misp-circl-feed/feeds/circl/stix-2.1/5ad09f32-ce58-47f3-b137-4411950d210f.json

233 lines
66 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5ad09f32-ce58-47f3-b137-4411950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-16T07:52:30.000Z",
"modified": "2018-04-16T07:52:30.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5ad09f32-ce58-47f3-b137-4411950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-16T07:52:30.000Z",
"modified": "2018-04-16T07:52:30.000Z",
"name": "Vurten Ransomware",
"published": "2018-04-16T07:52:34Z",
"object_refs": [
"indicator--5ad0a269-9a68-4e19-82b8-7323950d210f",
"observed-data--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"file--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"artifact--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"x-misp-object--5ad0a193-a488-4138-9882-436e950d210f",
"indicator--2297d10f-fa36-4cdf-84a4-92586cabcb2b",
"x-misp-object--644fa57b-273b-455d-aabd-820d13f84808",
"relationship--2b19a3b4-02f3-48a7-b0bf-a8c7ffa48979"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"microblog-post\"",
"misp-galaxy:ransomware=\"Vurten\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ad0a269-9a68-4e19-82b8-7323950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-13T12:28:25.000Z",
"modified": "2018-04-13T12:28:25.000Z",
"pattern": "[file:hashes.MD5 = 'f2be597fc76acc3390ff4cf944008ba5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-13T12:28:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-16T07:15:58.000Z",
"modified": "2018-04-16T07:15:58.000Z",
"first_observed": "2018-04-16T07:15:58Z",
"last_observed": "2018-04-16T07:15:58Z",
"number_observed": 1,
"object_refs": [
"file--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"artifact--5ad0a2a4-5178-4f36-a32e-4b40950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"name": "DZ3kB-QXUAArt0a.jpg:large.jpeg",
"content_ref": "artifact--5ad0a2a4-5178-4f36-a32e-4b40950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAIOAwUDASIAAhEBAxEB/8QAGwABAAMBAQEBAAAAAAAAAAAAAAMEBQYHAgH/xAAYAQEBAQEBAAAAAAAAAAAAAAAAAQIDBP/aAAwDAQACEAMQAAAB6JJZ9XlpLUFnwftfj4gW0/ICwV0sPkfT4L9vqxZVVtKKy0qqtfBAtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtIqtBLntGmRLkUsDQyWpkfxy7zo/vWIHPOc7O1Dq9+GVX2/3F4OXuG7ylDulcFodal5bI9AWcXX7xHAReiGuctbK8/MdTujfI/vWpPPf30Evn/X6K5zmiszmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzoNiKXK+ddnVOjtfmpm0OiY1QwOurTpxG7qPJ7+P3dOfeOCRuvg7fpuZ3tub08y1nrZmo0bOpmr/Vzg/ubdzq3YpV13L2Xe1jFu/vOZ1v/VX8Prb4/qrLGJochlZ3K0OrYs08mOhv8V1dl/Kv5BuoRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhE1f6iufHhiejaeZBt0cuRn8unTuX7gz2RnnRx8zsrp/WfSZ3XzTW9HyUp1jAqnU08G8u4myE0XM/h07lJY6KPm9e3T+q2Ez0z5orLPynwdkxtBLLJy5eqcf21kLIz16dy182mXinVSchfOgqYPQ1Yr0c+XoIa3yzro6i33Mfh1DQ56LsnOXK12VlHVOU3y5mfefLvfWVh6z2Nfndeauw1vlnXcN1BotYuS1hktYZLWGS1hktYZLWGS1hkw7lQzoZJd48bEno+hQ6C2O7Qm5df35mpS/UtKxZJ814ifZx94qZ1exEkMEtbVTRyil8V/s25Mq4n1+fmVLa/UVXKmjAVbebcKaT7INehppTm/YZbtGdWdYnyo6DJ0q1Z9v5tFL7l+SpoVrxL9fFCFKOGp9bI0BPnzGleydJMi3VjW1n36cUr1W3WfYuZppQfHwkc8cC2/wAztgikh0ZEE2fbXtULJBdtZxapzSn3Zz6ZNoS04qz6GYt/8p/lzN9/FLOuqh+/jePyldpanjb9XHpN2rqNZfV87a59PrLvXIw9qx9Vn8908hFX0Pw52n09WN7J0YDnP3d+653T0bJzEOvDGVHu6VYGzm7SYWf1MLWZHe0GeU19C2ufHfoxoZmlSrmbe9lke1n/ACdLz2vjRm/XQ5lYcvU48QVNXWq9zet9Ry+5ZuVjbf7JZy2V2jNgztuSsDN7CCTEh6L7t5iLovk5+TpoDOk2oTirvSji7vS2Jeb0tCLWbolAAAAAAAAVLdQ/KdypvHjb6XHpdyrbm6Op9UMb+YfrXjV5eX4qnU7vn4yP2xespv261vc/qzs85U6eksud9fsV9ipVrS1KeSlulZ/Jcyf9/a+dKpEQbmNMlrnukzGotKxQT6y/3Rirr5d22TK6/PZ/K/3ky2K/QaFYmb1qOM+O2WcvP0JQAAAAAAAAAAAAAAAAAAAFS3UPyrarbx44/TPpmlhdjbnfOw59Mb92EYFrVVHT0BifO6MXQtCncEow6iXHs31ZX1pjG+NxGVldUMv901lCntl5bS1xn1NsZXxsDB/d1GLoWlUfjRGRW6AlW0KAAAAAAAAAAAAAAAAAAAAAAAqW6h+VrNLePIkC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqnzR+JN48bFx6N1fKdPbMy9Dl1kRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJfnN0T9o2qu8eNi49G6DyOz28/qryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqv75SPUofM1mY59w9H/8QALhAAAQMDBAIDAAAFBQEAAAAAAwACBAEFExEUFjMGNRIVYAc
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ad0a193-a488-4138-9882-436e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-13T12:24:51.000Z",
"modified": "2018-04-13T12:24:51.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#Ransomware Vurten .improved F2BE597FC76ACC3390FF4CF944008BA5",
"category": "Other",
"uuid": "5ad0a193-db90-49d2-bf42-49c4950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5ad0a194-ff14-4170-9182-4dc0950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/siri_urz/status/981191281195044867",
"category": "Network activity",
"to_ids": true,
"uuid": "5ad0a194-ca54-4c7f-ae7b-465f950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-04-03T00:00:00",
"category": "Other",
"uuid": "5ad0a194-46d8-4612-b316-4610950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@siri_urz",
"category": "Other",
"uuid": "5ad0a195-ac50-4040-b583-4d67950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2297d10f-fa36-4cdf-84a4-92586cabcb2b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-16T07:16:02.000Z",
"modified": "2018-04-16T07:16:02.000Z",
"pattern": "[file:hashes.MD5 = 'f2be597fc76acc3390ff4cf944008ba5' AND file:hashes.SHA1 = 'e920827ddf406928b94c7ff30b9785c585ad9be0' AND file:hashes.SHA256 = '583aabffbdb69f611557f8289059792e4ff0aeb7ce6d7dc812dbd3b93079b1c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-16T07:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--644fa57b-273b-455d-aabd-820d13f84808",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-16T07:16:00.000Z",
"modified": "2018-04-16T07:16:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-15T07:22:39",
"category": "Other",
"uuid": "5ad44db0-eb24-47ad-bbbe-4c0802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/583aabffbdb69f611557f8289059792e4ff0aeb7ce6d7dc812dbd3b93079b1c9/analysis/1523776959/",
"category": "External analysis",
"uuid": "5ad44db0-65b0-4245-9e66-474f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/67",
"category": "Other",
"uuid": "5ad44db1-bf8c-4785-a39c-4f3502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2b19a3b4-02f3-48a7-b0bf-a8c7ffa48979",
"created": "2018-04-16T07:16:01.000Z",
"modified": "2018-04-16T07:16:01.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2297d10f-fa36-4cdf-84a4-92586cabcb2b",
"target_ref": "x-misp-object--644fa57b-273b-455d-aabd-820d13f84808"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}