adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5894bd56-d458-489f-a692-41d102de0b81.json

626 lines
25 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5894bd56-d458-489f-a692-41d102de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T21:06:05.000Z",
"modified": "2017-02-03T21:06:05.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5894bd56-d458-489f-a692-41d102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T21:06:05.000Z",
"modified": "2017-02-03T21:06:05.000Z",
"name": "OSINT: Malicious software targeting financial sector internals",
"published": "2017-02-03T21:06:16Z",
"object_refs": [
"indicator--5894be75-7574-4e69-bfae-455202de0b81",
"indicator--5894be76-7508-4910-9d02-4dba02de0b81",
"indicator--5894be76-4f38-4e7e-ac86-497f02de0b81",
"indicator--5894be77-75b0-4734-8249-40a902de0b81",
"indicator--5894be78-4ab0-454c-9b6b-450f02de0b81",
"indicator--5894be79-6d7c-4bde-bcd3-465202de0b81",
"indicator--5894be79-698c-4f80-b7b5-499402de0b81",
"indicator--5894be7a-58b4-4e46-a226-480f02de0b81",
"indicator--5894be7b-8e00-49c2-aefc-447b02de0b81",
"indicator--5894be7c-b780-4516-bbf0-4ed702de0b81",
"indicator--5894be7d-b554-4cc4-85d8-499e02de0b81",
"indicator--5894be7d-4fb0-4992-b86f-42a502de0b81",
"indicator--5894be7e-2770-473e-9555-440f02de0b81",
"indicator--5894be7f-4d6c-4b70-816b-409402de0b81",
"indicator--5894be7f-62f0-4f96-b04a-482202de0b81",
"indicator--5894be80-8628-4324-8b08-488102de0b81",
"indicator--5894be81-1b9c-4742-b624-4aa002de0b81",
"indicator--5894be81-0220-46ab-b665-4e6c02de0b81",
"indicator--5894be82-36dc-43bf-ba0a-4c7902de0b81",
"observed-data--5894be83-553c-4da5-9230-445002de0b81",
"domain-name--5894be83-553c-4da5-9230-445002de0b81",
"observed-data--5894be84-385c-4009-ab47-476802de0b81",
"domain-name--5894be84-385c-4009-ab47-476802de0b81",
"observed-data--5894be84-c4d0-4b38-85ab-40d802de0b81",
"url--5894be84-c4d0-4b38-85ab-40d802de0b81",
"observed-data--5894f097-1eb8-4aab-9cbb-41d202de0b81",
"url--5894f097-1eb8-4aab-9cbb-41d202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:topic=\"finance\"",
"Threat Type:RAT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be75-7574-4e69-bfae-455202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:33.000Z",
"modified": "2017-02-03T17:31:33.000Z",
"description": "malware hash",
"pattern": "[file:hashes.MD5 = 'c1364bbf63b3617b25b58209e4529d8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be76-7508-4910-9d02-4dba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:34.000Z",
"modified": "2017-02-03T17:31:34.000Z",
"description": "malware hash",
"pattern": "[file:hashes.MD5 = '85d316590edfb4212049c4490db08c4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be76-4f38-4e7e-ac86-497f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:34.000Z",
"modified": "2017-02-03T17:31:34.000Z",
"description": "malware hash",
"pattern": "[file:hashes.MD5 = '1bfbc0c9e0d9ceb5c3f4f6ced6bcfeae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be77-75b0-4734-8249-40a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:35.000Z",
"modified": "2017-02-03T17:31:35.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA1 = '496207db444203a6a9c02a32aff28d563999736c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be78-4ab0-454c-9b6b-450f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:36.000Z",
"modified": "2017-02-03T17:31:36.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA1 = '4f0d7a33d23d53c0eb8b34d102cdd660fc5323a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be79-6d7c-4bde-bcd3-465202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:37.000Z",
"modified": "2017-02-03T17:31:37.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA1 = 'bedceafa2109139c793cb158cec9fa48f980ff2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be79-698c-4f80-b7b5-499402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:37.000Z",
"modified": "2017-02-03T17:31:37.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA256 = 'fc8607c155617e09d540c5030eabad9a9512f656f16b38682fd50b2007583e9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7a-58b4-4e46-a226-480f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:38.000Z",
"modified": "2017-02-03T17:31:38.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA256 = 'd4616f9706403a0d5a2f9a8726230a4693e4c95c58df5c753ccc684f1d3542e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7b-8e00-49c2-aefc-447b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:39.000Z",
"modified": "2017-02-03T17:31:39.000Z",
"description": "malware hash",
"pattern": "[file:hashes.SHA256 = 'cc6a731e9daff84bae4214603e1c3bad8d6735b0cbb2a0ec1635b36e6a38cb3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7c-b780-4516-bbf0-4ed702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:40.000Z",
"modified": "2017-02-03T17:31:40.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.214.195.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7d-b554-4cc4-85d8-499e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:40.000Z",
"modified": "2017-02-03T17:31:40.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.29.166.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7d-4fb0-4992-b86f-42a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:41.000Z",
"modified": "2017-02-03T17:31:41.000Z",
"description": "injected URL in compromised website",
"pattern": "[url:value = 'http://sap.misapor.ch/vishop/view.jsp?pagenum=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7e-2770-473e-9555-440f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:42.000Z",
"modified": "2017-02-03T17:31:42.000Z",
"pattern": "[domain-name:value = 'sap.misapor.ch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7f-4d6c-4b70-816b-409402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:43.000Z",
"modified": "2017-02-03T17:31:43.000Z",
"description": "sap.misapor.ch",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.164.247.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be7f-62f0-4f96-b04a-482202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:43.000Z",
"modified": "2017-02-03T17:31:43.000Z",
"description": "injected URL in compromised website",
"pattern": "[url:value = 'https://www.eye-watch.in/design/fancybox/Pnf.action']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be80-8628-4324-8b08-488102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:44.000Z",
"modified": "2017-02-03T17:31:44.000Z",
"pattern": "[domain-name:value = 'www.eye-watch.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be81-1b9c-4742-b624-4aa002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:45.000Z",
"modified": "2017-02-03T17:31:45.000Z",
"description": "www.eye-watch.in",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.225.154.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be81-0220-46ab-b665-4e6c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:45.000Z",
"modified": "2017-02-03T17:31:45.000Z",
"description": "www.eye-watch.in",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.235.128.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5894be82-36dc-43bf-ba0a-4c7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:46.000Z",
"modified": "2017-02-03T17:31:46.000Z",
"description": "compromised website for distribution",
"pattern": "[url:value = 'http://www.knf.gov.pl/DefaultDesign/Layouts/KNF2013/resources/accordian-src.js?ver=11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-03T17:31:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5894be83-553c-4da5-9230-445002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:47.000Z",
"modified": "2017-02-03T17:31:47.000Z",
"first_observed": "2017-02-03T17:31:47Z",
"last_observed": "2017-02-03T17:31:47Z",
"number_observed": 1,
"object_refs": [
"domain-name--5894be83-553c-4da5-9230-445002de0b81"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5894be83-553c-4da5-9230-445002de0b81",
"value": "www.knf.gov.pl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5894be84-385c-4009-ab47-476802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T17:31:48.000Z",
"modified": "2017-02-03T17:31:48.000Z",
"first_observed": "2017-02-03T17:31:48Z",
"last_observed": "2017-02-03T17:31:48Z",
"number_observed": 1,
"object_refs": [
"domain-name--5894be84-385c-4009-ab47-476802de0b81"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5894be84-385c-4009-ab47-476802de0b81",
"value": "knf.gov.pl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5894be84-c4d0-4b38-85ab-40d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T21:06:05.000Z",
"modified": "2017-02-03T21:06:05.000Z",
"first_observed": "2017-02-03T21:06:05Z",
"last_observed": "2017-02-03T21:06:05Z",
"number_observed": 1,
"object_refs": [
"url--5894be84-c4d0-4b38-85ab-40d802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:information-credibility=\"3\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5894be84-c4d0-4b38-85ab-40d802de0b81",
"value": "https://badcyber.com/several-polish-banks-hacked-information-stolen-by-unknown-attackers/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5894f097-1eb8-4aab-9cbb-41d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-03T21:05:27.000Z",
"modified": "2017-02-03T21:05:27.000Z",
"first_observed": "2017-02-03T21:05:27Z",
"last_observed": "2017-02-03T21:05:27Z",
"number_observed": 1,
"object_refs": [
"url--5894f097-1eb8-4aab-9cbb-41d202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5894f097-1eb8-4aab-9cbb-41d202de0b81",
"value": "https://www.virustotal.com/file/d4616f9706403a0d5a2f9a8726230a4693e4c95c58df5c753ccc684f1d3542e2/analysis/1486132198/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink