtspqD25PLNU4tg6TK6oMxOaBn6Br2X6Z1XBqGpeOcdRwB3nChNGwfaNGgonVZHrHYcCqalwPZ3GcmO64NQ1Ll9M+uH7OyyemJmY7Bfc6sdpxfp2XG7B9cHqFpmZjQOR7OozHaLrL2jvOX1AAAAACAAEdupbAAAAAK1DsDhwaMcKbrjMfdN4Ml0u8M1BrByqOjGa86cY7udUZjuWhk7ugGf86KMz2lDJ8T9HGf9d4cODRxGel73s8cXsyGfpa0cinoxn/ne9kHO6khj7mkGYl0Qx93RjkcjXDh1tKOF2JRjux2RntB4kMz1eiOZw9PYOVW73gzegnGV6fU9nP5ekHN5emHB6F4c/l6Qc/oAAAAABAACO3UtgAAAAFLgarknAtXLpwZuvZLmG3PHORN2oD5wdBGVuZpYDk+NHWOkr3DCXdGM/q+b0jJ83UxnBtXrZyIu76M3pVs52a18ZfzWmpGR+6qA63B79Qz3nuRmfu6HnGd6/VhOT3OXoTg8zRxlDibWkcnWcvqGT7v2U4sfcqHQzmpqmQs9n0c7k7GsZnUR3CtltnROL60HgzlntxnG83eocGLSwHFaSidbKaykUe5WsgAAAAEHz78APFupbAAAAAFevmTbMT9NrHkPhtGA7ho2U651GEtGpZuQ0kmKGunxHw3DF986sGf5BupMN1Tuz4LehgrZsmH0pcnxlc3bI1jbxyYU3TEwmxt4W8ayPCXTZMaNlDwBoJckNbBBjzfMPoizNneMfoUGWqm6jxHs3FfNcg/RK9j8yP0r3g7hsGAuGzYq4amLi+Dtz5/mGzY2I27F0jeyYn0bRntCAAAAAQfPvwAjuU7gAAAAAoXuCdqpWkOhDQmJrMo51yXnkslHqlX3Pxy948dAq8zuwGf0z6RRw0TrRrZBOEEdscrquQdKteENa+EE9Y9czpzkEVzil77SmJZuVMWrEgp2JAp3BV9WBSmnFP5dGft9UUPV0IpRDU6I4922KM1gVZJhRlsiGO0KUlkVorwjkAAAAACD4AEdyncAAAAAOfl9xCYqp+jDNfNNAZvn7sfn/b0o/PJt6MzHqhgIP0YYNvBi6P6EOLnd4MF4/QB+XdLcTmBtbQZZqRgLW1GFofpIwV3YD88m3o4fA3cJwOB+iDL+9LAebIAAAAAAAAAAAAAAAAAAAAAAVwAR3KdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArnw+vgju0roAAAABVyuwzJP6mEdXr0iLxbtHM9W7Jnbs0Z3v
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b29008f-2b3c-481f-a4ed-4f3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T13:09:46.000Z",
"modified": "2018-06-19T13:09:46.000Z",
"first_observed": "2018-06-19T13:09:46Z",
"last_observed": "2018-06-19T13:09:46Z",
"number_observed": 1,
"object_refs": [
"url--5b29008f-2b3c-481f-a4ed-4f3a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b29008f-2b3c-481f-a4ed-4f3a950d210f",
"value": "https://www.bleepingcomputer.com/news/security/malware-that-hit-pyeongchang-olympics-deployed-in-new-attacks/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b290112-f380-49b0-a09a-493d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T13:12:02.000Z",
"modified": "2018-06-19T13:12:02.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Olympic Destroyer, the malware that hit Pyeongchang 2018 Winter Olympics, is still alive and infecting new victims, according to a report published earlier today by Russian antivirus vendor Kaspersky Labs.\r\n\r\nThe company's security researchers say they've detected Olympic Destroyer infections across Europe in May and June 2018.\r\n\r\nNew victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b29002d-92b8-468e-900d-4091950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T13:07:57.000Z",
"modified": "2018-06-19T13:07:57.000Z",
"description": "File Type: Microsoft Office Word",
"pattern": "[file:hashes.MD5 = '0e7b32d23fbd6d62a593c234bafa2311' AND file:name = 'Spiez CONVERGENCE.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T13:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2cbbe4ff-7a38-45fc-ae72-577c6b2a0edf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-22T08:43:10.000Z",
"modified": "2018-06-22T08:43:10.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dac822e3-0527-46dd-99a9-2a16d8310d75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-22T08:43:09.000Z",
"modified": "2018-06-22T08:43:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--63940611-2ebd-4731-b40c-fc1c878f61f0",
"created": "2018-06-22T08:43:10.000Z",
"modified": "2018-06-22T08:43:10.000Z",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--2cbbe4ff-7a38-45fc-ae72-577c6b2a0edf",
"target_ref": "x-misp-object--dac822e3-0527-46dd-99a9-2a16d8310d75"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}