adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56d61087-d19c-4552-9802-48fe02de0b81.json

148 lines
No EOL
6.9 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--56d61087-d19c-4552-9802-48fe02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:18:53.000Z",
"modified": "2016-03-01T22:18:53.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56d61087-d19c-4552-9802-48fe02de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:18:53.000Z",
"modified": "2016-03-01T22:18:53.000Z",
"name": "OSINT APT Bestia used in APT attacks on Polish Government",
"published": "2016-03-01T22:19:11Z",
"object_refs": [
"observed-data--56d61119-760c-4b21-b93f-45e602de0b81",
"url--56d61119-760c-4b21-b93f-45e602de0b81",
"observed-data--56d61119-bb30-4d1c-b53e-45e602de0b81",
"url--56d61119-bb30-4d1c-b53e-45e602de0b81",
"observed-data--56d61154-cccc-449e-9a91-49a702de0b81",
"url--56d61154-cccc-449e-9a91-49a702de0b81",
"indicator--56d6154d-5ec0-4699-a570-484402de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d61119-760c-4b21-b93f-45e602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:00:57.000Z",
"modified": "2016-03-01T22:00:57.000Z",
"first_observed": "2016-03-01T22:00:57Z",
"last_observed": "2016-03-01T22:00:57Z",
"number_observed": 1,
"object_refs": [
"url--56d61119-760c-4b21-b93f-45e602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d61119-760c-4b21-b93f-45e602de0b81",
"value": "https://twitter.com/yararules/status/704613871294746625"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d61119-bb30-4d1c-b53e-45e602de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:00:57.000Z",
"modified": "2016-03-01T22:00:57.000Z",
"first_observed": "2016-03-01T22:00:57Z",
"last_observed": "2016-03-01T22:00:57Z",
"number_observed": 1,
"object_refs": [
"url--56d61119-bb30-4d1c-b53e-45e602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d61119-bb30-4d1c-b53e-45e602de0b81",
"value": "https://zaufanatrzeciastrona.pl/post/ukierunkowany-atak-na-pracownikow-polskich-samorzadow/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d61154-cccc-449e-9a91-49a702de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:01:56.000Z",
"modified": "2016-03-01T22:01:56.000Z",
"first_observed": "2016-03-01T22:01:56Z",
"last_observed": "2016-03-01T22:01:56Z",
"number_observed": 1,
"object_refs": [
"url--56d61154-cccc-449e-9a91-49a702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d61154-cccc-449e-9a91-49a702de0b81",
"value": "https://github.com/Yara-Rules/rules/blob/master/malware/APT_Bestia.yar"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d6154d-5ec0-4699-a570-484402de0b81",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-03-01T22:18:53.000Z",
"modified": "2016-03-01T22:18:53.000Z",
"pattern": "[rule APT_bestia\r\n{\r\nmeta:\r\n author = \"Adam Ziaja <adam@adamziaja.com> http://adamziaja.com\"\r\n date = \"2014-03-19\"\r\n description = \"Bestia.3.02.012.07 malware used in APT attacks on Polish government\"\r\n references = \"http://zaufanatrzeciastrona.pl/post/ukierunkowany-atak-na-pracownikow-polskich-samorzadow/\" /* PL */\r\n hash0 = \"9bb03bb5af40d1202378f95a6485fba8\"\r\n hash1 = \"7d9a806e0da0b869b10870dd6c7692c5\"\r\n maltype = \"apt\"\r\n filetype = \"exe\"\r\nstrings:\r\n /* generated with https://github.com/Xen0ph0n/YaraGenerator */\r\n $string0 = \"u4(UeK\"\r\n $string1 = \"nMiq/'p\"\r\n $string2 = \"_9pJMf\"\r\n $string3 = \"ICMP.DLL\"\r\n $string4 = \"EG}QAp\"\r\n $string5 = \"tsjWj:U\"\r\n $string6 = \"FileVersion\" wide\r\n $string7 = \"O2nQpp\"\r\n $string8 = \"2}W8we\"\r\n $string9 = \"ILqkC:l\"\r\n $string10 = \"f1yzMk\"\r\n $string11 = \"AutoIt v3 Script: 3, 3, 8, 1\" wide\r\n $string12 = \"wj<1uH\"\r\n $string13 = \"6fL-uD\"\r\n $string14 = \"B9Iavo<\"\r\n $string15 = \"rUS)sO\"\r\n $string16 = \"FJH{_/f\"\r\n $string17 = \"3e 03V\"\r\ncondition:\r\n 17 of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2016-03-01T22:18:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink