{ "type": "bundle", "id": "bundle--56f8e284-5b54-46d4-814d-3f2f02de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T08:02:33.000Z", "modified": "2016-03-28T08:02:33.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56f8e284-5b54-46d4-814d-3f2f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T08:02:33.000Z", "modified": "2016-03-28T08:02:33.000Z", "name": "OSINT - McAfee Labs Threat Advisory Ransomware-Locky", "published": "2016-03-28T08:12:52Z", "object_refs": [ "indicator--56f8e2b8-0c7c-4feb-8a9f-3f2b02de0b81", "indicator--56f8e2b9-7d3c-4f53-87a9-3f2b02de0b81", "indicator--56f8e2b9-ff70-4ebf-9e22-3f2b02de0b81", "indicator--56f8e2b9-b300-47de-bb8c-3f2b02de0b81", "indicator--56f8e2ba-a25c-4c09-a712-3f2b02de0b81", "indicator--56f8e2ba-a890-4712-a06f-3f2b02de0b81", "indicator--56f8e2ba-a53c-450e-bb42-3f2b02de0b81", "indicator--56f8e2ba-7bbc-4d5b-90a4-3f2b02de0b81", "observed-data--56f8e519-f5d0-4992-84da-3f5d02de0b81", "url--56f8e519-f5d0-4992-84da-3f5d02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "malware_classification:malware-category=\"Ransomware\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2b8-0c7c-4feb-8a9f-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:24.000Z", "modified": "2016-03-28T07:52:24.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.181.171.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2b9-7d3c-4f53-87a9-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:25.000Z", "modified": "2016-03-28T07:52:25.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.30.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2b9-ff70-4ebf-9e22-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:25.000Z", "modified": "2016-03-28T07:52:25.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.196']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2b9-b300-47de-bb8c-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:25.000Z", "modified": "2016-03-28T07:52:25.000Z", "description": "Imported via the freetext import.", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2ba-a25c-4c09-a712-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:26.000Z", "modified": "2016-03-28T07:52:26.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'pvwinlrmwvccuo.eu']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2ba-a890-4712-a06f-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:26.000Z", "modified": "2016-03-28T07:52:26.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'cgavqeodnop.it']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2ba-a53c-450e-bb42-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:26.000Z", "modified": "2016-03-28T07:52:26.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'kqlxtqptsmys.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56f8e2ba-7bbc-4d5b-90a4-3f2b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T07:52:26.000Z", "modified": "2016-03-28T07:52:26.000Z", "description": "Imported via the freetext import.", "pattern": "[domain-name:value = 'wblejsfob.pw']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-28T07:52:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56f8e519-f5d0-4992-84da-3f5d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-28T08:02:33.000Z", "modified": "2016-03-28T08:02:33.000Z", "first_observed": "2016-03-28T08:02:33Z", "last_observed": "2016-03-28T08:02:33Z", "number_observed": 1, "object_refs": [ "url--56f8e519-f5d0-4992-84da-3f5d02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56f8e519-f5d0-4992-84da-3f5d02de0b81", "value": "https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }