{ "type": "bundle", "id": "bundle--56d4b32d-664c-4647-a748-1362950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:25:02.000Z", "modified": "2016-02-29T21:25:02.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56d4b32d-664c-4647-a748-1362950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:25:02.000Z", "modified": "2016-02-29T21:25:02.000Z", "name": "OSINT - New Hacking team samples (OSX)", "published": "2016-02-29T21:25:12Z", "object_refs": [ "indicator--56d4b488-ae78-464f-a218-1363950d210f", "indicator--56d4b489-a684-4f7a-a0fb-1363950d210f", "indicator--56d4b489-9400-4c37-8e64-1363950d210f", "observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f", "url--56d4b489-bab0-4bc1-bc3f-1363950d210f", "indicator--56d4b55f-1790-4a76-b14f-136602de0b81", "indicator--56d4b55f-0494-4e05-bbd1-136602de0b81", "observed-data--56d4b560-1cec-475e-a298-136602de0b81", "url--56d4b560-1cec-475e-a298-136602de0b81", "indicator--56d4b560-f868-4c50-a9dd-136602de0b81", "indicator--56d4b560-d8b8-4625-8d5b-136602de0b81", "observed-data--56d4b561-8b38-4590-9a9e-136602de0b81", "url--56d4b561-8b38-4590-9a9e-136602de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b488-ae78-464f-a218-1363950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:13:44.000Z", "modified": "2016-02-29T21:13:44.000Z", "description": "ZIP with dropper", "pattern": "[file:hashes.SHA256 = '2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:13:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b489-a684-4f7a-a0fb-1363950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:13:45.000Z", "modified": "2016-02-29T21:13:45.000Z", "description": "Dropper binary", "pattern": "[file:hashes.SHA256 = '58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:13:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b489-9400-4c37-8e64-1363950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:13:45.000Z", "modified": "2016-02-29T21:13:45.000Z", "description": "C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.71.254.212']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:13:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:25:02.000Z", "modified": "2016-02-29T21:25:02.000Z", "first_observed": "2016-02-29T21:25:02Z", "last_observed": "2016-02-29T21:25:02Z", "number_observed": 1, "object_refs": [ "url--56d4b489-bab0-4bc1-bc3f-1363950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56d4b489-bab0-4bc1-bc3f-1363950d210f", "value": "https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b55f-1790-4a76-b14f-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:19.000Z", "modified": "2016-02-29T21:17:19.000Z", "description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273", "pattern": "[file:hashes.SHA1 = 'df0c428657f8d317a9617a209ed1998860f22c42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:17:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b55f-0494-4e05-bbd1-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:19.000Z", "modified": "2016-02-29T21:17:19.000Z", "description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273", "pattern": "[file:hashes.MD5 = 'e2b81bed4472087dca00bee18acbce04']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:17:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56d4b560-1cec-475e-a298-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:20.000Z", "modified": "2016-02-29T21:17:20.000Z", "first_observed": "2016-02-29T21:17:20Z", "last_observed": "2016-02-29T21:17:20Z", "number_observed": 1, "object_refs": [ "url--56d4b560-1cec-475e-a298-136602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56d4b560-1cec-475e-a298-136602de0b81", "value": "https://www.virustotal.com/file/58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273/analysis/1456779730/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b560-f868-4c50-a9dd-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:20.000Z", "modified": "2016-02-29T21:17:20.000Z", "description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947", "pattern": "[file:hashes.SHA1 = '64341827760eb2d4ac4107b6d18c6942d3d69cba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:17:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56d4b560-d8b8-4625-8d5b-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:20.000Z", "modified": "2016-02-29T21:17:20.000Z", "description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947", "pattern": "[file:hashes.MD5 = '92d4556d3d594b987044106388d484b3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-02-29T21:17:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56d4b561-8b38-4590-9a9e-136602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-02-29T21:17:21.000Z", "modified": "2016-02-29T21:17:21.000Z", "first_observed": "2016-02-29T21:17:21Z", "last_observed": "2016-02-29T21:17:21Z", "number_observed": 1, "object_refs": [ "url--56d4b561-8b38-4590-9a9e-136602de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56d4b561-8b38-4590-9a9e-136602de0b81", "value": "https://www.virustotal.com/file/2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947/analysis/1456767669/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }