misp-circl-feed/feeds/circl/stix-2.1/5d01f1fa-cc24-4adb-b6b6-4c88950d210f.json

197 lines
109 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-13T07:37:43.000Z",
"modified": "2019-06-13T07:37:43.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5d01f1fa-cc24-4adb-b6b6-4c88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-13T07:37:43.000Z",
"modified": "2019-06-13T07:37:43.000Z",
"name": "OSINT - TA505 once again launched an offensive",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
"indicator--5d01f7ef-5530-4732-abf6-4795950d210f",
2023-05-19 09:05:37 +00:00
"relationship--0a6a21d7-d1d1-4101-8a7c-9e6d72a8fc2b"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"TA505\"",
"workflow:todo=\"expansion\"",
"osint:source-type=\"microblog-post\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-13T07:16:00.000Z",
"modified": "2019-06-13T07:16:00.000Z",
"first_observed": "2019-06-13T07:16:00Z",
"last_observed": "2019-06-13T07:16:00Z",
"number_observed": 1,
"object_refs": [
"file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"name": "D820AnRUcAAso9o.jpeg",
"content_ref": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5d01f830-fcd4-4cec-9d3d-4158950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wgARCALYBNkDASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAQFAgMGAQf/xAAZAQEBAQEBAQAAAAAAAAAAAAAAAQIEAwX/2gAMAwEAAhADEAAAAe/R5CAoAAAAAAAAAAAAAAAAAAAAGuNsouT1u9tNb+bLGmi+mOictvro8eYxOtQssWVopp+pN2U0Cuox5v0u5fN9Dm5jJr2eeseb6TozaRa8XOVLsLX3mejM8ZGjFyHLoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnhnuZjrzE07qi5nquzmvSrLSw5vojaArdZbKnyLdVeFtriaCao72zZshFmq/CLNEl0AAAAAAAAABrp7bTzbi2Gn3Fwx2rmPntVrw3o9ywGjPYNeO4ac8xhl6NrUNuvxptj5vXOnb6HnojzdQ26jN2tTyu1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG1qG3OPt03DpzEqLeoucek5m7mpfPXFIYdFzvRG0GjPX6Z46thl5hmZ69404SRG3ZjW2DXsaDeA1+mZrNgBiZMMwAAADTpmaTS34GtszNCWIiWIiWIfu3UHnoZSSIliIliIliIliIl6zQ37CH6lkRLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLERLETdt9AIlTbVtzb+b01FkZDnryrtDaCo8tY8R9mW2uftt5Mddjplgez8Khey8yuThD12Gg1LDEg6rIQsJqIibhUaVllFbJkbrGQoAAHlDe+RF1zNSMcszcLQECeNOrbqMM/PTKTGkkXbs9ANeqT4PQVNtqI80IkuJLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHvnoBExyl3ITQESRmANKn0xbzeT6ywFAAAAAAAAAAAAAAA06d0Q2tQ2tPptavDc1ayS1eG33VgSGrw3NXhuR8za0+m1G2G1p9NqPkbmrw2+6sCQ1eG5q8NzV4bmobWobWn02tPptafTa0em5p9NrUNrV4bmrE3tXhuavDc0+m1p9NqPmbWn02o2w2tPptafDe1eG5q1klq8NzVgSGrw3NXhuRthtafTa0+m1p9NrSNzV4bmnw3tXhuasTfuiSCSCJLiS7kJoAADR7uGjeAAAAAAAAAAAAAAAAEWju6OZ2eSBXyd6zRjJS6IlkTRjJLo0zRGSRowlCDukWqUOXRl5KV0ZOay6MvLbekJzmPSl5uN1pOcx6UvNx+sJzmPSl5zHpRzWXRq5rLo0ctu6Mc1l0Y5Tf0g5rLoxzeHTq5zHpUc5G6wc5j0o5zT1I5fb0auay6NHKb+kHNZdGOUkdGOay6Mcxh1ROcx6UvORetJzmPSl5yP1Y5p0qucdGjmc+jHNZdHBKKRvJGy3lieyhoxkiPGsRoxkjRonCPZRZxOF1EhTcmYOqz2tRZWJN0SXpWPhIzislbvahbpGJ7Dl5kfLZ4RNc7M0sxXytmyInkrOtGEnwi792RXbpGJqSIcYJvle6duZuAAABEo7ukmZYugAAAAAAFrVWpvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgzoJBAAAAAAAnQZxOBEliAoAAAAAAAAAAAAAAAAAAAAEOku6SZli6AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4BRYb8ugc+roHPi/wDeft86kjOwAAAAAAAAAAAAAAAAAIdJd0kzLF0AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwDTWlwpxcKcXCtsgYmTV6bGvIyavDc8jEpHxJTHE2McDaAAAAAAAAAACJR3dJMyxdAAAAAAALWqtTeAAAAAAAc/jd/wCfPMObv+jPnKX6M+cj6Nl83maz3iJL6vnhYAAAARthtI5IadwNBvaMzYAAAj7jJr2AAAAAAACDOgkEAAAAAACdBnE4EWivaI3XEO1KaDf0BKvaK9GjeKdcCp3WGEVui5zqHW3grJmWAg2mwrPbIeegAAAAAAAAABDpLukmZYugAAAAAAFrVWpvAAAAAABH+e97wPD9UWHL9Gvy6ez6OLlIfcSvTn+cLyj5Pp3XY8H3nd8hg+YdPF0lDt7I4a66Lkzudvyf6obOD7v4yWXYdDmchy2r6iUbqRV8r31SclZ2e09p7naUuyVvIeufkcH1+2aQb6FNAAAAAAAEGdBIIAAAAAAE6DOJwItFe1x5ZStBBr+j0lVe0V6NW3Sa/YWZuyh5RKk8p0tkhWZS2Ktj1cZUUiLXGqzsnKwtyocy5xgxYvNUOJV5q8qIvVV7VopMy4RK8u1diWYAINNb1ExLF2AAAAAAAtaq1N4AAAAAAIXA99wPB9d9C+e/QrnmaS1qfHrveu5Hru35PL850fOcX1J/ecH3nVwcxyVhb9XB1eQPPR8zv86AvOA+lfNjuE30+d9lyHdlzZQeFPpDTHJsX5nIPo0n5X3pb6ud4s+ny/mcM+so0kAAAAAAAAQZ0EggAAAAAAToM4nAixp+JuABRXsWUPPdY1akZ7cZFmncK1bRqzyGvHcNPu0R9mwQt+4a2wavdgxx2DTlsGn3aMPchq2gABX1FrVMSw2AAAAAAAtaq1N4AAAAAAIPBd9wPB9d9C+e9PLXVM2J49V313JdZ3/H5jnOj5zi+pP7zg+86uD5r0dbp6uDvwAc1zU/M7f419l+NH2X3z0+PfWfk31kkfKPq/yg+ofOfo3yA73qdW0R5FOfNfrXxy1Pq3EUGg6jteD7wAAAAAAAAQZ0EggAAAAAAToM4nAAAAARZQ56J1iKS7LAUAAAAAAAAAAAAAACtqreoYlhsAAAAAABa1VqbwAAAAAAQuB+kcDxfTiji+rOt+aevP3Efj3p4T4B4dtj3XNdL9D4kH5N9npOjk9ufkmR9ZqfnnhG+rwro8+NfZfkB9f989Pj31n5Z9TJHyj6v8oPqHyX61y50E/5P250NdTXJ8z+ufK7g73yjqDtFdYgAAAAAAACDOgkEAAAAAACdBnE4DDVVF2q/Us8q2yVj7URcKzKrFXSo25VWVWavrzoFfiWGVXmWKs9LJAE9XCxQsCwAAAAAAAABW1VtUsSw2AAAAAAAtaq1N4AAAAAAEWUl5fR17x6eQdemuQdeORsL5rGOR68wU0bxp3AA89AHnoOR64a9gUNJ3I4/q9o08t144Wz6cY5AAAAAAAAAgzoJBAAAAAAAnQZxOA0bxr82jBmGncNfuY0eSBqbRqwkDXjuGptGGiUMMNw1+5jTnmAAAAAAAAAK6puKeYli7AAAAAAAWtVam8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDOgkEAAAAAACdBnE4HnmNVFuqPC5UqrpS+lyprAkteskMfT1jmePR49HjzI8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PPMhXVNtUsSw2AAAAAAAtaq1N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGdBIIAAAAAAE6DOJwNdHeUub7XWOrGuVnXG71xT23uaa7Wusl5udZ5TzjVXQ6npwfRXWdUeXR60qNtiWlst+wqIPTaythdJHip6GPIoAAAAAAAACuqbeoYlhsAAAAAABa1VqbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIM6CQQAAAAAAJ0GcTgeeZDFkMffR49Hj0ePRiyHnmQxZ
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-13T07:16:34.000Z",
"modified": "2019-06-13T07:16:34.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#TA505 once again launched an offensive. This time, the bill-themed email was launched for Chinese users. This time, the Excel 4.0 macro and the back door of the same family are still used.\r\n\r\n(link: https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection) virustotal.com/gui/file/d538b\u2026",
"category": "Other",
"uuid": "5d01f635-a958-4d5a-8a9d-40b8950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5d01f635-b3ac-49cd-adc1-45d9950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://mobile.twitter.com/RedDrip7/status/1138764217123655680",
"category": "Network activity",
"to_ids": true,
"uuid": "5d01f635-dc30-49c2-b45c-4383950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://t.co/2RTo3djsqt?amp=1",
"category": "Network activity",
"to_ids": true,
"uuid": "5d01f635-be8c-4f63-a126-4117950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.virustotal.com/gui/file/d538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6/detection",
"category": "Network activity",
"to_ids": true,
"uuid": "5d01f635-82e4-48a6-a760-41f8950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "RedDrip7",
"category": "Other",
"uuid": "5d01f635-03e8-475f-b619-49a9950d210f"
},
{
"type": "text",
"object_relation": "state",
"value": "Informative",
"category": "Other",
"uuid": "5d01f635-a488-49c7-81ce-4ad1950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "Jun 12, 2019 1:05 PM",
"category": "Other",
"uuid": "5d01f635-225c-4350-b0df-4984950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d01f7ef-5530-4732-abf6-4795950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-13T07:14:55.000Z",
"modified": "2019-06-13T07:14:55.000Z",
"pattern": "[file:hashes.SHA256 = 'd538b3aa5da1d0e506b531fb5c1ef514f7251e7f922857b21167767b11c57ce6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-13T07:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--0a6a21d7-d1d1-4101-8a7c-9e6d72a8fc2b",
2023-04-21 14:44:17 +00:00
"created": "2019-06-13T07:16:34.000Z",
"modified": "2019-06-13T07:16:34.000Z",
"relationship_type": "contains",
"source_ref": "x-misp-object--5d01f635-5f40-4b48-8510-4009950d210f",
"target_ref": "observed-data--5d01f830-fcd4-4cec-9d3d-4158950d210f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}