{ "type": "bundle", "id": "bundle--5c12139d-11a8-44d4-bb77-42b7950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:35:07.000Z", "modified": "2018-12-13T08:35:07.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5c12139d-11a8-44d4-bb77-42b7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:35:07.000Z", "modified": "2018-12-13T08:35:07.000Z", "name": "New version of Shamoon, affecting the Italian arm of Saudi Aramco", "context": "suspicious-activity", "object_refs": [ "x-misp-object--5c12164d-8334-4dc1-b675-6985950d210f", "indicator--5c1216a5-48fc-4394-90af-4c1c950d210f", "indicator--5c1216f3-6298-46e3-9ed9-0d1b950d210f", "indicator--5c121701-d5f4-4c11-b32a-0d1b950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:tool=\"Shamoon\"", "workflow:todo=\"expansion\"", "osint:source-type=\"microblog-post\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5c12164d-8334-4dc1-b675-6985950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:20:29.000Z", "modified": "2018-12-13T08:20:29.000Z", "labels": [ "misp:name=\"microblog\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "text", "object_relation": "post", "value": "New version of Shamoon, affecting the Italian arm of Saudi Aramco. MD5: b41f586fc9c95c66f0967f1592641a85, 001d216ee755f0bc96125892e2fb3e3a, de07c4ac94a50663851e5dabe6e50d1f.", "category": "Other", "uuid": "5c12164d-be28-480f-ba62-6985950d210f" }, { "type": "text", "object_relation": "type", "value": "Twitter", "category": "Other", "uuid": "5c12164e-684c-46f8-a983-6985950d210f" }, { "type": "url", "object_relation": "url", "value": "https://mobile.twitter.com/hexcapes/status/1072852775279751169", "category": "Network activity", "to_ids": true, "uuid": "5c12164e-4f00-4c8e-9ca4-6985950d210f" }, { "type": "datetime", "object_relation": "creation-date", "value": "Dec 12, 2018 2:56 PM", "category": "Other", "uuid": "5c12164e-6fb4-4474-9dd4-6985950d210f" }, { "type": "text", "object_relation": "username", "value": "@hexcapes", "category": "Other", "uuid": "5c12164f-a554-4263-b0c3-6985950d210f" } ], "x_misp_meta_category": "misc", "x_misp_name": "microblog" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c1216a5-48fc-4394-90af-4c1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:21:57.000Z", "modified": "2018-12-13T08:21:57.000Z", "pattern": "[file:hashes.MD5 = 'b41f586fc9c95c66f0967f1592641a85' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-13T08:21:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c1216f3-6298-46e3-9ed9-0d1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:23:15.000Z", "modified": "2018-12-13T08:23:15.000Z", "pattern": "[file:hashes.MD5 = '001d216ee755f0bc96125892e2fb3e3a' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-13T08:23:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c121701-d5f4-4c11-b32a-0d1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-12-13T08:23:29.000Z", "modified": "2018-12-13T08:23:29.000Z", "pattern": "[file:hashes.MD5 = 'de07c4ac94a50663851e5dabe6e50d1f' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-12-13T08:23:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }