{ "type": "bundle", "id": "bundle--57a05786-71b8-49a2-892e-32ec950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:22:49.000Z", "modified": "2016-08-02T08:22:49.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--57a05786-71b8-49a2-892e-32ec950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:22:49.000Z", "modified": "2016-08-02T08:22:49.000Z", "name": "OSINT - LuminosityLink RAT", "published": "2016-08-02T08:23:46Z", "object_refs": [ "observed-data--57a05794-7ea4-47f7-9fc3-32ee950d210f", "url--57a05794-7ea4-47f7-9fc3-32ee950d210f", "indicator--57a057a8-1dfc-4534-a5f5-32ea950d210f", "indicator--57a057ba-045c-48c4-b603-32f3950d210f", "observed-data--57a057e6-aa78-4e17-b3e6-32f2950d210f", "domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f", "observed-data--57a05801-3198-41a9-b077-32f1950d210f", "x509-certificate--57a05801-3198-41a9-b077-32f1950d210f", "indicator--57a0581f-4d64-4314-92c0-32eb02de0b81", "indicator--57a05820-5d1c-4df7-af97-32eb02de0b81", "observed-data--57a05820-d2f0-4bd8-9425-32eb02de0b81", "url--57a05820-d2f0-4bd8-9425-32eb02de0b81", "x-misp-attribute--57a05859-655c-497b-8482-35fb950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "ecsirt:malicious-code=\"malware\"", "circl:incident-classification=\"malware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57a05794-7ea4-47f7-9fc3-32ee950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:19:32.000Z", "modified": "2016-08-02T08:19:32.000Z", "first_observed": "2016-08-02T08:19:32Z", "last_observed": "2016-08-02T08:19:32Z", "number_observed": 1, "object_refs": [ "url--57a05794-7ea4-47f7-9fc3-32ee950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57a05794-7ea4-47f7-9fc3-32ee950d210f", "value": "https://virustotal.com/en/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57a057a8-1dfc-4534-a5f5-32ea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:19:52.000Z", "modified": "2016-08-02T08:19:52.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.123.44.134']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-02T08:19:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57a057ba-045c-48c4-b603-32f3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:20:10.000Z", "modified": "2016-08-02T08:20:10.000Z", "pattern": "[file:hashes.SHA256 = 'e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-02T08:20:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57a057e6-aa78-4e17-b3e6-32f2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:20:54.000Z", "modified": "2016-08-02T08:20:54.000Z", "first_observed": "2016-08-02T08:20:54Z", "last_observed": "2016-08-02T08:20:54Z", "number_observed": 1, "object_refs": [ "domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f" ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f", "value": "zippa.biz" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57a05801-3198-41a9-b077-32f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:21:21.000Z", "modified": "2016-08-02T08:21:21.000Z", "first_observed": "2016-08-02T08:21:21Z", "last_observed": "2016-08-02T08:21:21Z", "number_observed": 1, "object_refs": [ "x509-certificate--57a05801-3198-41a9-b077-32f1950d210f" ], "labels": [ "misp:type=\"x509-fingerprint-sha1\"", "misp:category=\"Payload delivery\"" ] }, { "type": "x509-certificate", "spec_version": "2.1", "id": "x509-certificate--57a05801-3198-41a9-b077-32f1950d210f", "hashes": { "SHA-1": "c1e2727e8fb206f126c10c3ba9a5474874b6bb55" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57a0581f-4d64-4314-92c0-32eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:21:51.000Z", "modified": "2016-08-02T08:21:51.000Z", "description": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85", "pattern": "[file:hashes.SHA1 = '76ca6782aa5e63d61144225d1b9c282af8fe2259']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-02T08:21:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--57a05820-5d1c-4df7-af97-32eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:21:52.000Z", "modified": "2016-08-02T08:21:52.000Z", "description": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85", "pattern": "[file:hashes.MD5 = '63116861ea68c75441b6915bbeab0919']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-08-02T08:21:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--57a05820-d2f0-4bd8-9425-32eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:21:52.000Z", "modified": "2016-08-02T08:21:52.000Z", "first_observed": "2016-08-02T08:21:52Z", "last_observed": "2016-08-02T08:21:52Z", "number_observed": 1, "object_refs": [ "url--57a05820-d2f0-4bd8-9425-32eb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--57a05820-d2f0-4bd8-9425-32eb02de0b81", "value": "https://www.virustotal.com/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/1470111161/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--57a05859-655c-497b-8482-35fb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-08-02T08:22:49.000Z", "modified": "2016-08-02T08:22:49.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_comment": "From https://virustotal.com/en/user/benkow_/", "x_misp_type": "comment", "x_misp_value": "190.123.44.134|4288|190.123.44.134|Soundmgr.exe|Sound|Packet|Monitor|clientmonitor.exe|eb894fba356e3be7fb05313de362d5b1c44df50ce3e77ba89f295ee647a332d1|Nnamdi|1idsanmvhb|" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }