300 lines
No EOL
12 KiB
JSON
300 lines
No EOL
12 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--56d4b32d-664c-4647-a748-1362950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:25:02.000Z",
|
|
"modified": "2016-02-29T21:25:02.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--56d4b32d-664c-4647-a748-1362950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:25:02.000Z",
|
|
"modified": "2016-02-29T21:25:02.000Z",
|
|
"name": "OSINT - New Hacking team samples (OSX)",
|
|
"published": "2016-02-29T21:25:12Z",
|
|
"object_refs": [
|
|
"indicator--56d4b488-ae78-464f-a218-1363950d210f",
|
|
"indicator--56d4b489-a684-4f7a-a0fb-1363950d210f",
|
|
"indicator--56d4b489-9400-4c37-8e64-1363950d210f",
|
|
"observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f",
|
|
"url--56d4b489-bab0-4bc1-bc3f-1363950d210f",
|
|
"indicator--56d4b55f-1790-4a76-b14f-136602de0b81",
|
|
"indicator--56d4b55f-0494-4e05-bbd1-136602de0b81",
|
|
"observed-data--56d4b560-1cec-475e-a298-136602de0b81",
|
|
"url--56d4b560-1cec-475e-a298-136602de0b81",
|
|
"indicator--56d4b560-f868-4c50-a9dd-136602de0b81",
|
|
"indicator--56d4b560-d8b8-4625-8d5b-136602de0b81",
|
|
"observed-data--56d4b561-8b38-4590-9a9e-136602de0b81",
|
|
"url--56d4b561-8b38-4590-9a9e-136602de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"circl:incident-classification=\"malware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b488-ae78-464f-a218-1363950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:13:44.000Z",
|
|
"modified": "2016-02-29T21:13:44.000Z",
|
|
"description": "ZIP with dropper",
|
|
"pattern": "[file:hashes.SHA256 = '2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:13:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b489-a684-4f7a-a0fb-1363950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:13:45.000Z",
|
|
"modified": "2016-02-29T21:13:45.000Z",
|
|
"description": "Dropper binary",
|
|
"pattern": "[file:hashes.SHA256 = '58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:13:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b489-9400-4c37-8e64-1363950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:13:45.000Z",
|
|
"modified": "2016-02-29T21:13:45.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.71.254.212']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:13:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:25:02.000Z",
|
|
"modified": "2016-02-29T21:25:02.000Z",
|
|
"first_observed": "2016-02-29T21:25:02Z",
|
|
"last_observed": "2016-02-29T21:25:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56d4b489-bab0-4bc1-bc3f-1363950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56d4b489-bab0-4bc1-bc3f-1363950d210f",
|
|
"value": "https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b55f-1790-4a76-b14f-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:19.000Z",
|
|
"modified": "2016-02-29T21:17:19.000Z",
|
|
"description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273",
|
|
"pattern": "[file:hashes.SHA1 = 'df0c428657f8d317a9617a209ed1998860f22c42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:17:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b55f-0494-4e05-bbd1-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:19.000Z",
|
|
"modified": "2016-02-29T21:17:19.000Z",
|
|
"description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273",
|
|
"pattern": "[file:hashes.MD5 = 'e2b81bed4472087dca00bee18acbce04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:17:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56d4b560-1cec-475e-a298-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:20.000Z",
|
|
"modified": "2016-02-29T21:17:20.000Z",
|
|
"first_observed": "2016-02-29T21:17:20Z",
|
|
"last_observed": "2016-02-29T21:17:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56d4b560-1cec-475e-a298-136602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56d4b560-1cec-475e-a298-136602de0b81",
|
|
"value": "https://www.virustotal.com/file/58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273/analysis/1456779730/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b560-f868-4c50-a9dd-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:20.000Z",
|
|
"modified": "2016-02-29T21:17:20.000Z",
|
|
"description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947",
|
|
"pattern": "[file:hashes.SHA1 = '64341827760eb2d4ac4107b6d18c6942d3d69cba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:17:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56d4b560-d8b8-4625-8d5b-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:20.000Z",
|
|
"modified": "2016-02-29T21:17:20.000Z",
|
|
"description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947",
|
|
"pattern": "[file:hashes.MD5 = '92d4556d3d594b987044106388d484b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-29T21:17:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56d4b561-8b38-4590-9a9e-136602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-02-29T21:17:21.000Z",
|
|
"modified": "2016-02-29T21:17:21.000Z",
|
|
"first_observed": "2016-02-29T21:17:21Z",
|
|
"last_observed": "2016-02-29T21:17:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56d4b561-8b38-4590-9a9e-136602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56d4b561-8b38-4590-9a9e-136602de0b81",
|
|
"value": "https://www.virustotal.com/file/2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947/analysis/1456767669/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |