adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/f33a2168-bea2-4b71-82ab-5e766c0a9227.json

188 lines
767 KiB
JSON
Raw Normal View History

chg: [gen] updated
2023-12-14 14:30:15 +00:00
{
"type": "bundle",
"id": "bundle--f33a2168-bea2-4b71-82ab-5e766c0a9227",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:45:29.000Z",
"modified": "2023-08-28T07:45:29.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--f33a2168-bea2-4b71-82ab-5e766c0a9227",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:45:29.000Z",
"modified": "2023-08-28T07:45:29.000Z",
"name": "Pandora analysis (INV0027378237.7z) - Malicious attachment",
"published": "2023-08-28T07:45:42Z",
"object_refs": [
"indicator--8c7ff5bc-468a-45de-a2fd-f75b9c193763",
"indicator--36bafd04-5fd8-4339-ac39-329f9a3a7081",
"x-misp-object--d860e45d-45c4-4cc6-853a-a4919ef1c06b",
"x-misp-object--e531372c-3160-47dc-91dc-5f87dad65f8b",
"indicator--ddf4454a-6f31-4e1d-8493-c61a53a966ad"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear",
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8c7ff5bc-468a-45de-a2fd-f75b9c193763",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:41:41.000Z",
"modified": "2023-08-28T07:41:41.000Z",
"pattern": "[domain-name:value = 'rex1010.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-08-28T07:41:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36bafd04-5fd8-4339-ac39-329f9a3a7081",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:35:59.000Z",
"modified": "2023-08-28T07:35:59.000Z",
"pattern": "[file:hashes.MD5 = 'a86cc9672c8c4fdf34fba38b7c63562b' AND file:hashes.SHA1 = '1b254621918e9f35783c870d045e6bc0ed66696a' AND file:hashes.SHA256 = 'e8cdb541ecfffd85cd71fe64b08ed06728b7c14c4079a51b85b0032178338617' AND file:hashes.SHA512 = 'bc43460df406c322ffa65d30eded395a278316c53e2892b870dca3db62f5f91bf30b0b3e54d0084eaa8e4f770a96ca9a547ea84568eb209fbfa9f26ec8ece75e' AND file:hashes.SSDEEP = '12288:AnTypEagRPxTZO6ce2gNTb0TjxEH1vfV6ZO2tdXpViQn/l:AnTsIFO6ce22TgTjGVvtH2tJn/l' AND file:name = 'INV0027378237.7z' AND file:size = '581791' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIA8HFfHwMx+BeEIAJ/gCAAgABwAYTg2Y2M5NjcyYzhjNGZkZjM0ZmJhMzhiN2M2MzU2MmJVVAkAA19O7GRfTuxkdXgLAAEEIQAAAAQhAAAAhcDf5laGsEuN7CfuDTFmQxugxqq7mFt1Kk75FRL1OFYxXP7l+20u3lflqf0oam6x1aA7Dp7rsll/uFrt6lF9I2LoMN8ctztXqvMBelTmsWZy4bYD/mg6b6Zd4PvyiqOQOX4X7w7VLEEiCZ13bHrr3eHyrm42z+NA3gUyil8h57styA8KBElR5HMpF8Jc0AZMYvNW392OUzmNyuykJW/FOo6dWfnc8T/hy/ZEB1XY5F+kt+7xA03lzL3tlpHE5HvoqUDVeIsqQfO79U8L4y9TLFelg2l2K/UyjOXayXa8KIk4CEGF5lkghCj1fKyVQpWV+sEMKxR4XvSJP5SFmriydtYD7Ur+ODqYak/NKMTUkt5M10evd4o9CU2UFvofKg/h8WZlzvZGiHp8XJKNqLgcoOAjB+xtl9tfyt0SoGYUNGC7noHQgm59GBeVLwLSCniL0spfLwPTuDiTm3E9kZSWe9mf+fKWbdTvarbLrQkNt8YruHkBBiurNCNH32Q7n88oUWiDDnmCrdH29JwJP6kGvRcVyCD3hJWQRQB5cRemMXX3QFgRBzRnpQhH1KjM1ms4Hw+uz7PfEygUS1IUZNWB/jGGUbP3ACEvpiFbv2aRBp85u9Xi1yZsS8dmFZieWreEmppcSAbtEZllw2VOgKepQfk15TSYb31Fx1844muPOo6HO326GqOPCQCfXSskEN7Z/zHMUahLXPvsjDZCnwhfIwOyx+9Ua8/TT7xxWL7XVlQ/hUCy9flrErzewdjKL8WWsoNyzercsxJY+BP/1RQ3DTzjh/Fe1aM8MC2letdHx9vzpe7HIA+bFbhql+hAh4+qgOfrIbMRyIgrmTM/stL4AxoDLP0zceL9Dj1/fNud0xGeD2+jiY9/QlOfVXCa7cbPlYVtNstA7tO0k+5pk6xTs51foAA04R+o8R4KNQPq7Oc4BZdcgdnafZl/cmK/eWltMXoeWNnQKpHANgAXqY2KMCVVXRiHzovhRtNZNVohzJ2fTK7AD1zTr+fQ4sjNoW+HzYJnFFcdMiFDa9u5hIBie6qk+TeZn6jGlYFRs8PwN9teLaEdcGni5vrT4sPyyV63wwc1H+TXJOopq8L3g+PnptcbXljwwn2P5rq5+YUd9PLqe6PC44w3p1QbbAkefsV6IMECJ7xW2taWSXhnRiIH6WTwsvqtJbH7icxOkAwOEZ7CshTB5fGYdCQRz16dRgecr+QPT6yxJuRThuekdbyi3DRTi5yltoWHCAaHqxxIn91a/t+a4AVXgMeh+rJsvNiiM+ZqJQ42LOqL/Bzg2JMwsvTFXbBxYtL4R3/d9STPEjnSN6s6flwxD7FUdJLFNa7FW++rentD6VZoPyH5b3gapIr1xG6/3ifnQVIlYhPQ3GF2aR/VXRq3HvG3o1SKI5zNgt4f+LqeOOxAriKgcv9O2TpABC34zsZ0FS9gk9RgNMM6h54T5G4aDT2gi/4RhvUahviExJ+k8K5iRvJcWj96m6wIqL37+ZyFnEeo/qjTDq1UxEiCsbHu2PCYoKo7qZkgw9jPQpHpGPnzS8fmvivU7OkF0YZhYAwS/xp3vT+cF9hb8ew471hg8uh4VDCpaGzumz8H91ONMXXcfw24KdbVgEaQ1ORn3qRjjUnnV7zCDVnuFhX9/ykal7iIA1YemZjeFHrohdhEBmJwc4NiHqH8e52fm5GXYoSTbq/ZEvch1xAqbBWggwWGqhOkvZ3p2WeIjlJwo9fjIoxILM+6aLqk9lOgPlyx1vPAK8uiyL+OWImfnrmnL1CGwrEnUHsuaW+IY50LpTdReS/aPmmQN1oGqDkcPrN/RdgSHRvHDcUFWoCbYn41Ihtj6AT4IREaGdn5oJnBa1DEN3sThTL5FVh0AM+k5qDZjxJ44ZqnBhenmKL70dJYp/MDpUXvJ1DQeNaRvBvwgFD51QNn/sfhHyhpMa1j0k8zAIpZTzPOIqU2OydAsO4LPSJgYvi1T7Ycl7psCHrrZ4+hQsW5iyISDUl0ReF+cmQ1iBM+9bdaxksrRdMTlTCkWlCq+dBQsSoHwXptwyYt+qA9mPBRdlomG3A4L0Hb+ikEc/YrxtKSVEKqfqdGHAS3PeqbaPEUK1n20onpNErFiL4aOweQZdDKgWWoBGRIB4pxW6rdPGwPga5rUmO6ZNvHYzbNrMiTanypwxb7gBNiK3Yz83e+ME2l8AdXvydu7h82jxMRCc/llO5NBQ35V/7syGxdzg1LJe/JlExY1y6IhNYh903evN7j1sYxnFJVWHqgQY2eFxTpwzxuzuXYd6jb43foO41ktZW6Z2O7+x0hlErveb3sjPLHipfqkbhtBWZKVKWh28oTkQC8ofOHln2TPNTYOHbgw+0bfXc5yt+Z5MoqU/AD9H8NoUbRfCikEZBqek7Bec7MhxFrWQDOeJMw+chDsbkudYVygT2cESgkhZoprpRr0Z/OSpdo58rMrglJGSzYjBzobQdipYCikXE5p31gUA9yPe5QEiRLpn7FfvpLD4+T2EmB6HmynhX6GBKUHACj7e1X5SjdjfyHa4+r+7Q1BJPgJqm8mtoCa4yxvO8BJDdrcWOEn4sQepNqqJjGDZbJWVGbVIbcyd1V9/uDxCSL+UN1180LCkREG7CxzaEnKHT5iEPSCRzuXGw1OnVzRAiHgnxE5Opm9qyZKaykwIT4Hgh1NGiM/KO50qvgTrV4pL5DhKVTT3u0q8ozNlAHsFPq5I4+E9Mz3VuMx9JkhdoI4FcnLfIYMjUatXu7hkRarLAAccYKkT0Zz3H9aGqgUhXyz68JwRVcT8DUQfVMuMAyZ1OOMPEuACX2U5Y+bmxHR/IP+KqOhNO+4nvNPwUfH3fEIfZrKPtJYfVkkUDBDI7MAoIs1uMT/2AHoWyV19ZirrwZ53jlrQCaYPFT7rHtTcHhM4xpgezgoY312VTrs07knE94EQ8b0nSwA8/eEBWoTBSP27W6imZIjVaBhN4hjX7r8PtJLxEtDMza1t6vvi48lnF+gXwFprbAiX9G+hUYRST2vPJiKSw//VPlMjTnKFkkRT6joG3dCRfwfJc0NQjHFIyMLKmeR4A/5XZzx6OG1Kl8jcyG/WRbscfsjOSrNpjpRtryquTIi+u7OrPaNP0jUxljQiX2QXy+qvTIyj48QFmcCnpKaQ4H6A5iDgMhKQvugEXjboQ20ljfYwzXDHXxJLB1LDwcxWrKrab57NgA4fmytM2MCqvhdpoj+29v2HT7AExYOY8mK7sLYLaEe2SNo6vXxIhiYQW1NkkN2Ooa9aaEGpp+hg/+iWxMeuaC2/V1/TeyBQQLTAOkNX0rngbV0epuvj1s85WD0IZac5wO+LOjC2jmva1kXpOLc979FoNpDua7rx//bw3x8HctoT
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-08-28T07:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d860e45d-45c4-4cc6-853a-a4919ef1c06b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:40:36.000Z",
"modified": "2023-08-28T07:40:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/e8cdb541ecfffd85cd71fe64b08ed06728b7c14c4079a51b85b0032178338617",
"category": "External analysis",
"uuid": "b853e550-4918-40e3-bb39-571acc853087"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/56",
"category": "Other",
"uuid": "1e8f7783-19db-4356-853e-d23973c22573"
}
],
"x_misp_comment": "1b254621918e9f35783c870d045e6bc0ed66696a: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e531372c-3160-47dc-91dc-5f87dad65f8b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:40:36.000Z",
"modified": "2023-08-28T07:40:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/ip_address/89.117.55.98",
"category": "External analysis",
"uuid": "fcab2487-2cf9-4116-8ae5-f43b25ce567a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/88",
"category": "Other",
"uuid": "7fe503fe-22c9-4c01-a320-bf8b2602bb3f"
}
],
"x_misp_comment": "1b254621918e9f35783c870d045e6bc0ed66696a: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ddf4454a-6f31-4e1d-8493-c61a53a966ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-08-28T07:40:36.000Z",
"modified": "2023-08-28T07:40:36.000Z",
"description": "1b254621918e9f35783c870d045e6bc0ed66696a: Enriched via the virustotal module",
"pattern": "[domain-name:resolves_to_refs[*].value = '89.117.55.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-08-28T07:40:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink