misp-circl-feed/feeds/circl/misp/5dc42bcc-a46c-42f4-b473-407e950d210f.json

345 lines
14 KiB
JSON
Raw Normal View History

2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5dc42bcc-a46c-42f4-b473-407e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-08T07:57:27.000Z",
"modified": "2019-11-08T07:57:27.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5dc42bcc-a46c-42f4-b473-407e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-08T07:57:27.000Z",
"modified": "2019-11-08T07:57:27.000Z",
"name": "OSINT - #APT #Bitter",
"context": "suspicious-activity",
"object_refs": [
"indicator--5dc43359-ff10-4414-a40a-4e83950d210f",
"indicator--5dc43359-15ec-40e4-9de2-4245950d210f",
"indicator--5dc43359-a3ec-4806-85ec-4976950d210f",
"indicator--5dc43359-a998-40d0-89bd-42fa950d210f",
"vulnerability--5dc4340a-0144-4e8b-a548-44f4950d210f",
"x-misp-object--5dc432ca-bb14-48e1-85f1-4ba9950d210f",
"vulnerability--5dc433d5-6b28-4a6f-a24d-4417950d210f",
"x-misp-object--5dc43482-808c-494b-a2ca-cb10950d210f",
"indicator--5dc51fe7-143c-444d-9a5b-ff54950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"workflow:state=\"incomplete\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc43359-ff10-4414-a40a-4e83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:08:09.000Z",
"modified": "2019-11-07T15:08:09.000Z",
"description": "WN",
"pattern": "[file:name = 'record.docx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-07T15:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc43359-15ec-40e4-9de2-4245950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:08:09.000Z",
"modified": "2019-11-07T15:08:09.000Z",
"description": "NC",
"pattern": "[url:value = 'http://comglobal.com.pk/wp-content/g']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-07T15:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc43359-a3ec-4806-85ec-4976950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:08:09.000Z",
"modified": "2019-11-07T15:08:09.000Z",
"pattern": "[url:value = 'http://nim.gov.pk/img/g.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-07T15:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc43359-a998-40d0-89bd-42fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:08:09.000Z",
"modified": "2019-11-07T15:08:09.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'tvnservereventlog.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-07T15:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5dc4340a-0144-4e8b-a548-44f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:11:06.000Z",
"modified": "2019-11-07T15:11:06.000Z",
"name": "CVE-2017-11882",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"External analysis\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-11882"
}
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5dc432ca-bb14-48e1-85f1-4ba9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:05:46.000Z",
"modified": "2019-11-07T15:05:46.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#APT #Bitter\r\n7d2cc57e27e849fb0617a3a73d68d302c6efc6d849c05fcb0776b82a74d4de9c\r\nWN: E-passport record.docx\r\nNC: http://comglobal[.]com[.]pk/wp-content/g\r\nhttp://nim[.]gov[.]pk/img/g.txt\r\nC2: tvnservereventlog[.]net\r\nAC: TemplateInjection->CVE-2017-11882->EXE",
"category": "Other",
"uuid": "5dc432ca-6a3c-43c0-bc72-4e56950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://mobile.twitter.com/ccxsaber/status/1192326844529422337",
"category": "External analysis",
"uuid": "5dc432ca-a900-4186-92bf-44b7950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5dc432ca-2b74-46e5-9fcd-4da3950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#APT",
"category": "Other",
"uuid": "5dc432ca-8464-4074-91bb-4834950d210f"
},
{
"type": "text",
"object_relation": "hashtag",
"value": "#Bitter",
"category": "Other",
"uuid": "5dc432ca-0038-4424-b855-4737950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "ccxsaber",
"category": "Other",
"uuid": "5dc432ca-6750-4c32-9c75-41f7950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5dc432ca-08a4-4cf1-98ff-4d46950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "Nov 7, 2019 7:24 AM",
"category": "Other",
"uuid": "5dc432ca-0200-43ce-b9bd-470f950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5dc433d5-6b28-4a6f-a24d-4417950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:10:13.000Z",
"modified": "2019-11-07T15:10:13.000Z",
"name": "CVE-2017-11882",
"labels": [
"misp:name=\"vulnerability\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-11882"
}
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5dc43482-808c-494b-a2ca-cb10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-07T15:13:06.000Z",
"modified": "2019-11-07T15:13:06.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "I guess exe is ArtraDownloader",
"category": "Other",
"uuid": "5dc43482-0f30-4961-af0b-cb10950d210f"
},
{
"type": "link",
"object_relation": "link",
"value": "https://mobile.twitter.com/kalki_poison/status/1192339289117360128",
"category": "External analysis",
"uuid": "5dc43482-7630-4772-a9ba-cb10950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5dc43482-ba5c-4bf4-8c86-cb10950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "kalki_poison",
"category": "Other",
"uuid": "5dc43482-3204-463c-bfdd-cb10950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5dc43482-817c-4868-a552-cb10950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "Nov 7, 2019 8:13 AM",
"category": "Other",
"uuid": "5dc43482-a528-4d87-9175-cb10950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dc51fe7-143c-444d-9a5b-ff54950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-11-08T07:57:27.000Z",
"modified": "2019-11-08T07:57:27.000Z",
"pattern": "[file:hashes.SHA256 = '7d2cc57e27e849fb0617a3a73d68d302c6efc6d849c05fcb0776b82a74d4de9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-11-08T07:57:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}