misp-circl-feed/feeds/circl/stix-2.1/5c502e8e-09e8-4c7c-9135-4c1b950d210f.json

{
    "type": "bundle",
    "id": "bundle--5c502e8e-09e8-4c7c-9135-4c1b950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T13:19:12.000Z",
            "modified": "2019-01-29T13:19:12.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5c502e8e-09e8-4c7c-9135-4c1b950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T13:19:12.000Z",
            "modified": "2019-01-29T13:19:12.000Z",
            "name": "2019-01-28: Turla Kazuar RAT",
            "published": "2019-01-29T13:19:37Z",
            "object_refs": [
                "indicator--5c5037a7-d6f4-47ee-bb67-4cc3950d210f",
                "indicator--5c5037a8-fcf8-4d3c-bab5-4c1e950d210f",
                "x-misp-object--5c5032b0-5a34-4e58-bcf7-0435950d210f",
                "indicator--5c5038be-fe38-403c-a413-0435950d210f",
                "indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",
                "x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab",
                "relationship--5b4bcbef-7b41-4ceb-ac89-3373893570cb"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:malpedia=\"Turla RAT\"",
                "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"",
                "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"",
                "misp-galaxy:threat-actor=\"Turla Group\"",
                "misp-galaxy:tool=\"Turla\"",
                "misp-galaxy:malpedia=\"Kazuar\"",
                "misp-galaxy:mitre-malware=\"Kazuar - S0265\"",
                "misp-galaxy:tool=\"Kazuar\"",
                "type:OSINT",
                "osint:lifetime=\"perpetual\"",
                "osint:certainty=\"50\"",
                "ms-caro-malware:malware-type=\"RemoteAccess\"",
                "enisa:nefarious-activity-abuse=\"remote-access-tool\"",
                "veris:asset:variety=\"S - Remote access\"",
                "veris:action:misuse:vector=\"Remote access\"",
                "ms-caro-malware-full:malware-type=\"RemoteAccess\"",
                "CERT-XLM:malicious-code=\"spyware-rat\"",
                "osint:source-type=\"microblog-post\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5c5037a7-d6f4-47ee-bb67-4cc3950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T11:23:19.000Z",
            "modified": "2019-01-29T11:23:19.000Z",
            "description": "C2",
            "pattern": "[url:value = 'northviewcanada.com/wp-content/galler/slider/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-01-29T11:23:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5c5037a8-fcf8-4d3c-bab5-4c1e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T11:23:20.000Z",
            "modified": "2019-01-29T11:23:20.000Z",
            "description": "C2",
            "pattern": "[url:value = 'zycie-chotomowa.pl/wp-content/languages/index.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-01-29T11:23:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--5c5032b0-5a34-4e58-bcf7-0435950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T11:02:08.000Z",
            "modified": "2019-01-29T11:02:08.000Z",
            "labels": [
                "misp:name=\"microblog\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "text",
                    "object_relation": "post",
                    "value": "2019-01-28: #Turla #Kazuar #RAT: Component: { loader, service, solver, sender, singler, scripter } C2: { northviewcanada[.com/wp-content/galler/slider/, zycie-chotomowa[.pl/wp-content/languages/index.php } MD5: 988df2967a7239a4b916cc9fcedaff68 cc @DrunkBinary",
                    "category": "Other",
                    "uuid": "5c5032b0-929c-4c5c-bd49-0435950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "type",
                    "value": "Twitter",
                    "category": "Other",
                    "uuid": "5c5032b0-6b0c-42df-8c8b-0435950d210f"
                },
                {
                    "type": "url",
                    "object_relation": "url",
                    "value": "https://twitter.com/VK_Intel/status/1089959988116799491",
                    "category": "Network activity",
                    "to_ids": true,
                    "uuid": "5c5032b0-ea2c-4c6f-9ba0-0435950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "username-quoted",
                    "value": "DrunkBinary",
                    "category": "Other",
                    "uuid": "5c5032b0-e2a8-4d81-a227-0435950d210f"
                },
                {
                    "type": "datetime",
                    "object_relation": "creation-date",
                    "value": "2019-01-28T10:54:00",
                    "category": "Other",
                    "uuid": "5c5032b0-6d34-4368-8ba7-0435950d210f"
                },
                {
                    "type": "text",
                    "object_relation": "username",
                    "value": "VK_Intel",
                    "category": "Other",
                    "uuid": "5c5032b0-4528-4080-bbb4-0435950d210f"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "microblog"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5c5038be-fe38-403c-a413-0435950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T11:27:58.000Z",
            "modified": "2019-01-29T11:27:58.000Z",
            "pattern": "[file:hashes.MD5 = '988df2967a7239a4b916cc9fcedaff68' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-01-29T11:27:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T13:19:03.000Z",
            "modified": "2019-01-29T13:19:03.000Z",
            "pattern": "[file:hashes.MD5 = '988df2967a7239a4b916cc9fcedaff68' AND file:hashes.SHA1 = '321fac7d4cabce35ce0adc67c700f47d47359021' AND file:hashes.SHA256 = '44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2019-01-29T13:19:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2019-01-29T13:19:03.000Z",
            "modified": "2019-01-29T13:19:03.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2019-01-29T07:35:34",
                    "category": "Other",
                    "uuid": "d510388b-8e85-4a4d-90a3-54861f1c0110"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac/analysis/1548747334/",
                    "category": "External analysis",
                    "uuid": "c8f2c1f7-80d2-4ea5-9750-e9a85809f91d"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "42/69",
                    "category": "Other",
                    "uuid": "c977a42a-64e2-4f6d-b065-86ac107beec4"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--5b4bcbef-7b41-4ceb-ac89-3373893570cb",
            "created": "2019-01-29T13:19:03.000Z",
            "modified": "2019-01-29T13:19:03.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",
            "target_ref": "x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--5c502e8e-09e8-4c7c-9135-4c1b950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T13:19:12.000Z",`
			`"modified": "2019-01-29T13:19:12.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--5c502e8e-09e8-4c7c-9135-4c1b950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T13:19:12.000Z",`
			`"modified": "2019-01-29T13:19:12.000Z",`
			`"name": "2019-01-28: Turla Kazuar RAT",`
			`"published": "2019-01-29T13:19:37Z",`
			`"object_refs": [`
			`"indicator--5c5037a7-d6f4-47ee-bb67-4cc3950d210f",`
			`"indicator--5c5037a8-fcf8-4d3c-bab5-4c1e950d210f",`
			`"x-misp-object--5c5032b0-5a34-4e58-bcf7-0435950d210f",`
			`"indicator--5c5038be-fe38-403c-a413-0435950d210f",`
			`"indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",`
			`"x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab",`
chg: [feeds] updated 2024-08-07 08:13:15 +00:00			`"relationship--5b4bcbef-7b41-4ceb-ac89-3373893570cb"`
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"misp-galaxy:malpedia=\"Turla RAT\"",`
			`"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla\"",`
			`"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"",`
			`"misp-galaxy:threat-actor=\"Turla Group\"",`
			`"misp-galaxy:tool=\"Turla\"",`
			`"misp-galaxy:malpedia=\"Kazuar\"",`
			`"misp-galaxy:mitre-malware=\"Kazuar - S0265\"",`
			`"misp-galaxy:tool=\"Kazuar\"",`
			`"type:OSINT",`
			`"osint:lifetime=\"perpetual\"",`
			`"osint:certainty=\"50\"",`
			`"ms-caro-malware:malware-type=\"RemoteAccess\"",`
			`"enisa:nefarious-activity-abuse=\"remote-access-tool\"",`
			`"veris:asset:variety=\"S - Remote access\"",`
			`"veris:action:misuse:vector=\"Remote access\"",`
			`"ms-caro-malware-full:malware-type=\"RemoteAccess\"",`
			`"CERT-XLM:malicious-code=\"spyware-rat\"",`
			`"osint:source-type=\"microblog-post\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5c5037a7-d6f4-47ee-bb67-4cc3950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T11:23:19.000Z",`
			`"modified": "2019-01-29T11:23:19.000Z",`
			`"description": "C2",`
			`"pattern": "[url:value = 'northviewcanada.com/wp-content/galler/slider/']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2019-01-29T11:23:19Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5c5037a8-fcf8-4d3c-bab5-4c1e950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T11:23:20.000Z",`
			`"modified": "2019-01-29T11:23:20.000Z",`
			`"description": "C2",`
			`"pattern": "[url:value = 'zycie-chotomowa.pl/wp-content/languages/index.php']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2019-01-29T11:23:20Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "x-misp-object",`
			`"spec_version": "2.1",`
			`"id": "x-misp-object--5c5032b0-5a34-4e58-bcf7-0435950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T11:02:08.000Z",`
			`"modified": "2019-01-29T11:02:08.000Z",`
			`"labels": [`
			`"misp:name=\"microblog\"",`
			`"misp:meta-category=\"misc\""`
			`],`
			`"x_misp_attributes": [`
			`{`
			`"type": "text",`
			`"object_relation": "post",`
			`"value": "2019-01-28: #Turla #Kazuar #RAT: Component: { loader, service, solver, sender, singler, scripter } C2: { northviewcanada[.com/wp-content/galler/slider/, zycie-chotomowa[.pl/wp-content/languages/index.php } MD5: 988df2967a7239a4b916cc9fcedaff68 cc @DrunkBinary",`
			`"category": "Other",`
			`"uuid": "5c5032b0-929c-4c5c-bd49-0435950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "type",`
			`"value": "Twitter",`
			`"category": "Other",`
			`"uuid": "5c5032b0-6b0c-42df-8c8b-0435950d210f"`
			`},`
			`{`
			`"type": "url",`
			`"object_relation": "url",`
			`"value": "https://twitter.com/VK_Intel/status/1089959988116799491",`
			`"category": "Network activity",`
			`"to_ids": true,`
			`"uuid": "5c5032b0-ea2c-4c6f-9ba0-0435950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "username-quoted",`
			`"value": "DrunkBinary",`
			`"category": "Other",`
			`"uuid": "5c5032b0-e2a8-4d81-a227-0435950d210f"`
			`},`
			`{`
			`"type": "datetime",`
			`"object_relation": "creation-date",`
			`"value": "2019-01-28T10:54:00",`
			`"category": "Other",`
			`"uuid": "5c5032b0-6d34-4368-8ba7-0435950d210f"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "username",`
			`"value": "VK_Intel",`
			`"category": "Other",`
			`"uuid": "5c5032b0-4528-4080-bbb4-0435950d210f"`
			`}`
			`],`
			`"x_misp_meta_category": "misc",`
			`"x_misp_name": "microblog"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5c5038be-fe38-403c-a413-0435950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T11:27:58.000Z",`
			`"modified": "2019-01-29T11:27:58.000Z",`
			`"pattern": "[file:hashes.MD5 = '988df2967a7239a4b916cc9fcedaff68' AND file:x_misp_state = 'Malicious']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2019-01-29T11:27:58Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T13:19:03.000Z",`
			`"modified": "2019-01-29T13:19:03.000Z",`
			`"pattern": "[file:hashes.MD5 = '988df2967a7239a4b916cc9fcedaff68' AND file:hashes.SHA1 = '321fac7d4cabce35ce0adc67c700f47d47359021' AND file:hashes.SHA256 = '44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2019-01-29T13:19:03Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "x-misp-object",`
			`"spec_version": "2.1",`
			`"id": "x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2019-01-29T13:19:03.000Z",`
			`"modified": "2019-01-29T13:19:03.000Z",`
			`"labels": [`
			`"misp:name=\"virustotal-report\"",`
			`"misp:meta-category=\"misc\""`
			`],`
			`"x_misp_attributes": [`
			`{`
			`"type": "datetime",`
			`"object_relation": "last-submission",`
			`"value": "2019-01-29T07:35:34",`
			`"category": "Other",`
			`"uuid": "d510388b-8e85-4a4d-90a3-54861f1c0110"`
			`},`
			`{`
			`"type": "link",`
			`"object_relation": "permalink",`
			`"value": "https://www.virustotal.com/file/44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac/analysis/1548747334/",`
			`"category": "External analysis",`
			`"uuid": "c8f2c1f7-80d2-4ea5-9750-e9a85809f91d"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "detection-ratio",`
			`"value": "42/69",`
			`"category": "Other",`
			`"uuid": "c977a42a-64e2-4f6d-b065-86ac107beec4"`
			`}`
			`],`
			`"x_misp_meta_category": "misc",`
			`"x_misp_name": "virustotal-report"`
			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
chg: [feeds] updated 2024-08-07 08:13:15 +00:00			`"id": "relationship--5b4bcbef-7b41-4ceb-ac89-3373893570cb",`
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`"created": "2019-01-29T13:19:03.000Z",`
			`"modified": "2019-01-29T13:19:03.000Z",`
			`"relationship_type": "analysed-with",`
			`"source_ref": "indicator--8670f30a-fed5-4ecf-8486-544baa950b1d",`
			`"target_ref": "x-misp-object--9001b360-5644-40b6-8310-2c8aa8711aab"`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`