adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/f3eda2d3-840b-46ba-ac74-50b68a58b0fe.json

496 lines
21 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--f3eda2d3-840b-46ba-ac74-50b68a58b0fe",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:41:30.000Z",
"modified": "2023-03-22T10:41:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--f3eda2d3-840b-46ba-ac74-50b68a58b0fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:41:30.000Z",
"modified": "2023-03-22T10:41:30.000Z",
"name": "OSINT - Bad magic: new APT found in the area of Russo-Ukrainian conflict",
"published": "2023-03-22T10:44:51Z",
"object_refs": [
"indicator--3f7f43d2-3f5b-4889-bce9-1e7db7e98b8c",
"indicator--f53a9fc1-30de-49ad-aecc-cd126e75420e",
"indicator--7670fb0e-124a-4f63-a2db-7bd9b0a20955",
"indicator--c364b5a4-6a58-48d4-ae44-acae539c5ec2",
"indicator--f4d9620e-8f7c-485c-baaa-8f4e29767337",
"indicator--0262e716-cf69-4575-9242-2ad91defd641",
"indicator--63e75a16-29eb-4779-b201-045152b4c3ea",
"indicator--2c3bed63-f9a6-4958-8101-578fbcba16fa",
"indicator--abd928f6-cb7f-4df9-8d8a-c2e0cbb34734",
"indicator--dadef232-712d-40c1-98bf-a6bdd6090b3c",
"indicator--891b078e-61b9-4e73-a255-c33d4056a9ff",
"indicator--75ba0f15-99c8-405f-985d-c1c29b93b69e",
"indicator--82597eec-ca83-44ef-9891-0001c9b8b859",
"indicator--fa31ec03-99c9-4591-aa13-8ef7d9b54735",
"indicator--53fcdd8e-d471-4a5a-979a-b568bd92315e",
"indicator--ee838d3f-f333-4347-9bc2-4bc3dc7bec16",
"x-misp-object--18623db4-3137-4d12-9c7f-6611ecc9bba3"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"collaborative-intelligence:request=\"context\"",
"estimative-language:confidence-in-analytic-judgment=\"moderate\"",
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"",
"misp-galaxy:country=\"ukraine\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f7f43d2-3f5b-4889-bce9-1e7db7e98b8c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T09:57:23.000Z",
"modified": "2023-03-22T09:57:23.000Z",
"description": "Distribution servers",
"pattern": "[domain-name:value = 'webservice-srv.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-22T09:57:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f53a9fc1-30de-49ad-aecc-cd126e75420e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T09:57:23.000Z",
"modified": "2023-03-22T09:57:23.000Z",
"description": "Distribution servers",
"pattern": "[domain-name:value = 'webservice-srv1.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-22T09:57:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7670fb0e-124a-4f63-a2db-7bd9b0a20955",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T09:57:23.000Z",
"modified": "2023-03-22T09:57:23.000Z",
"description": "Distribution servers",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.166.217.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-22T09:57:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c364b5a4-6a58-48d4-ae44-acae539c5ec2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:38:47.000Z",
"modified": "2023-03-22T10:38:47.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = '0a95a985e6be0918fdb4bfabf0847b5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-22T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f4d9620e-8f7c-485c-baaa-8f4e29767337",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:39:39.000Z",
"modified": "2023-03-22T10:39:39.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = 'ecb7af5771f4fe36a3065dc4d5516d84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-28T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0262e716-cf69-4575-9242-2ad91defd641",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:40:03.000Z",
"modified": "2023-03-22T10:40:03.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = '765f45198cb8039079a28289eab761c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-06T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--63e75a16-29eb-4779-b201-045152b4c3ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:40:27.000Z",
"modified": "2023-03-22T10:40:27.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = 'ebaf3c6818bfc619ca2876abd6979f6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-05T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c3bed63-f9a6-4958-8101-578fbcba16fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:41:05.000Z",
"modified": "2023-03-22T10:41:05.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = '1032986517836a8b1f87db954722a33f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-08-12T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--abd928f6-cb7f-4df9-8d8a-c2e0cbb34734",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:41:30.000Z",
"modified": "2023-03-22T10:41:30.000Z",
"description": "Lure archives",
"pattern": "[file:hashes.MD5 = '1de44e8da621cdeb62825d367693c75e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-23T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dadef232-712d-40c1-98bf-a6bdd6090b3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:19:33.000Z",
"modified": "2023-03-22T10:19:33.000Z",
"description": "CommonMagic network communication module",
"pattern": "[file:hashes.MD5 = '7c0e5627fd25c40374bc22035d3fadd8' AND file:name = 'Overall.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-20T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--891b078e-61b9-4e73-a255-c33d4056a9ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:23:16.000Z",
"modified": "2023-03-22T10:23:16.000Z",
"pattern": "[file:hashes.MD5 = '9e19fe5c3cf3e81f347dd78cf3c2e0c2' AND file:name = 'Clean.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-20T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--75ba0f15-99c8-405f-985d-c1c29b93b69e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:22:20.000Z",
"modified": "2023-03-22T10:22:20.000Z",
"pattern": "[file:hashes.MD5 = 'ce8d77af445e3a7c7e56a6ea53af8c0d' AND file:name = 'All.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-10-20T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--82597eec-ca83-44ef-9891-0001c9b8b859",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:00:20.000Z",
"modified": "2023-03-22T10:00:20.000Z",
"pattern": "[file:hashes.MD5 = '1fe3a2502e330432f3cf37ca7acbffac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-22T10:00:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa31ec03-99c9-4591-aa13-8ef7d9b54735",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:20:30.000Z",
"modified": "2023-03-22T10:20:30.000Z",
"pattern": "[file:hashes.MD5 = '8c2f5e7432f1e6ad22002991772d589b' AND file:name = 'manutil.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-21T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53fcdd8e-d471-4a5a-979a-b568bd92315e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:01:15.000Z",
"modified": "2023-03-22T10:01:15.000Z",
"pattern": "[file:hashes.MD5 = 'bec44b3194c78f6e858b1768c071c5db' AND file:name = 'service_pack.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-22T10:01:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ee838d3f-f333-4347-9bc2-4bc3dc7bec16",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:21:19.000Z",
"modified": "2023-03-22T10:21:19.000Z",
"description": "PowerMagic installer",
"pattern": "[file:hashes.MD5 = 'fee3db5db8817e82b1af4cedafd2f346' AND file:name = 'attachment.msi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-23T00:00:00Z",
"valid_until": "2023-03-22T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--18623db4-3137-4d12-9c7f-6611ecc9bba3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-22T10:06:32.000Z",
"modified": "2023-03-22T10:06:32.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://securelist.com/bad-magic-apt/109087/",
"category": "External analysis",
"uuid": "b4470f51-5001-41db-9c75-a0253285d620"
},
{
"type": "text",
"object_relation": "summary",
"value": "Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape related to the conflict between Russia and Ukraine and continue to monitor new threats in these regions.\r\n\r\nIn October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods. The victims navigated to a URL pointing to a ZIP archive hosted on a malicious web server.",
"category": "Other",
"uuid": "1223eb19-ea81-4e8b-86ba-b532d31c6afd"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "176b4d82-2fe3-46f5-81f6-b4c64442e447"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink