misp-circl-feed/feeds/circl/misp/56d4b32d-664c-4647-a748-1362950d210f.json

300 lines
No EOL
12 KiB
JSON

{
"type": "bundle",
"id": "bundle--56d4b32d-664c-4647-a748-1362950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:25:02.000Z",
"modified": "2016-02-29T21:25:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56d4b32d-664c-4647-a748-1362950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:25:02.000Z",
"modified": "2016-02-29T21:25:02.000Z",
"name": "OSINT - New Hacking team samples (OSX)",
"published": "2016-02-29T21:25:12Z",
"object_refs": [
"indicator--56d4b488-ae78-464f-a218-1363950d210f",
"indicator--56d4b489-a684-4f7a-a0fb-1363950d210f",
"indicator--56d4b489-9400-4c37-8e64-1363950d210f",
"observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f",
"url--56d4b489-bab0-4bc1-bc3f-1363950d210f",
"indicator--56d4b55f-1790-4a76-b14f-136602de0b81",
"indicator--56d4b55f-0494-4e05-bbd1-136602de0b81",
"observed-data--56d4b560-1cec-475e-a298-136602de0b81",
"url--56d4b560-1cec-475e-a298-136602de0b81",
"indicator--56d4b560-f868-4c50-a9dd-136602de0b81",
"indicator--56d4b560-d8b8-4625-8d5b-136602de0b81",
"observed-data--56d4b561-8b38-4590-9a9e-136602de0b81",
"url--56d4b561-8b38-4590-9a9e-136602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b488-ae78-464f-a218-1363950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:13:44.000Z",
"modified": "2016-02-29T21:13:44.000Z",
"description": "ZIP with dropper",
"pattern": "[file:hashes.SHA256 = '2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:13:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b489-a684-4f7a-a0fb-1363950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:13:45.000Z",
"modified": "2016-02-29T21:13:45.000Z",
"description": "Dropper binary",
"pattern": "[file:hashes.SHA256 = '58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:13:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b489-9400-4c37-8e64-1363950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:13:45.000Z",
"modified": "2016-02-29T21:13:45.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.71.254.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:13:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4b489-bab0-4bc1-bc3f-1363950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:25:02.000Z",
"modified": "2016-02-29T21:25:02.000Z",
"first_observed": "2016-02-29T21:25:02Z",
"last_observed": "2016-02-29T21:25:02Z",
"number_observed": 1,
"object_refs": [
"url--56d4b489-bab0-4bc1-bc3f-1363950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4b489-bab0-4bc1-bc3f-1363950d210f",
"value": "https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b55f-1790-4a76-b14f-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:19.000Z",
"modified": "2016-02-29T21:17:19.000Z",
"description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273",
"pattern": "[file:hashes.SHA1 = 'df0c428657f8d317a9617a209ed1998860f22c42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b55f-0494-4e05-bbd1-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:19.000Z",
"modified": "2016-02-29T21:17:19.000Z",
"description": "Dropper binary - Xchecked via VT: 58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273",
"pattern": "[file:hashes.MD5 = 'e2b81bed4472087dca00bee18acbce04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4b560-1cec-475e-a298-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:20.000Z",
"modified": "2016-02-29T21:17:20.000Z",
"first_observed": "2016-02-29T21:17:20Z",
"last_observed": "2016-02-29T21:17:20Z",
"number_observed": 1,
"object_refs": [
"url--56d4b560-1cec-475e-a298-136602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4b560-1cec-475e-a298-136602de0b81",
"value": "https://www.virustotal.com/file/58e4e4853c6cfbb43afd49e5238046596ee5b78eca439c7d76bd95a34115a273/analysis/1456779730/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b560-f868-4c50-a9dd-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:20.000Z",
"modified": "2016-02-29T21:17:20.000Z",
"description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947",
"pattern": "[file:hashes.SHA1 = '64341827760eb2d4ac4107b6d18c6942d3d69cba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56d4b560-d8b8-4625-8d5b-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:20.000Z",
"modified": "2016-02-29T21:17:20.000Z",
"description": "ZIP with dropper - Xchecked via VT: 2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947",
"pattern": "[file:hashes.MD5 = '92d4556d3d594b987044106388d484b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-29T21:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56d4b561-8b38-4590-9a9e-136602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-02-29T21:17:21.000Z",
"modified": "2016-02-29T21:17:21.000Z",
"first_observed": "2016-02-29T21:17:21Z",
"last_observed": "2016-02-29T21:17:21Z",
"number_observed": 1,
"object_refs": [
"url--56d4b561-8b38-4590-9a9e-136602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56d4b561-8b38-4590-9a9e-136602de0b81",
"value": "https://www.virustotal.com/file/2ee9e9d9a0cd3cee6519e7b950821d5c90af03da665879615e52fd093dd8e947/analysis/1456767669/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}