misp-circl-feed/feeds/circl/stix-2.1/593e5a1d-0a18-40ac-9051-4188950d210f.json

319 lines
594 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--593e5a1d-0a18-40ac-9051-4188950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--593e5a1d-0a18-40ac-9051-4188950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"name": "OSINT - MacRansom: Offered as Ransomware as a Service",
"published": "2017-06-12T09:13:49Z",
"object_refs": [
"observed-data--593e5a28-466c-4c46-a613-42a4950d210f",
"url--593e5a28-466c-4c46-a613-42a4950d210f",
"x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",
"x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",
"indicator--593e5a90-18f4-4b53-a270-4d29950d210f",
"indicator--593e5a90-39f8-4eda-a803-4a07950d210f",
"indicator--593e5aab-0620-49a5-b936-4296950d210f",
"indicator--593e5aab-7d24-4657-ba18-40d0950d210f",
"observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",
"file--593e5adb-ecdc-4c42-be07-4440950d210f",
"artifact--593e5adb-ecdc-4c42-be07-4440950d210f",
"indicator--593e5b39-977c-442c-ba46-bbf302de0b81",
"indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",
"observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",
"url--593e5b3a-2020-4e7b-add4-bbf302de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ms-caro-malware:malware-platform=\"MacOS_X\"",
"ecsirt:malicious-code=\"ransomware\"",
"ms-caro-malware:malware-type=\"Ransom\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593e5a28-466c-4c46-a613-42a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"first_observed": "2017-06-12T09:13:25Z",
"last_observed": "2017-06-12T09:13:25Z",
"number_observed": 1,
"object_refs": [
"url--593e5a28-466c-4c46-a613-42a4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593e5a28-466c-4c46-a613-42a4950d210f",
"value": "https://blog.fortinet.com/2017/06/09/macransom-offered-as-ransomware-as-a-service"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--593e5a42-c0cc-4fdc-92b6-4f36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Many Mac OS users might assume that their computer is exempt from things like ransomware attacks and think that their system is somehow essentially \u00e2\u20ac\u0153secure.\u00e2\u20ac\u009d It is true that it\u00e2\u20ac\u2122s less likely for a Mac OS user to be attacked or infected by malware than a Windows user, but this has nothing to do with the level of vulnerability in the operating system. It is largely caused by the fact that over 90% of personal computers run on Microsoft Windows and only around 6% on Apple Mac OS.\r\n\r\n\r\n\r\nFigure 1: Market share for desktop OS (reference: NetMarketShare)\r\n\r\nMacRansom Portal\r\nJust recently, we here at FortiGuard Labs discovered a Ransomware-as-a-service (RaaS) that uses a web portal hosted in a TOR network which has become a trend nowadays. However, in this case it was rather interesting to see cybercriminals attack an operating system other than Windows. And this could be the first time to see RaaS that targets Mac OS"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--593e5a75-a6a4-465d-a853-4bdc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "OSX/MacRansom.A!tr"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5a90-18f4-4b53-a270-4d29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"description": "Zip",
"pattern": "[file:hashes.SHA256 = 'a729d54da58ca605411d39bf5598a60d2de0657c81df971daab5def90444bcc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5a90-39f8-4eda-a803-4a07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"description": "Mach-O file",
"pattern": "[file:hashes.SHA256 = '617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5aab-0620-49a5-b936-4296950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"description": "Dropped files",
"pattern": "[file:name = '~/LaunchAgent/com.apple.finder.plist']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5aab-7d24-4657-ba18-40d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"description": "Dropped files",
"pattern": "[file:name = '~/Library/.FS_Store']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593e5adb-ecdc-4c42-be07-4440950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:25.000Z",
"modified": "2017-06-12T09:13:25.000Z",
"first_observed": "2017-06-12T09:13:25Z",
"last_observed": "2017-06-12T09:13:25Z",
"number_observed": 1,
"object_refs": [
"file--593e5adb-ecdc-4c42-be07-4440950d210f",
"artifact--593e5adb-ecdc-4c42-be07-4440950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--593e5adb-ecdc-4c42-be07-4440950d210f",
"name": "mac17.png",
"content_ref": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--593e5adb-ecdc-4c42-be07-4440950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAwgAAAMECAYAAAAbxwJsAAAEDWlDQ1BJQ0MgUHJvZmlsZQAAOI2NVV1oHFUUPrtzZyMkzlNsNIV0qD8NJQ2TVjShtLp/3d02bpZJNtoi6GT27s6Yyc44M7v9oU9FUHwx6psUxL+3gCAo9Q/bPrQvlQol2tQgKD60+INQ6Ium65k7M5lpurHeZe58853vnnvuuWfvBei5qliWkRQBFpquLRcy4nOHj4g9K5CEh6AXBqFXUR0rXalMAjZPC3e1W99Dwntf2dXd/p+tt0YdFSBxH2Kz5qgLiI8B8KdVy3YBevqRHz/qWh72Yui3MUDEL3q44WPXw3M+fo1pZuQs4tOIBVVTaoiXEI/MxfhGDPsxsNZfoE1q66ro5aJim3XdoLFw72H+n23BaIXzbcOnz5mfPoTvYVz7KzUl5+FRxEuqkp9G/Ajia219thzg25abkRE/BpDc3pqvphHvRFys2weqvp+krbWKIX7nhDbzLOItiM8358pTwdirqpPFnMF2xLc1WvLyOwTAibpbmvHHcvttU57y5+XqNZrLe3lE/Pq8eUj2fXKfOe3pfOjzhJYtB/yll5SDFcSDiH+hRkH25+L+sdxKEAMZahrlSX8ukqMOWy/jXW2m6M9LDBc31B9LFuv6gVKg/0Szi3KAr1kGq1GMjU/aLbnq6/lRxc4XfJ98hTargX++DbMJBSiYMIe9Ck1YAxFkKEAG3xbYaKmDDgYyFK0UGYpfoWYXG+fAPPI6tJnNwb7ClP7IyF+D+bjOtCpkhz6CFrIa/I6sFtNl8auFXGMTP34sNwI/JhkgEtmDz14ySfaRcTIBInmKPE32kxyyE2Tv+thKbEVePDfW/byMM1Kmm0XdObS7oGD/MypMXFPXrCwOtoYjyyn7BV29/MZfsVzpLDdRtuIZnbpXzvlf+ev8MvYr/Gqk4H/kV/G3csdazLuyTMPsbFhzd1UabQbjFvDRmcWJxR3zcfHkVw9GfpbJmeev9F08WW8uDkaslwX6avlWGU6NRKz0g/SHtCy9J30o/ca9zX3Kfc19zn3BXQKRO8ud477hLnAfc1/G9mrzGlrfexZ5GLdn6ZZrrEohI2wVHhZywjbhUWEy8icMCGNCUdiBlq3r+xafL549HQ5jH+an+1y+LlYBifuxAvRN/lVVVOlwlCkdVm9NOL5BE4wkQ2SMlDZU97hX86EilU/lUmkQUztTE6mx1EEPh7OmdqBtAvv8HdWpbrJS6tJj3n0CWdM6busNzRV3S9KTYhqvNiqWmuroiKgYhshMjmhTh9ptWhsF7970j/SbMrsPE1suR5z7DMC+P/Hs+y7ijrQAlhyAgccjbhjPygfeBTjzhNqy28EdkUh8C+DU9+z2v/oyeH791OncxHOs5y2AtTc7nb/f73TWPkD/qwBnjX8BoJ98VVBg/m8AAAAJcEhZcwAAFxIAABcSAWef0lIAAEAASURBVHgB7F0HYBRF236upjdCSQIh9F4TWuhFBBWsiIUPUVEUKYpdEFGKvaCIigiCiB0pKqCAIFV6SUJII6EmIaRc2iVX/2f27pJLCBgh+ivOaLi73Z2Zd56Z3X37qHJzc+2QRSIgEZAISAQkAhIBiYBEQCIgEfjPI2AymZqp//MoSAAkAhIBiYBEQCIgEZAISAQkAhKBMgSkgFAGhfwiEZAISAQkAhIBiYBEQCIgEZAISAFBrgGJgERAIiARkAhIBCQCEgGJgESgDAEpIJRBIb9IBCQCEgGJgERAIiARkAhIBCQCUkCQa0AiIBGQCEgEJAISAYmAREAiIBEoQ0AKCGVQyC8SAYmAREAiIBGQCEgEJAISAYmAFBDkGpAISAQkAhIBiYBEQCIgEZAISATKEJACQhkU8otEQCIgEZAISAQkAhIBiYBEQCKgvSwIbIDGyxteeg1UzgZs1lIUF5pgryRy2FVqeHt7Q6t2XckKdiuKi4phrbxFm00Fna83PDXORlR2WEuNKDZa2Z8PvPXO43YbzDxuNNvK+r+scdRgJZXGAz7e+jJ6zKVFKDERqL+zqFRQqbTQaewwmy1wwauyq6D28IKXh3O+iKvFWIRis72M3r+TzIv2JeiHGlqdBlZTKVyzq+JxqHXw9vGA2jkoG/Etqja+rM//9VyzHq61xTVUUlQEQiCLRODyEFDuNzU8uK507s89O59bpmIUV3t9Xl73F6ul4jNXrffk81JT8RLSZSFdxv8nuioSI39JBCQCEgGJwD8ZAffXWjXpVEPvp8KW10ahR6sWaNGCf83bY+hdnyA70BMVXkkaT/jnHcbYYd0d14lr+dem7whsPG4rZ/iVnjXwCsrFkjHXo0NzZ7stu+PO2VugD7Tgx2euR0dn/RZR12LKtynw96rQWzXpr/nL1GorTvwyC71cdJPOhxfGwWT7m+hTGBWy1mot8mNW4Z3la5GUT2baeVylM2Lj6/egV2sHrq069ca9C2Pg53kZ01/z8JF5F4IN/9RqFCVtxteLXsX+8z7Qu8alNSFx07u4pq2D/pbtonDjG9vgoXUTOi9Gl9IGoC05jtdHX4vWyhpqic69h2DxYR08/iEQXIx8efyfiYBYr3ZbKTKT1uOx/s7nlfP51DqqD+5+b1f11meNDU/cQ47GSvPPYe3sWyo8c8VzV9D1v3m7oKc0U407p8Yokw1JBCQCEgGJwL8PgcuwINhgsfiibZMAZGUfx8lcx6Cz7V8hPnkSGtQvoWbacUzn4YGTCXuwd+8BHHdep5xJM2LL4RQM6tgOKmqKFSUumVtdXiZ2x8XhaGq6cpkqIAx9G7eDt7oU2adSkXr8OIrFGT8rTmUZoaGmDLAq1/5//kNWASU5J5CYehx5TkLqny2iBvxvoE8wwATQUpKG377/AC9M/Q5et72I62+ggACTAx2VDYaME0hNOo4s0qf2KUbdzCInfn+zlaPyRDnpt5ZkYP/WT/Hsgx8ht91AfHqjjgyPkdYmVuAASwwZSE0+jlMW/tT5wCM9n/QLNkdZPZVbrfSbGlWbEWeOJyPp+GnRIDwKzEgvEEIVf/4/Q1CJWPnzn44A153NXIjUb6fj+ue/Q25OAe+08uITDAxt1Bo2W3XWZnm9y/4m7iE+C61F2fh96dOY9O7PyMgrQHFJ5f5TkZx8B7YtaothE+fgvQe6wmTmw7ryZZdNiKwoEZAISAQkAlcLApchIJCfstjQuHMnhPkF4VRurvJ+MRrzcSrjHHThXsRGcFwqaFU5OJWaiPzCSnDZinA8MRXZ1s6ojVIHE6vRwp6RhWSjIgIo9f29Q9E5qjHbPwmVRkOGkIf5MlOp+d3dZalS83/3T+Go41WnKdq1ao1sp2quZUM/Muh/NecphAMbSnNS8PFjIzH9h1R64ngiiq5aCu/sBoTQzmt0PGDmOWoQ1f8I/AT9wt0pA99NvQMTlxyBlYJihJWMeyUVp1q4TQj6KSDQf+JPzr8NNrUPIlq1QbsiP1gJjndwOMID6AryV0+R2xzIr1cDAuLeonuaNQXffPYzDIpwoILG0xf1QkMR5EWrad0oRLfz+nvWlhAO+J+9xIBty5/H+DnfIl08b3m/aAND0bR+IIVjO2xWC/IykpCZb6DVYze+mjMZPr7zMf2OjtDRVVPKCFfD2pRjkAhIBCQCNYfAZQkIDAyAqX1vXFPXF4dpQqCeF6bCYpzJOg+brhFQSq6LLyhdUQYSD8fgvNOiUE52PmJjYnHm9G0IqU0bAI0AWvrNnz6ZjNy8IudlevjUvhZ9Opth+f83EpSTXsU3G12JIgZPxW83z1RsBuISU3E+fZD/YsLJRFM+QEnaKiz7WWjG/2VFEfjI3KSvxeJVqQrvX0kuuPIBUQARApzFsxGeWPwTntc5lrzdboGxoJBuYFfehWzhP4QAF6gQam2FqUg5bXKsWUreYS174e3PV2JEO0/ekyYUFxT/LfEtyi1Eu+qJ3V/gg3nfK8KBSqNHSMsBuOuh5zBrcj94c3pK87Owbu69ePaDLUjILEZRdhK+mPs+erZ5E0Pb+FOnI0WE/9AqlkOVCEgEJAJ/iMDlCQjUjJtLm6P/kCZ
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5b39-977c-442c-ba46-bbf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:29.000Z",
"modified": "2017-06-12T09:13:29.000Z",
"description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",
"pattern": "[file:hashes.SHA1 = 'cf0743ed381ade69bba3d1dd3d357a8300bcd4ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593e5b39-6a4c-471c-85da-bbf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:29.000Z",
"modified": "2017-06-12T09:13:29.000Z",
"description": "Mach-O file - Xchecked via VT: 617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98",
"pattern": "[file:hashes.MD5 = '8fe94843a3e655209c57af587849ac3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-12T09:13:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593e5b3a-2020-4e7b-add4-bbf302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-12T09:13:30.000Z",
"modified": "2017-06-12T09:13:30.000Z",
"first_observed": "2017-06-12T09:13:30Z",
"last_observed": "2017-06-12T09:13:30Z",
"number_observed": 1,
"object_refs": [
"url--593e5b3a-2020-4e7b-add4-bbf302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593e5b3a-2020-4e7b-add4-bbf302de0b81",
"value": "https://www.virustotal.com/file/617f7301fd67e8b5d8ad42d4e94e02cb313fe5ad51770ef93323c6115e52fe98/analysis/1497256956/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}