adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b84012a-f9d4-4d92-abb3-344f950d210f.json

285 lines
12 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b84012a-f9d4-4d92-abb3-344f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-06T12:52:32.000Z",
"modified": "2018-09-06T12:52:32.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b84012a-f9d4-4d92-abb3-344f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-06T12:52:32.000Z",
"modified": "2018-09-06T12:52:32.000Z",
"name": "OSINT - New Bip Dharma Ransomware Variant Released",
"published": "2018-09-06T12:52:58Z",
"object_refs": [
"observed-data--5b840189-c774-4f4c-83b7-5fb0950d210f",
"url--5b840189-c774-4f4c-83b7-5fb0950d210f",
"x-misp-attribute--5b8401a0-d0e4-422e-a664-33af950d210f",
"indicator--5b8fe654-8db4-444c-ad10-495f950d210f",
"indicator--5b8407bd-2440-40cd-80a2-5fb0950d210f",
"indicator--5b84086e-d5ec-4ab2-b371-0716950d210f",
"indicator--5b840880-b12c-4619-be47-0716950d210f",
"indicator--5b840adc-296c-4705-8c8f-0716950d210f",
"indicator--4da3496e-b9b6-48b4-9b2d-42beb59eb7ca",
"x-misp-object--499803fa-d2c3-4722-8fb9-f1134171354f",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"relationship--ee6894d5-5177-4473-a569-17d7158116ad"
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Dharma Ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b840189-c774-4f4c-83b7-5fb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:17:46.000Z",
"modified": "2018-08-27T14:17:46.000Z",
"first_observed": "2018-08-27T14:17:46Z",
"last_observed": "2018-08-27T14:17:46Z",
"number_observed": 1,
"object_refs": [
"url--5b840189-c774-4f4c-83b7-5fb0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b840189-c774-4f4c-83b7-5fb0950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b8401a0-d0e4-422e-a664-33af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:17:56.000Z",
"modified": "2018-08-27T14:17:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Today, Michael Gillespie noticed what appeared to be a new variant of the Crysis/Dharma Ransomware uploaded to his ID-Ransomware site. Jakub Kroustek then discovered some samples to confirm that it was indeed a new Dharma variant. This new version will append the .Bip extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Dharma is typically spread by hacking into Remote Desktop Services and manually installing the ransomware."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b8fe654-8db4-444c-ad10-495f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-05T14:21:08.000Z",
"modified": "2018-09-05T14:21:08.000Z",
"pattern": "[email-message:from_ref.value = 'beamsell@qq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-09-05T14:21:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b8407bd-2440-40cd-80a2-5fb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:16:29.000Z",
"modified": "2018-08-27T14:16:29.000Z",
"pattern": "[file:hashes.SHA256 = '208989df29236594c9d889d54b666041bc7df1d0b53cedd16e4f68636e036bb7' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-27T14:16:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b84086e-d5ec-4ab2-b371-0716950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:19:26.000Z",
"modified": "2018-08-27T14:19:26.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\AppData\\\\Roaming\\\\Info.hta' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-27T14:19:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b840880-b12c-4619-be47-0716950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:19:44.000Z",
"modified": "2018-08-27T14:19:44.000Z",
"pattern": "[file:name = '\\\\%UserProfile\\\\%\\\\AppData\\\\Roaming\\\\[filename.exe]' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-27T14:19:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b840adc-296c-4705-8c8f-0716950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-27T14:29:48.000Z",
"modified": "2018-08-27T14:29:48.000Z",
"pattern": "[file:name = 'FILES ENCRYPTED.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-27T14:29:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4da3496e-b9b6-48b4-9b2d-42beb59eb7ca",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-06T12:52:24.000Z",
"modified": "2018-09-06T12:52:24.000Z",
"pattern": "[file:hashes.MD5 = 'b84e41893fa55503a84688b36556db05' AND file:hashes.SHA1 = '94f83bfb5451383b9c7b486d05f38e1856fe62a5' AND file:hashes.SHA256 = '208989df29236594c9d889d54b666041bc7df1d0b53cedd16e4f68636e036bb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-09-06T12:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--499803fa-d2c3-4722-8fb9-f1134171354f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-06T12:52:29.000Z",
"modified": "2018-09-06T12:52:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-08-24T17:37:17",
"category": "Other",
"uuid": "45a6abd8-a4ca-4133-bddb-bdd48c7ac32b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/208989df29236594c9d889d54b666041bc7df1d0b53cedd16e4f68636e036bb7/analysis/1535132237/",
"category": "External analysis",
"uuid": "c55fb0f7-f9ce-4a7b-9b44-e99390947433"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/68",
"category": "Other",
"uuid": "b4c4e081-c8bd-4467-8211-fc83b3779c3f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--ee6894d5-5177-4473-a569-17d7158116ad",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-09-06T12:52:35.000Z",
"modified": "2018-09-06T12:52:35.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4da3496e-b9b6-48b4-9b2d-42beb59eb7ca",
"target_ref": "x-misp-object--499803fa-d2c3-4722-8fb9-f1134171354f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink