{ "type": "bundle", "id": "bundle--013585af-ba0a-480a-8f2f-48df896d9229", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T12:40:21.000Z", "modified": "2022-08-19T12:40:21.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--013585af-ba0a-480a-8f2f-48df896d9229", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T12:40:21.000Z", "modified": "2022-08-19T12:40:21.000Z", "name": "OSINT - JSSLoader: the shellcode edition", "published": "2022-08-19T12:40:55Z", "object_refs": [ "indicator--33ff2767-0cd0-4f23-8d5e-ef4e7c599a31", "indicator--328fe82a-fbab-4589-9a7b-11e5caef263a", "indicator--42764a9c-4661-481b-acd0-66649ddcf5cb", "indicator--6b066e8f-f78f-43f4-9331-8cdd54c8e719", "indicator--3d35309b-d8b1-4c14-b565-2d158cbc6b59", "indicator--92e60ec9-126c-4708-b444-04ade49d2d2c", "indicator--2281dea8-11e1-4763-976a-f312d7fb0154", "indicator--9a498744-8261-428a-98bf-49d000228346", "indicator--b765a67f-1c41-4c2f-92c0-c654b37adff5", "indicator--e081fdb9-1972-4090-bfc4-123e792897a1", "indicator--6d0ce48e-c437-46de-ae24-7472fbea594b", "indicator--1406da62-389f-4c9b-8112-8a2eeb651c48", "indicator--8d74be00-dc29-43aa-8497-db3684056d65", "indicator--79754502-9a01-49f3-858f-9696336fd465", "indicator--d72a4609-ff18-46b7-8921-eac3740002d4", "indicator--00698b4e-497c-459d-94fa-e12da80c9008", "indicator--cfdc5e5b-057b-49cd-b9db-646250947783", "x-misp-object--aaff4760-ea84-46a6-a79a-27919f325ed3", "observed-data--9560a135-3e58-4c09-bade-b3109a40ec35", "user-account--9560a135-3e58-4c09-bade-b3109a40ec35", "observed-data--c41f294b-2395-4d53-a671-577483c9180b", "user-account--c41f294b-2395-4d53-a671-577483c9180b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\"", "misp-galaxy:threat-actor=\"FIN7\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "tlp:clear" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--33ff2767-0cd0-4f23-8d5e-ef4e7c599a31", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = 'cc2171d14d0d3c4d117155185f7c911f781aac15b57adef6c32eb0149d5da3ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--328fe82a-fbab-4589-9a7b-11e5caef263a", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = 'bf1371e2d79115fc7cfc89266cd7a59c02b04a74e1246435392eb5e20c661d8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42764a9c-4661-481b-acd0-66649ddcf5cb", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = 'b08e713196b712c42da2df9da7836d270306065fbf6d4720f25d80e4104daf38']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6b066e8f-f78f-43f4-9331-8cdd54c8e719", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = '7a234d1a2415834290a3a9c7274aadb7253dcfe24edb10b22f1a4a33fd027a08']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--3d35309b-d8b1-4c14-b565-2d158cbc6b59", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = '7a17ef218eebfdd4d3e70add616adcd5b78105becd6616c88b79b261d1a78fdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--92e60ec9-126c-4708-b444-04ade49d2d2c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = '410cd107dfd37752936bd20d022ea614cd373aa9d37db255f65dc434e653236a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2281dea8-11e1-4763-976a-f312d7fb0154", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:56:44.000Z", "modified": "2022-08-19T11:56:44.000Z", "pattern": "[file:hashes.SHA256 = '35f5c781d61d398ce47a8881228346a81afb4915bf083518bf2b4cc8d6a2685b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:56:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9a498744-8261-428a-98bf-49d000228346", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.SHA1 = '529f476f952fd1526d2038cb0012e5bdd8a702f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b765a67f-1c41-4c2f-92c0-c654b37adff5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.SHA1 = '0eaf6289dd7ebe8ae0879a4a72d1518e1d4ffac9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--e081fdb9-1972-4090-bfc4-123e792897a1", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.MD5 = 'f1aff007c04c6fd3739dbeac537edaaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6d0ce48e-c437-46de-ae24-7472fbea594b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.MD5 = '4a1e60be00e59617d53122d70c64506c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1406da62-389f-4c9b-8112-8a2eeb651c48", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.MD5 = '4961aec62fac8beeafffa5bfc841fab8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--8d74be00-dc29-43aa-8497-db3684056d65", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.MD5 = '2956c03bff952b22387eed8172a26ba5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--79754502-9a01-49f3-858f-9696336fd465", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:58:24.000Z", "modified": "2022-08-19T11:58:24.000Z", "pattern": "[file:hashes.MD5 = '1e12ac069c1898ffe271ebdfcbd689c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:58:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d72a4609-ff18-46b7-8921-eac3740002d4", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:59:12.000Z", "modified": "2022-08-19T11:59:12.000Z", "pattern": "[file:hashes.SHA1 = 'd2742d7c4b7454745795c547594bb4f9dbddecfe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--00698b4e-497c-459d-94fa-e12da80c9008", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:59:12.000Z", "modified": "2022-08-19T11:59:12.000Z", "pattern": "[file:hashes.SHA1 = '9d0f6c8be3214eee1dda6ebb4bb41ef97cfe28b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cfdc5e5b-057b-49cd-b9db-646250947783", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T11:59:12.000Z", "modified": "2022-08-19T11:59:12.000Z", "pattern": "[file:hashes.SHA1 = '5c7b4da950b0f1845b38ef1aa11ca41b4731c766']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-08-19T11:59:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--aaff4760-ea84-46a6-a79a-27919f325ed3", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T12:05:45.000Z", "modified": "2022-08-19T12:05:45.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://malwarebytes.app.box.com/s/ym6r7o5hq0rx2nxjbctfv2sw5vx386ni", "category": "External analysis", "uuid": "fadbc54c-4adb-46b8-9d9e-b001f35b0f44" }, { "type": "text", "object_relation": "summary", "value": "JSSLoader: the shellcode edition", "category": "Other", "uuid": "ddcaf51a-7f89-4427-b93d-82804562da14" }, { "type": "text", "object_relation": "type", "value": "Report", "category": "Other", "uuid": "8555a473-687e-475b-943b-1d9cdb633669" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--9560a135-3e58-4c09-bade-b3109a40ec35", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T12:11:14.000Z", "modified": "2022-08-19T12:11:14.000Z", "first_observed": "2022-08-19T12:11:14Z", "last_observed": "2022-08-19T12:11:14Z", "number_observed": 1, "object_refs": [ "user-account--9560a135-3e58-4c09-bade-b3109a40ec35" ], "labels": [ "misp:name=\"github-user\"", "misp:meta-category=\"misc\"", "misp:to_ids=\"False\"" ] }, { "type": "user-account", "spec_version": "2.1", "id": "user-account--9560a135-3e58-4c09-bade-b3109a40ec35", "account_login": "hasherezade", "account_type": "github", "x_misp_repository": "https://gist.github.com/hasherezade/6eb355c2c81e640e7470fafe4db3f069" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c41f294b-2395-4d53-a671-577483c9180b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-08-19T12:13:37.000Z", "modified": "2022-08-19T12:13:37.000Z", "first_observed": "2022-08-19T12:13:37Z", "last_observed": "2022-08-19T12:13:37Z", "number_observed": 1, "object_refs": [ "user-account--c41f294b-2395-4d53-a671-577483c9180b" ], "labels": [ "misp:name=\"github-user\"", "misp:meta-category=\"misc\"", "misp:to_ids=\"False\"" ] }, { "type": "user-account", "spec_version": "2.1", "id": "user-account--c41f294b-2395-4d53-a671-577483c9180b", "account_login": "hasherezade", "account_type": "github", "x_misp_repository": "https://gist.github.com/hasherezade/4048e435cda43be374277afb06744ab1" } ] }