misp-circl-feed/feeds/circl/stix-2.1/58e743e1-3008-4198-a310-4c82950d210f.json

356 lines
No EOL
15 KiB
JSON

{
"type": "bundle",
"id": "bundle--58e743e1-3008-4198-a310-4c82950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:20:28.000Z",
"modified": "2017-04-07T10:20:28.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58e743e1-3008-4198-a310-4c82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:20:28.000Z",
"modified": "2017-04-07T10:20:28.000Z",
"name": "OSINT - Off-the-shelf Ransomware Used to Target the Healthcare Sector",
"published": "2017-04-07T10:20:47Z",
"object_refs": [
"observed-data--58e743f1-872c-4a07-bbfd-4cdd950d210f",
"url--58e743f1-872c-4a07-bbfd-4cdd950d210f",
"indicator--58e744b0-d9c8-434f-8e60-41ae950d210f",
"indicator--58e744b1-3374-4ccd-8bae-49d8950d210f",
"indicator--58e744b2-3a74-46e3-a772-4ab4950d210f",
"indicator--58e744b3-c92c-4f2c-b650-4242950d210f",
"indicator--58e744b4-8af0-4217-a0ea-49c1950d210f",
"indicator--58e76791-9968-48b8-a6fb-44bf02de0b81",
"indicator--58e76792-8910-4731-b851-427b02de0b81",
"observed-data--58e76793-77e8-406c-b283-409402de0b81",
"url--58e76793-77e8-406c-b283-409402de0b81",
"indicator--58e76794-df5c-430e-966c-467302de0b81",
"indicator--58e76795-6f78-481f-a454-4f9802de0b81",
"observed-data--58e76796-0eb0-4f71-8fd8-47fa02de0b81",
"url--58e76796-0eb0-4f71-8fd8-47fa02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e743f1-872c-4a07-bbfd-4cdd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:20:07.000Z",
"modified": "2017-04-07T10:20:07.000Z",
"first_observed": "2017-04-07T10:20:07Z",
"last_observed": "2017-04-07T10:20:07Z",
"number_observed": 1,
"object_refs": [
"url--58e743f1-872c-4a07-bbfd-4cdd950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e743f1-872c-4a07-bbfd-4cdd950d210f",
"value": "https://blogs.forcepoint.com/security-labs/shelf-ransomware-used-target-healthcare-sector"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e744b0-d9c8-434f-8e60-41ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:51.000Z",
"modified": "2017-04-07T10:18:51.000Z",
"description": "Download links",
"pattern": "[url:value = 'https://kaspersky.dattodrive.com/index.php/s/lhodbNAIcoNF6yb/download']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e744b1-3374-4ccd-8bae-49d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:51.000Z",
"modified": "2017-04-07T10:18:51.000Z",
"description": "Download links",
"pattern": "[url:value = 'http://87i03clk4zcw06uy1cv5.nl/mass/hospital/spam/payload/WINWORD.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e744b2-3a74-46e3-a772-4ab4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:51.000Z",
"modified": "2017-04-07T10:18:51.000Z",
"description": "Ransomware C2",
"pattern": "[url:value = 'http://87i03clk4zcw06uy1cv5.nl/mass/hospital/spam/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e744b3-c92c-4f2c-b650-4242950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:51.000Z",
"modified": "2017-04-07T10:18:51.000Z",
"description": "DOCX file",
"pattern": "[file:hashes.SHA256 = '0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e744b4-8af0-4217-a0ea-49c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:51.000Z",
"modified": "2017-04-07T10:18:51.000Z",
"description": "Philadelphia",
"pattern": "[file:hashes.SHA256 = '2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"malware_classification:malware-category=\"Ransomware\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76791-9968-48b8-a6fb-44bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:57.000Z",
"modified": "2017-04-07T10:18:57.000Z",
"description": "Philadelphia - Xchecked via VT: 2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"pattern": "[file:hashes.SHA1 = '448c93e79bf0741798ed99bb3108d1ceb90b6901']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"malware_classification:malware-category=\"Ransomware\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76792-8910-4731-b851-427b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:58.000Z",
"modified": "2017-04-07T10:18:58.000Z",
"description": "Philadelphia - Xchecked via VT: 2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"pattern": "[file:hashes.MD5 = '0a380f789a882f7c4e11a1b4f87bb4fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:18:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"malware_classification:malware-category=\"Ransomware\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76793-77e8-406c-b283-409402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:18:59.000Z",
"modified": "2017-04-07T10:18:59.000Z",
"first_observed": "2017-04-07T10:18:59Z",
"last_observed": "2017-04-07T10:18:59Z",
"number_observed": 1,
"object_refs": [
"url--58e76793-77e8-406c-b283-409402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"malware_classification:malware-category=\"Ransomware\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76793-77e8-406c-b283-409402de0b81",
"value": "https://www.virustotal.com/file/2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c/analysis/1491192472/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76794-df5c-430e-966c-467302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:19:00.000Z",
"modified": "2017-04-07T10:19:00.000Z",
"description": "DOCX file - Xchecked via VT: 0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483",
"pattern": "[file:hashes.SHA1 = '7807eecce4b89564901caa1d3abd827f6438fcd5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:19:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76795-6f78-481f-a454-4f9802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:19:01.000Z",
"modified": "2017-04-07T10:19:01.000Z",
"description": "DOCX file - Xchecked via VT: 0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483",
"pattern": "[file:hashes.MD5 = '9f86684abeb100455295a9a3f86e0d99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:19:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76796-0eb0-4f71-8fd8-47fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:19:02.000Z",
"modified": "2017-04-07T10:19:02.000Z",
"first_observed": "2017-04-07T10:19:02Z",
"last_observed": "2017-04-07T10:19:02Z",
"number_observed": 1,
"object_refs": [
"url--58e76796-0eb0-4f71-8fd8-47fa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76796-0eb0-4f71-8fd8-47fa02de0b81",
"value": "https://www.virustotal.com/file/0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483/analysis/1491275798/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}