2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5aa63cdc-2e9c-4621-8499-4c47950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:46:43.000Z" ,
"modified" : "2018-03-12T08:46:43.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5aa63cdc-2e9c-4621-8499-4c47950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:46:43.000Z" ,
"modified" : "2018-03-12T08:46:43.000Z" ,
"name" : "OSINT - Turla Nautilus Implant" ,
"published" : "2018-03-12T08:47:45Z" ,
"object_refs" : [
"observed-data--5aa63d2c-9dcc-40a0-95a7-4b0d950d210f" ,
"url--5aa63d2c-9dcc-40a0-95a7-4b0d950d210f" ,
"indicator--5aa63d3e-e47c-4856-9084-4e77950d210f" ,
"indicator--5aa63d54-b08c-49c6-a9ae-409c950d210f" ,
"observed-data--5aa63d6c-fa70-4259-b59c-4fcd950d210f" ,
"url--5aa63d6c-fa70-4259-b59c-4fcd950d210f" ,
"x-misp-object--5aa63dd2-e3dc-45d0-b0dc-4c65950d210f" ,
"indicator--ac04d932-cbe1-441e-82dc-9c9cb4703445" ,
"x-misp-object--8c91f218-7e54-4698-9338-efd8d3842a1b" ,
2024-08-07 08:13:15 +00:00
"relationship--5e03857f-169a-4f64-9dc8-2e3b6ff44c24"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"admiralty-scale:source-reliability=\"f\"" ,
"misp-galaxy:mitre-entreprise-attack-intrusion-set=\"Turla\"" ,
"misp-galaxy:tool=\"Wipbot\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5aa63d2c-9dcc-40a0-95a7-4b0d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:45:03.000Z" ,
"modified" : "2018-03-12T08:45:03.000Z" ,
"first_observed" : "2018-03-12T08:45:03Z" ,
"last_observed" : "2018-03-12T08:45:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5aa63d2c-9dcc-40a0-95a7-4b0d950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5aa63d2c-9dcc-40a0-95a7-4b0d950d210f" ,
"value" : "https://mobile.twitter.com/DrunkBinary/status/972946982141603841"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5aa63d3e-e47c-4856-9084-4e77950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:41:34.000Z" ,
"modified" : "2018-03-12T08:41:34.000Z" ,
"description" : "Turla Nautilus" ,
"pattern" : "[file:hashes.SHA256 = 'f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-12T08:41:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5aa63d54-b08c-49c6-a9ae-409c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:45:03.000Z" ,
"modified" : "2018-03-12T08:45:03.000Z" ,
"description" : "Appears to contact" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.20.189.34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-12T08:45:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5aa63d6c-fa70-4259-b59c-4fcd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:45:04.000Z" ,
"modified" : "2018-03-12T08:45:04.000Z" ,
"first_observed" : "2018-03-12T08:45:04Z" ,
"last_observed" : "2018-03-12T08:45:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5aa63d6c-fa70-4259-b59c-4fcd950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5aa63d6c-fa70-4259-b59c-4fcd950d210f" ,
"value" : "https://www.reverse.it/sample/f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db?environmentId=120"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5aa63dd2-e3dc-45d0-b0dc-4c65950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:44:02.000Z" ,
"modified" : "2018-03-12T08:44:02.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "What appears to be an actually new sample of the Turla Nautilus Implant\r\n f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db" ,
"category" : "Other" ,
"uuid" : "5aa63dd2-2844-4794-8565-488f950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5aa63dd3-715c-400a-b730-43a3950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://mobile.twitter.com/DrunkBinary/status/972946982141603841" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5aa63dd3-0f8c-49c5-bda3-4a94950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "DrunkBinary" ,
"category" : "Other" ,
"uuid" : "5aa63dd3-b8b0-410e-98d1-4787950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ac04d932-cbe1-441e-82dc-9c9cb4703445" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:45:07.000Z" ,
"modified" : "2018-03-12T08:45:07.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f58bdc5edfa14e23164fd00569b3db3f' AND file:hashes.SHA1 = '04b0ed6e26b7ec4140cb9535771207802b0c0463' AND file:hashes.SHA256 = 'f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-12T08:45:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8c91f218-7e54-4698-9338-efd8d3842a1b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-12T08:45:06.000Z" ,
"modified" : "2018-03-12T08:45:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f3d488f5f8c74547f1b247c342307ff8d1380907db768e7b6da11d38e0c086db/analysis/1520818696/" ,
"category" : "External analysis" ,
"comment" : "Turla Nautilus" ,
"uuid" : "5aa63e12-8758-4399-96d9-485b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "13/63" ,
"category" : "Other" ,
"comment" : "Turla Nautilus" ,
"uuid" : "5aa63e12-e6fc-4a8f-96d4-400502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-12T01:38:16" ,
"category" : "Other" ,
"comment" : "Turla Nautilus" ,
"uuid" : "5aa63e12-f7b8-4cf5-b48a-47e402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--5e03857f-169a-4f64-9dc8-2e3b6ff44c24" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-12T08:45:06.000Z" ,
"modified" : "2018-03-12T08:45:06.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ac04d932-cbe1-441e-82dc-9c9cb4703445" ,
"target_ref" : "x-misp-object--8c91f218-7e54-4698-9338-efd8d3842a1b"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}