misp-circl-feed/feeds/circl/stix-2.1/5b646415-7b48-40d5-86b4-c0070acd0835.json

{
    "type": "bundle",
    "id": "bundle--5b646415-7b48-40d5-86b4-c0070acd0835",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:21:29.000Z",
            "modified": "2018-08-03T14:21:29.000Z",
            "name": "Synovus Financial",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5b646415-7b48-40d5-86b4-c0070acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:21:29.000Z",
            "modified": "2018-08-03T14:21:29.000Z",
            "name": "Ursnif, MALWAREMESSIAGH",
            "published": "2018-08-03T14:36:26Z",
            "object_refs": [
                "indicator--5b6464ca-e73c-4707-9b8a-d0350acd0835",
                "indicator--5b6464ca-45f8-43d0-8b78-d0350acd0835",
                "indicator--5b6464ca-8c84-4c2d-95d9-d0350acd0835",
                "indicator--5b6464ca-e0a0-40e0-8e21-d0350acd0835",
                "indicator--5b6464e9-e73c-484d-a0b3-c0070acd0835"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "PasteBin: MALWAREMESSIAGH",
                "misp-galaxy:banker=\"Gozi\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b6464ca-e73c-4707-9b8a-d0350acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:20:58.000Z",
            "modified": "2018-08-03T14:20:58.000Z",
            "description": "Ursnif",
            "pattern": "[domain-name:value = 'ooiasjdnqjwbeasdasd.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-08-03T14:20:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b6464ca-45f8-43d0-8b78-d0350acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:20:58.000Z",
            "modified": "2018-08-03T14:20:58.000Z",
            "description": "Ursnif",
            "pattern": "[domain-name:value = 'eqowiesajenqweasd.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-08-03T14:20:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b6464ca-8c84-4c2d-95d9-d0350acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:20:58.000Z",
            "modified": "2018-08-03T14:20:58.000Z",
            "description": "Ursnif",
            "pattern": "[domain-name:value = 'dquohwdihaewqdcas.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-08-03T14:20:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b6464ca-e0a0-40e0-8e21-d0350acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:20:58.000Z",
            "modified": "2018-08-03T14:20:58.000Z",
            "description": "Ursnif",
            "pattern": "[domain-name:value = 'diqjwhebseqhbasdh.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-08-03T14:20:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b6464e9-e73c-484d-a0b3-c0070acd0835",
            "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
            "created": "2018-08-03T14:21:29.000Z",
            "modified": "2018-08-03T14:21:29.000Z",
            "description": "Ursnif dropped file",
            "pattern": "[url:value = 'http://sistemait.it/softaculous/backup/client.rar']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-08-03T14:21:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        }
    ]
}