adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/58cbbdc9-9974-4da4-b10d-2e9c950d210f.json

250 lines
9.9 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58cbbdc9-9974-4da4-b10d-2e9c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T14:08:57.000Z",
"modified": "2017-03-17T14:08:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58cbbdc9-9974-4da4-b10d-2e9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T14:08:57.000Z",
"modified": "2017-03-17T14:08:57.000Z",
"name": "Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!",
"published": "2017-03-17T14:09:04Z",
"object_refs": [
"observed-data--58cbbddd-ee44-487b-b368-091f950d210f",
"url--58cbbddd-ee44-487b-b368-091f950d210f",
"indicator--58cbbe4c-0dac-4f45-9516-82a7950d210f",
"indicator--58cbbe4d-b304-4de7-8105-82a7950d210f",
"observed-data--58cbbe60-2c10-4833-a4d7-82ab950d210f",
"file--58cbbe60-2c10-4833-a4d7-82ab950d210f",
"indicator--58cbbef1-eb20-412a-bc04-82ae950d210f",
"observed-data--58cbbf02-6910-4fd5-a825-0921950d210f",
"url--58cbbf02-6910-4fd5-a825-0921950d210f",
"indicator--58cbed7e-7658-44ba-b7a9-08c5950d210f",
"indicator--58cbed80-23f4-4ac6-8007-08c5950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"ms-caro-malware:malware-type=\"Ransom\"",
"enisa:nefarious-activity-abuse=\"ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58cbbddd-ee44-487b-b368-091f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T14:08:06.000Z",
"modified": "2017-03-17T14:08:06.000Z",
"first_observed": "2017-03-17T14:08:06Z",
"last_observed": "2017-03-17T14:08:06Z",
"number_observed": 1,
"object_refs": [
"url--58cbbddd-ee44-487b-b368-091f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58cbbddd-ee44-487b-b368-091f950d210f",
"value": "https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58cbbe4c-0dac-4f45-9516-82a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T10:45:32.000Z",
"modified": "2017-03-17T10:45:32.000Z",
"pattern": "[file:name = 'loic_win32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-17T10:45:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58cbbe4d-b304-4de7-8105-82a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T10:45:33.000Z",
"modified": "2017-03-17T10:45:33.000Z",
"pattern": "[file:name = 'RANSOM_NOTE.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-17T10:45:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58cbbe60-2c10-4833-a4d7-82ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T10:45:52.000Z",
"modified": "2017-03-17T10:45:52.000Z",
"first_observed": "2017-03-17T10:45:52Z",
"last_observed": "2017-03-17T10:45:52Z",
"number_observed": 1,
"object_refs": [
"file--58cbbe60-2c10-4833-a4d7-82ab950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--58cbbe60-2c10-4833-a4d7-82ab950d210f",
"name": "pwd"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58cbbef1-eb20-412a-bc04-82ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T10:48:17.000Z",
"modified": "2017-03-17T10:48:17.000Z",
"pattern": "[file:hashes.SHA256 = '39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-17T10:48:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58cbbf02-6910-4fd5-a825-0921950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T10:48:34.000Z",
"modified": "2017-03-17T10:48:34.000Z",
"first_observed": "2017-03-17T10:48:34Z",
"last_observed": "2017-03-17T10:48:34Z",
"number_observed": 1,
"object_refs": [
"url--58cbbf02-6910-4fd5-a825-0921950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58cbbf02-6910-4fd5-a825-0921950d210f",
"value": "https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58cbed7e-7658-44ba-b7a9-08c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T14:06:54.000Z",
"modified": "2017-03-17T14:06:54.000Z",
"pattern": "[file:hashes.MD5 = '78117f7acc8b385e9b29fe711436d16d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-17T14:06:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58cbed80-23f4-4ac6-8007-08c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-17T14:06:56.000Z",
"modified": "2017-03-17T14:06:56.000Z",
"pattern": "[file:hashes.SHA1 = '0d4dfe880f8ec4b394f49f1a2608200dd06ba8a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-17T14:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink