196 lines
No EOL
7.7 KiB
JSON
196 lines
No EOL
7.7 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5cff9640-635c-4fac-b3f7-45ab950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:51:13.000Z",
|
|
"modified": "2019-06-11T12:51:13.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5cff9640-635c-4fac-b3f7-45ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:51:13.000Z",
|
|
"modified": "2019-06-11T12:51:13.000Z",
|
|
"name": "OSINT - APT Kimsuky",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"x-misp-object--5cffa078-0c70-4d25-bba5-4bea950d210f",
|
|
"indicator--5cffa1ba-f954-4bd6-8380-42b7950d210f",
|
|
"indicator--5cffa1e7-67f8-4cc2-9c8a-4bbc950d210f",
|
|
"indicator--5cffa1f8-a3cc-4485-9eba-44ca950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"misp-galaxy:threat-actor=\"Kimsuki\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"workflow:todo=\"expansion\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5cffa078-0c70-4d25-bba5-4bea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:37:12.000Z",
|
|
"modified": "2019-06-11T12:37:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"microblog\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "post",
|
|
"value": "#APT #Kimsuky\r\nITW: 6ead104743be6575e767986a71cf4bd9\r\nFileName: 1.doc\r\nITW: 03dbc1b3d79a4ff70f06fd6e67e00985\r\nFileName: The_Progress_and_Promise_of_the_Moon-Kim_Summit.doc\r\n@Arkbird_SOLG\r\n @blackorbird\r\n @cyberwar_15",
|
|
"category": "Other",
|
|
"uuid": "5cffa078-85b8-4682-a94c-47d0950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "type",
|
|
"value": "Twitter",
|
|
"category": "Other",
|
|
"uuid": "5cffa078-f384-428f-99a1-462e950d210f"
|
|
},
|
|
{
|
|
"type": "url",
|
|
"object_relation": "url",
|
|
"value": "https://mobile.twitter.com/Timele9527/status/1137903328061296640",
|
|
"category": "Network activity",
|
|
"to_ids": true,
|
|
"uuid": "5cffa079-beb4-45c0-adb9-4ebf950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username-quoted",
|
|
"value": "@Arkbird_SOLG",
|
|
"category": "Other",
|
|
"uuid": "5cffa079-a744-4dde-a4a3-4efa950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username-quoted",
|
|
"value": "@blackorbird",
|
|
"category": "Other",
|
|
"uuid": "5cffa079-7ad8-4f5d-89b0-4f60950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username-quoted",
|
|
"value": "@cyberwar_15",
|
|
"category": "Other",
|
|
"uuid": "5cffa079-65a4-4424-924c-4358950d210f"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "username",
|
|
"value": "Timele9527",
|
|
"category": "Other",
|
|
"uuid": "5cffa079-04d4-40ef-bf9b-48eb950d210f"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "creation-date",
|
|
"value": "Jun 10, 2019 4:04 AM",
|
|
"category": "Other",
|
|
"uuid": "5cffa079-462c-4323-8b81-4519950d210f"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "microblog"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cffa1ba-f954-4bd6-8380-42b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:42:34.000Z",
|
|
"modified": "2019-06-11T12:42:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6ead104743be6575e767986a71cf4bd9' AND file:name = '1.doc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-11T12:42:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cffa1e7-67f8-4cc2-9c8a-4bbc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:43:19.000Z",
|
|
"modified": "2019-06-11T12:43:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = '03dbc1b3d79a4ff70f06fd6e67e00985']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-11T12:43:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cffa1f8-a3cc-4485-9eba-44ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-06-11T12:43:36.000Z",
|
|
"modified": "2019-06-11T12:43:36.000Z",
|
|
"pattern": "[file:name = 'The_Progress_and_Promise_of_the_Moon-Kim_Summit.doc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-06-11T12:43:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |