adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57595892-e5f4-4419-b6dc-48df950d210f.json

340 lines
191 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--57595892-e5f4-4419-b6dc-48df950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:10:25.000Z",
"modified": "2016-06-09T13:10:25.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57595892-e5f4-4419-b6dc-48df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:10:25.000Z",
"modified": "2016-06-09T13:10:25.000Z",
"name": "OSINT - LinkedIn information used to spread banking malware in the Netherlands",
"published": "2016-06-09T13:10:34Z",
"object_refs": [
"indicator--575958aa-0250-4ce1-93b9-4346950d210f",
"indicator--575958c2-439c-45ee-ba76-41ff950d210f",
"indicator--575958e3-1e48-4b17-b606-407d950d210f",
"indicator--57595adf-0100-458e-b7c5-47d5950d210f",
"indicator--57595b13-325c-4544-bfdc-4c7502de0b81",
"indicator--57595b14-9248-4eb6-b4c2-477302de0b81",
"observed-data--57595b14-c6e8-47f5-8835-471a02de0b81",
"url--57595b14-c6e8-47f5-8835-471a02de0b81",
"x-misp-attribute--57595bf9-9468-43c7-8e9b-4f31950d210f",
"indicator--57596a30-835c-498d-84b5-44c1950d210f",
"indicator--57596a31-53c4-45de-a59e-4289950d210f",
"indicator--57596a32-bcd4-46d2-b224-4409950d210f",
"observed-data--57596ac1-3280-4256-8bfc-434502de0b81",
"url--57596ac1-3280-4256-8bfc-434502de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--575958aa-0250-4ce1-93b9-4346950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T11:53:14.000Z",
"modified": "2016-06-09T11:53:14.000Z",
"description": "Zeus Panda, in this case, always connects to the following domain & IP using SSL",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.171.187.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T11:53:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--575958c2-439c-45ee-ba76-41ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T11:53:38.000Z",
"modified": "2016-06-09T11:53:38.000Z",
"description": "Zeus Panda, in this case, always connects to the following domain & IP using SSL",
"pattern": "[domain-name:value = 'skorianial.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T11:53:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--575958e3-1e48-4b17-b606-407d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T11:54:11.000Z",
"modified": "2016-06-09T11:54:11.000Z",
"description": "The Macro retrieves a binary from the following (likely compromised) website",
"pattern": "[url:value = 'ledpronto.com/app/office.bin']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T11:54:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57595adf-0100-458e-b7c5-47d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T12:02:39.000Z",
"modified": "2016-06-09T12:02:39.000Z",
"description": "The Macro retrieves a binary from the following (likely compromised) website",
"pattern": "[file:hashes.SHA256 = 'c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T12:02:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57595b13-325c-4544-bfdc-4c7502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T12:03:31.000Z",
"modified": "2016-06-09T12:03:31.000Z",
"description": "The Macro retrieves a binary from the following (likely compromised) website - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"pattern": "[file:hashes.SHA1 = 'b6d32b488e2b778bd8414a4241a74883f01452fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T12:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57595b14-9248-4eb6-b4c2-477302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T12:03:32.000Z",
"modified": "2016-06-09T12:03:32.000Z",
"description": "The Macro retrieves a binary from the following (likely compromised) website - Xchecked via VT: c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d",
"pattern": "[file:hashes.MD5 = '8582db69683290be0381bd1485013435']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T12:03:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57595b14-c6e8-47f5-8835-471a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T12:03:32.000Z",
"modified": "2016-06-09T12:03:32.000Z",
"first_observed": "2016-06-09T12:03:32Z",
"last_observed": "2016-06-09T12:03:32Z",
"number_observed": 1,
"object_refs": [
"url--57595b14-c6e8-47f5-8835-471a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57595b14-c6e8-47f5-8835-471a02de0b81",
"value": "https://www.virustotal.com/file/c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d/analysis/1465384661/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57595bf9-9468-43c7-8e9b-4f31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T12:07:21.000Z",
"modified": "2016-06-09T12:07:21.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57596a30-835c-498d-84b5-44c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:08:00.000Z",
"modified": "2016-06-09T13:08:00.000Z",
"description": "downloaded malware",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAABpyUgx/VOztRACAABgAwAgABwAODU4MmRiNjk2ODMyOTBiZTAzODFiZDE0ODUwMTM0MzVVVAkAAzBqWVcwallXdXgLAAEEIQAAAAQhAAAAdFANgyCZKp/EQCBp5REbAO0o75DP1DNPP6lrFSMVYQ8qlvivs3hjcDz5TrDU5t+60G9ggOsbe117QLSibgg6ks0JmVsHMt1Oj3coAA/gVxpdYyzgoOZ8Qcxn/phCfpml/Y0sDTTU1pcmTFx/UimwIQ340GYiwWVtkUIiShJWkd3zG74SAh+Uip/Jneril0ZN9LhyfGuTucOuVnVJIJvL4YNygEWe2Vu+xKfoHolj24XUJYPuoTbQ5s2Kf+2AxM6vdmbMVAvDVkQATkL+r+3Q0KUBN+BN4/Ca47zL5UMGbSlRFFmB47GVGDB1t/viON4VBsqgCLIYCynyHNcuBt3fNb3jVr9D29vdV2yO3XsUpeHzcC3zqZatvDjFlTegcIwwO+QMM7pKWTkKy95b2MMvnzY2cdXTER72gp2WI9OyEMTZBLk9iUDRr12mwhZDEmxeNrD3ELwz9H9OGAFI+YLhrOGihOT/oBpyvTEjsC2xaEhf8s7/9Ef7W9Un+MhRkZ615JqPkfooWXZxcdbYcgUmrjYqa/kAk/jh4SdGG7tgEq8+NI2lo8OdLtzXyoeGfJJjnKqrKJkpmvKgAoFcg/NSCwmVfTvqfw0Qlc3CsArMPk6IYMxkLPynZY4sg7zFyZGPPmHywCZ+GqBzmjssxnm+CKey1cWtLH2/lGOkMby5HQyEOlGTK1gQQgU7mjeBnpeIUZlwB3dkElrMNkq/7sjP4E1pA8tfNulFdk/WVmGZpYggOcdbUcE8aqiR6EmzvVXYLvzYwPphLzVcgszyS2pSOXRuXof4YGwAhb7lC6kAcaRYexmmIo5roFW2jaqncrQsy6RhFruEZzU42N8+bhicEKqYsND6wFlHXO2zh0iD+6RprjY/6bnE2VcqdtXzOunTPjmKAFGnxc/ZZvRskiEnW0DEk2PxmI5eLITU1NL2EI8FUjpasiXN5gEKTyYmriDQVYBlqthHbAtq+VG8mJzzNoXnshkf6uKzpskM4gPaX9cV7bENQOLubhfAppEP0gQ/l3bmRVtDsFnJKWGqBe8I7yL2403QFMHTFtae3VJdMKBX0E43ar8iNfkg+tYhf7+sNLj8+owPXGLGCJ1qOzkU8s3Qocwq0tMQxutfjONjX2rQMq50MdrZj2/E4vXuSFR+tgJatQThcKifMUcFFbI9sNZV+4Q5qA9n0ip2cpNNRaEDQcPD96zl/kXCae4OIqvc6D9Yqj6YhBSC531hfSHoi3JV0jl0nUO5Nvn6xSIrsjvnft0Yfc55/91OfecHvzDNN9pX0L0AsT4fSG7geD/walB1QgljTo1g0BQ3QyqYKXzVXoPQJLhSqand9qn+AbC8K0/tyjMkIM2onParAxYAWgt6DEyVVLhtOmar26baiaAe7peSoyegPWIr0BN3LjnmRwppRuOE8TehQWs/4W4Zp9swU8pn/MzQa2+VeO8Jus/jK/+/izirTY7NvQWveelypSRwk8OvGmEZWE34jMoTULsowN91QrBExmLs3OK1jlJgUoO+JMVMFdPjcyACY+I9xa0k5Ovo1LPzIJTnET8jVHpN1R8eNJqZw/imA9gYlqTLwpxM4f9D9VvOCb7tqtUAPWBi0irScFj2je5VNlUD2BM6wzIkgPEhhMPqhOxh48S6HlMVOu/LMNYvvKjBQ6Tpm6GNn/pyjwx7FY9ySsTq46/zpcLSxGbWzWxtnOFGcohA8N+onteGbid01lhdS6nKCMEozk9q00073wUMlnidYQAJRYE2Nid9Li3MdUdeQjFpXL9l2b60M/NshxTPITBozQJsrec5xUML7wWB4T9VLxDzc/aINTLdZSZyxiwt9V6YOBWjL83XmTfXIOU4IJMJP/oVLdD8inZ7b6U1G+AKOrCcfT2/+fmGWFv6k8gORAGvMr/2ny7DNHwH9KaKr8MBWVDx/GnmxAl12afaREQxIIp9T0b9ewiITAstE6CcIyiDrh63vFXRXTjFq2JM7qkFf2t0wq4bNf9fLCjkqF70iBsxyEPvanj/Yalrj01YPHaOAvUj7v3UjZwwJcWFtZ2JViE9b4ssaipicxLBH0Iu2aLehZtwqoeuITA+EZp5eW56z25eogUInZAeFi7hWrByTe3Uq1/BiBXgFSGL8zbBvOpq3E11AJlC+GsL7qeVKlMZ3Y6jSewySac7DRLUhJ2SfXUj8tgf3jf6EgG8tmNFSl5HxnQOygm/OwekOImS6wbw75iTB3KKGKR6PnnLTWuWpqqgJTpKdgnUFAvBftq1mfClMyHdz2rfDgzHh1NnY2k69rh1lafgNuaM8JoiJUjy/uiIma/HC8Sz3WTfj/RinXniZus1OR4zm1HMx8IIu9VsHB97sk41S0yKNf4Lnq6gzmRjcVHO0WE27PtCMGXwY1M9sFWJp4godvSlE0LZ1Xk/f9HWGLSZT/3zu13IEjDQNnBTg4W6YF1TEaz5+Gr775pBNogyXqGUETE23O35rP+B5VQSwAzFoIu0FdCNDw+0+X//75dvwHF2j2yovqjA9Yz7TMkK2a89yvIxTKuuB1Y/+b/DTsmktKmmjhpbfAd7ochnSIfK1iHa3iVFdw7AeEZqd/eRhhDpyM/BxiYJNif1FkUB96LBaKJbGtpzQMfULQ1IsaL3DR9NAba1PGql0HHn8+3uu96ZUOpkzqwC5LV1x7GdqHdNQjQ749uaCu0j4AUv2alc2LPcEaAon1qI5yr/CWgDpkkh5ndpB1ugGMQfXFMk7/o8L/LZ2ESiq8N9Wez9zNc4D1PmWakOTc+S5n5c3MS6pnhApoBvMMCPVNjriQxhhHFy74Z6ss8+EskkqKzNERFLGTKydx7EnEDdKVNxv/HINZSUFA2s4eKTNmD0IoGbxZ7y3AUjPtnjADfGT0zFNY/Xhk/8PqpoUBGxetkj/VdkBQpXOd9fsFXdSEfj8hPu+JrJiTZY4I92u+wifRWd7x1fyN5oi+Yl+JE5F3eg0vZs7ZIZ9PuHu5K1JdKRQ7x5ju2LJtD/kVZx9etkeAuAutuLsIaVf5JXlnetuOia/M8MMvDGwTYtasTk9pkejl12yk2NGsytShN7VvDFyXIC2mGt5ZG4zN1YCGvcPq1zXxBD2yWHkeDzr8tBF9VZhBHxbeO9to1NsV3fElYf4EcsSYXG1+Lgg1Bs2H2mQzTgxnEN0I1qFkZtF6yKv0MkNOGMvcEBchYPT6QqHWyyp1BkdBLr2FmDvmg3bBJnyWdGu3eJ37wKmMTGyPyIpYNvsAGIuRz3sD10XgtsSA9S0/ULNmqhcw1nV+GPDhdJ+kzKRj6A/PBSecl5msmjmOvLcf98YIBBXrRz7pydo7rnYQ+qWLJ8GlZn8k1SRwyjbW5lTPdIfzQl29aPHi9RlkdrmzrolKWGmFMNlDQM0dKjHAnkhU7FwaUvqKzYYgZLFL4EaZJVNs+yLDFk7Q+faKdDP78kNwPRcnHtPc8QnEtJ3z6K4eGxQlodH04ugiPBrgqo5eF4oGZz0t23GTUeGrj+e6zaMZo5ErzSelZQ3V6V6pjEnNU6TpoWIA5KhSJFsf8hn1B6Mg3ZtBH8qaXvt2WWkoabbht/HeTsVgDHMA5NJB/JuwHxYsTAfebr2hoYsDI5H9fyyXPt/RzJt1uw2ivzrTnMc+DTrso6LUuDQUfDitgxLT/VVnPp2y5bzcXCLfsh1pKrts3g/iQmujp7e5pzOzdiBWRX+tprkSOvWlUwlCBE4NMtPufzd++NcKJTP69IrzWWTYkrnCpk1+Ex8pzgKPQRyimj2RNwBug83b61OgUbkp3VL6hBgW4e5Qjx4fJQip8hXwcpZZxEMP/ACIWs0bH/wtsQG1at/49HodikgD9lMWMzGo66QhXLVxmj+zo7S7g2bntxoQxs/td48uSv6SsRjLzj5jthZjSz/01Esv7ngyahzfNrt9
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T13:08:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57596a31-53c4-45de-a59e-4289950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:08:01.000Z",
"modified": "2016-06-09T13:08:01.000Z",
"description": "downloaded malware",
"pattern": "[file:name = 'office.bin' AND file:hashes.SHA1 = 'b6d32b488e2b778bd8414a4241a74883f01452fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T13:08:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57596a32-bcd4-46d2-b224-4409950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:08:02.000Z",
"modified": "2016-06-09T13:08:02.000Z",
"description": "downloaded malware",
"pattern": "[file:name = 'office.bin' AND file:hashes.SHA256 = 'c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-09T13:08:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57596ac1-3280-4256-8bfc-434502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-09T13:10:25.000Z",
"modified": "2016-06-09T13:10:25.000Z",
"first_observed": "2016-06-09T13:10:25Z",
"last_observed": "2016-06-09T13:10:25Z",
"number_observed": 1,
"object_refs": [
"url--57596ac1-3280-4256-8bfc-434502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57596ac1-3280-4256-8bfc-434502de0b81",
"value": "https://www.virustotal.com/file/c1e21a06a1fa1de2998392668b6910ca2be0d5d9ecc39bd3e3a2a3ae7623400d/analysis/1465474372/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink