misp-circl-feed/feeds/circl/stix-2.1/5a9922cb-9c5c-4979-a78c-4fee950d210f.json

481 lines
76 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a9922cb-9c5c-4979-a78c-4fee950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:46:13.000Z",
"modified": "2018-03-02T10:46:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a9922cb-9c5c-4979-a78c-4fee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:46:13.000Z",
"modified": "2018-03-02T10:46:13.000Z",
"name": "SMS/iMessage phishes forcing users to install/run scripts and update VPN settings",
"published": "2018-03-02T10:48:18Z",
"object_refs": [
"indicator--5a9922e9-c640-42d2-8428-4808950d210f",
"indicator--5a99230c-d524-44ac-a40a-c8e0950d210f",
"indicator--5a992340-a754-4006-9526-4892950d210f",
"indicator--5a992341-2d9c-4ece-a508-418e950d210f",
"indicator--5a992341-8798-47cf-ad4e-490f950d210f",
"indicator--5a99236a-56b4-4f76-8928-4d41950d210f",
"observed-data--5a99237b-5c80-4ba0-92df-47b0950d210f",
"url--5a99237b-5c80-4ba0-92df-47b0950d210f",
"indicator--5a9924eb-e468-417f-a0e9-4bce950d210f",
"observed-data--5a99258c-a394-4f4b-915a-4a6b950d210f",
"url--5a99258c-a394-4f4b-915a-4a6b950d210f",
"observed-data--5a992b72-c434-48f1-af1b-43e7950d210f",
"url--5a992b72-c434-48f1-af1b-43e7950d210f",
"observed-data--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"file--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"artifact--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"indicator--0601169d-401d-466b-99e5-ab32aca720c0",
"x-misp-object--37a03acb-9238-44c5-8f31-2ae308034e7b",
"indicator--491fb46e-2c0f-4060-a745-a5cf809be441",
"x-misp-object--9aaf2bc6-ccc6-4658-9440-d6a54f790a9f",
2024-04-05 12:15:17 +00:00
"relationship--77fd3b63-0eff-49bb-804e-e33f1606106c",
"relationship--bef7c0b6-ebe1-41dd-9ffa-8d5b0b1fe5e8"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"admiralty-scale:source-reliability=\"c\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a9922e9-c640-42d2-8428-4808950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:41.000Z",
"modified": "2018-03-02T10:23:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.96.173.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a99230c-d524-44ac-a40a-c8e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:41.000Z",
"modified": "2018-03-02T10:23:41.000Z",
"pattern": "[domain-name:value = 'corp-vpn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a992340-a754-4006-9526-4892950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:41.000Z",
"modified": "2018-03-02T10:23:41.000Z",
"pattern": "[domain-name:value = 'sso-vpn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a992341-2d9c-4ece-a508-418e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:42.000Z",
"modified": "2018-03-02T10:23:42.000Z",
"pattern": "[domain-name:value = 'up-sso.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a992341-8798-47cf-ad4e-490f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:43.000Z",
"modified": "2018-03-02T10:23:43.000Z",
"pattern": "[domain-name:value = 'up-vpn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a99236a-56b4-4f76-8928-4d41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:11:54.000Z",
"modified": "2018-03-02T10:11:54.000Z",
"description": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tipok.gotdns.ch",
"pattern": "[file:hashes.SHA256 = '2ff6b78a4c2b239b2502d4eb7907906ae68275dbb92d3773fa083fb2fbc09a76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a99237b-5c80-4ba0-92df-47b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:43.000Z",
"modified": "2018-03-02T10:23:43.000Z",
"first_observed": "2018-03-02T10:23:43Z",
"last_observed": "2018-03-02T10:23:43Z",
"number_observed": 1,
"object_refs": [
"url--5a99237b-5c80-4ba0-92df-47b0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a99237b-5c80-4ba0-92df-47b0950d210f",
"value": "https://virustotal.com/en/file/2ff6b78a4c2b239b2502d4eb7907906ae68275dbb92d3773fa083fb2fbc09a76/analysis/1519948184/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a9924eb-e468-417f-a0e9-4bce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:18:19.000Z",
"modified": "2018-03-02T10:18:19.000Z",
"description": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tatiano96.zapto.org",
"pattern": "[file:hashes.SHA256 = '1bccbc10642a31b871f5503a52ec5c89598976e6aea0874ed2e396394d8dca00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:18:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a99258c-a394-4f4b-915a-4a6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:44.000Z",
"modified": "2018-03-02T10:23:44.000Z",
"first_observed": "2018-03-02T10:23:44Z",
"last_observed": "2018-03-02T10:23:44Z",
"number_observed": 1,
"object_refs": [
"url--5a99258c-a394-4f4b-915a-4a6b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a99258c-a394-4f4b-915a-4a6b950d210f",
"value": "https://twitter.com/timstrazz/status/969360276423311360"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a992b72-c434-48f1-af1b-43e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:46:10.000Z",
"modified": "2018-03-02T10:46:10.000Z",
"first_observed": "2018-03-02T10:46:10Z",
"last_observed": "2018-03-02T10:46:10Z",
"number_observed": 1,
"object_refs": [
"url--5a992b72-c434-48f1-af1b-43e7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a992b72-c434-48f1-af1b-43e7950d210f",
"value": "https://twitter.com/dyngnosis/status/969397210860478464"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:46:51.000Z",
"modified": "2018-03-02T10:46:51.000Z",
"first_observed": "2018-03-02T10:46:51Z",
"last_observed": "2018-03-02T10:46:51Z",
"number_observed": 1,
"object_refs": [
"file--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"artifact--5a992b9b-a540-4a1e-8fd0-44a0950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"name": "DXP9dttU0AAGavM.jpg",
"content_ref": "artifact--5a992b9b-a540-4a1e-8fd0-44a0950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5a992b9b-a540-4a1e-8fd0-44a0950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAKrBLADASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAMEAQIFBgcI/8QAGgEBAAMBAQEAAAAAAAAAAAAAAAECAwQFBv/aAAwDAQACEAMQAAAB+ygAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg1sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHBqYtzWe/5PeY9YKdQAAAAAAAAAAAAAAADjwUbc9ntebgmntWM06wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPH26rTh2nqdmLdgU7AAAAAAAAAAAAAAAAPL17EOnDtLV6Ce9uZ9gJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOWOo51M6vAtzTnzvTc7RPVc3aL9Bw+gXAAAAAAAAAAAAACuWHMydDzsl6acrvQ5ReU68adRy7pOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADlUPSDgc72A83c7A87L3R5u91hxt+sAAAAAAAAAAAAAHJ6w4MHpR5Do94cDPeHBk7Q8z35wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA03jJAAAAAAAAAAAAGNCRFkkRgkEaQa7AMGkmm4xkRpBGkGm+NCRHglRZJGm4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjkjJAAAAAAAGmCREJdddjRKIsyDTcAAAAAEckZIAAAAAABHII0gjSCORGSIxIjEiOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVbQhmAAABrtEZSCLMgxkAAAAAAAAAAFC+MZAAAAAAAAAAAABHII0gjSYK1qOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo+W83zOrD1nt/jvrYfQBzbgAIpYiUAAAAAAAAAAAApop+V87yuzD6L7H5R6fK/sxhqAAAAAAAAAAAAA5nQ+SaU9Dt4PpdOP16fw3ueTcK2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P9j23A7+Tk97n/QKz6kcXUAAiliJQAAAAAAAAAAAOB38THwap6ax38lPueY+vZadAcnQAAAAAAAAAAAABV+E/oD5f0Y+Q6HU5nRj3/p/D7nH0hncAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp8Y9LzqtQ7Vzj1Zj0Ty3dibgAEUsRKAAAAAAAAAAAamzzsR6fj61Eegl89Odp5q0ntgAAAAAAAAAAAFGF55qaVq5wb0x2XnIon1CKUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA153R2NKXQEMFzJBJvqbAARSxEoAAAAAAAAAAAKS6IqfREOlkVZZMgAAAAAAAAAABrqSQ77lCexgqb2RTlmyYziMlAAAAAAAAAAAAAAAAAAAAAAAAAISZUwXFbUtquSyoTFlXFhFoWFWA6OlXclzWkLKsLKGuWpIJwCNJgyi2N4lQ6CpsWVPcsooC4qi0qTEqvqWlGQtKwsoqxeVsFpStG+EZiYAAIpURKpblpS0Ogpal9S2LahuXFGcl1pzEyHQsohKgkN1aUm2hmBCZkyANG+ptUnjJJKkR0FKQsqkpMrbkytGXWsBZUty0qbFlQmLKvgsqsZeAAAAAAAAAAAAAAAAAAARDbXfYjkAAAACOTGpuABjIi1nhJkW5sAAAAAYMtMEiMSIxJiOMkljyMb5I2sROiEsedSTNfJazVkJlecyq5LKtqW0GhaVxYU5CwhmAAGMamJQAAAxHKCGY10lGMx4JQAAAAAAAAAAAAAAAAAAAAAAAAAQ7VroAAAAAAAhmpF0AACOSMk12EM1K6ANdqpLnO5GkEedwAAxnBDPTuAAGGRhkYxsI0lEusjGQ1zkYxsMY2GGRrnIAAab1SaTXYAAAAAQT0y4ACFuId9skedskEmdiPWbBrpNg3gsRmuJBFtnYgk2yaaTamNZcEgAAAAAAAAAAAACDy1q+wfGveXr6kZaAAAAAAFO5WQtAACOSMkANIbq1mJC0AAAAAFLydq+5fGvpl69kZaAAAAAEcdZsC0AAAAAAAHC8tpT6M+W/Q4XxS4AAAABirWbYtAAAAAAAAAAAAAAAAAAAAAAAAAHhPB+w8h3csHofK+kvX6b1eL2uDqCtgAAAAOb5rt+M8P0fTdHh9XWnfHr8ICOSMkAIInyE3Gs/N+t3PSeS9b7HAHbzgAAAfLfMdvj+hya+g8t3kfXpYZvP6wSAAAA8P6/575Pb3LnE6WGvrB7vmgAAAAI5Ij4zx97HpcV31Hj/AEud/pw4eoAAAAB4313z3zOzqXOH0ePo9iPf8sAAAAAAAAAAAAAAAAAAAAAAACp8u+uNKfK+h9DzaAx0AAAAGDLXYgS7UmjewlkxaMgRyRkgDGSrHc2ztFLjN6mEsgAAA5Hzj680p8n9N7HMwGWgAAABrkzUt4rNK1JrE7Gt67AAAAAA8b5j6zjXP5D9L6iJDO4AAABgZrWdazTsTIkwvXLGQAAAAAAAAAAAAAAAAAAB5D18Z47Hth4e56wjxkfr7ET43f16XkNPZDysnpsHl4/VYPJ9Hvjxt70gAeP9gh4v0nQS8pL6YeXj9YhyPLfQEuN2QRyRknE7aHzvu+nS8F6PtDxtv048j2+mAOBzfYxQ8Xv7PeXlYvXjxmfZDgc32I8ra7kkPF9H0G8vJR+xADGR5THrB4/X2Q5HI9chxuB7hLynqwA53nfZxniXuh5/ie7jPIRe0kPI49ePE2vWDzFT2UcPPVvXJeeo+vHj+/0QB5jme6Hm+R7scbk+vHjJvWoed9ESAAAAAAAAAAIdCypSFlWFlXjLitksKc5KgiLirksoIi4g1LKvgs4qzkgAAAGiuWwAAAAAAAAI5IyQAAAAAAAGM1cllTkLCsLKOsWZOZeJVaQlQRltU2LKvGXEGhaQxlpUtGQAAANdoyQAAAEclG8AAAAAAAAAAAAAAAAAAYZGMhjGwwyMMjGQwyMZBjIxkNc5GNdxjMUoAABHJFKAAAAAAAAAI5IyQAAAAAAAEMukhjIANdojbcBqZZGM4GcAZwZwDLBljIYGWBlgZik1N2MgAA1NJddgAAAAAAAAAAAAAAAAAAAAAAAAAAAAACORESgAa7RG+wAAAAAAAAAI5IyQAAAAAAAGm2YyQACKTQkBrVuCti0Km9gV8WRX1tCttOIobYq5sirmyK+lsVs2BWlkEUse5kACOSIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAilplxHIAI5IyQAAAAAAAAACOSgXwAAAAAAAI5OedAAEckcgAAAAAAAAAAAAAil550AARyRyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwZAAAAAAAAAAAMGXmPP6U+juV1aWCJAAAAAAAMZAAAAAAAAAAAAAAAADGYBIAAAAAAAAAAAAAAAAAAAAAAAAAAAA
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0601169d-401d-466b-99e5-ab32aca720c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:47.000Z",
"modified": "2018-03-02T10:23:47.000Z",
"pattern": "[file:hashes.MD5 = 'b97847bcc1a27107888475fd6baeb2d9' AND file:hashes.SHA1 = '5e8784026c3fd64c932e53622d0454c33038976e' AND file:hashes.SHA256 = '2ff6b78a4c2b239b2502d4eb7907906ae68275dbb92d3773fa083fb2fbc09a76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--37a03acb-9238-44c5-8f31-2ae308034e7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:46.000Z",
"modified": "2018-03-02T10:23:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2ff6b78a4c2b239b2502d4eb7907906ae68275dbb92d3773fa083fb2fbc09a76/analysis/1519981318/",
"category": "External analysis",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tipok.gotdns.ch",
"uuid": "5a992632-874c-409b-a280-437e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tipok.gotdns.ch",
"uuid": "5a992633-db0c-4e94-bdf4-4bec02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-02T09:01:58",
"category": "Other",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tipok.gotdns.ch",
"uuid": "5a992633-896c-4657-8f26-471002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--491fb46e-2c0f-4060-a745-a5cf809be441",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:50.000Z",
"modified": "2018-03-02T10:23:50.000Z",
"pattern": "[file:hashes.MD5 = '35fba2a83659d22eedf5926a3dc680f4' AND file:hashes.SHA1 = '4fb8edfe9694e2cd58ffaae30777bae324ac1558' AND file:hashes.SHA256 = '1bccbc10642a31b871f5503a52ec5c89598976e6aea0874ed2e396394d8dca00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-02T10:23:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9aaf2bc6-ccc6-4658-9440-d6a54f790a9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-02T10:23:48.000Z",
"modified": "2018-03-02T10:23:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1bccbc10642a31b871f5503a52ec5c89598976e6aea0874ed2e396394d8dca00/analysis/1519980899/",
"category": "External analysis",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tatiano96.zapto.org",
"uuid": "5a992635-6d0c-4faf-b632-449e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Other",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tatiano96.zapto.org",
"uuid": "5a992635-0854-453f-a479-4c9d02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-02T08:54:59",
"category": "Other",
"comment": "Phishing used against Apple employees + others, this would be dropped by script that they are attempting to get piped to bash via a SMS/iMessage request. This is just a simple pyinstaller wrapped pupy script which beacons back to tatiano96.zapto.org",
"uuid": "5a992635-d534-48df-ba48-41c302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--77fd3b63-0eff-49bb-804e-e33f1606106c",
2023-04-21 14:44:17 +00:00
"created": "2018-03-02T10:23:49.000Z",
"modified": "2018-03-02T10:23:49.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0601169d-401d-466b-99e5-ab32aca720c0",
"target_ref": "x-misp-object--37a03acb-9238-44c5-8f31-2ae308034e7b"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--bef7c0b6-ebe1-41dd-9ffa-8d5b0b1fe5e8",
2023-04-21 14:44:17 +00:00
"created": "2018-03-02T10:23:50.000Z",
"modified": "2018-03-02T10:23:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--491fb46e-2c0f-4060-a745-a5cf809be441",
"target_ref": "x-misp-object--9aaf2bc6-ccc6-4658-9440-d6a54f790a9f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}