adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/598db7fd-47a8-45f8-9414-408b02de0b81.json

367 lines
No EOL
15 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--598db7fd-47a8-45f8-9414-408b02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--598db7fd-47a8-45f8-9414-408b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"name": "OSINT - APT28 Targets Hospitality Sector, Presents Threat to Travelers",
"published": "2017-08-11T14:01:50Z",
"object_refs": [
"indicator--598db84e-d5bc-4fc7-a9e7-43d002de0b81",
"indicator--598db84f-48cc-4420-a5b5-4c7a02de0b81",
"indicator--598db84f-f9a4-42a3-b8ed-4ec902de0b81",
"indicator--598db84f-fbcc-473b-890f-4f3b02de0b81",
"indicator--598db84f-f2bc-4f0b-baf7-4adc02de0b81",
"observed-data--598db870-f50c-441d-85e2-4f2f02de0b81",
"url--598db870-f50c-441d-85e2-4f2f02de0b81",
"x-misp-attribute--598db880-780c-4b6e-ab6d-447102de0b81",
"indicator--598db8c1-09e8-4253-b562-464802de0b81",
"indicator--598db8c1-8360-4ac9-85e3-47db02de0b81",
"observed-data--598db8c1-cc68-411c-ab76-41bb02de0b81",
"url--598db8c1-cc68-411c-ab76-41bb02de0b81",
"indicator--598db8c1-f310-4028-9f76-4e3602de0b81",
"indicator--598db8c1-d750-4c50-8a1b-473702de0b81",
"observed-data--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"estimative-language:likelihood-probability=\"likely\"",
"misp-galaxy:tool=\"ETERNALBLUE\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84e-d5bc-4fc7-a9e7-43d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:name = 'Hotel_Reservation_Form.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-48cc-4420-a5b5-4c7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:hashes.MD5 = '9b10685b774a783eabfecdb6119a8aa3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-f9a4-42a3-b8ed-4ec902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"pattern": "[file:hashes.MD5 = '1421419d1be31f1f9ea60e8ed87277db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-fbcc-473b-890f-4f3b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"description": "(C2) domains",
"pattern": "[domain-name:value = 'mvband.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db84f-f2bc-4f0b-baf7-4adc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"description": "(C2) domains",
"pattern": "[domain-name:value = 'mvtband.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db870-f50c-441d-85e2-4f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"first_observed": "2017-08-11T14:01:36Z",
"last_observed": "2017-08-11T14:01:36Z",
"number_observed": 1,
"object_refs": [
"url--598db870-f50c-441d-85e2-4f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db870-f50c-441d-85e2-4f2f02de0b81",
"value": "https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--598db880-780c-4b6e-ab6d-447102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:36.000Z",
"modified": "2017-08-11T14:01:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from Wi-Fi traffic, poisoning the NetBIOS Name Service, and spreading laterally via the EternalBlue exploit."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-09e8-4253-b562-464802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 1421419d1be31f1f9ea60e8ed87277db",
"pattern": "[file:hashes.SHA256 = '8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-8360-4ac9-85e3-47db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 1421419d1be31f1f9ea60e8ed87277db",
"pattern": "[file:hashes.SHA1 = 'f9fd3f1d8da4ffd6a494228b934549d09e3c59d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db8c1-cc68-411c-ab76-41bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"first_observed": "2017-08-11T14:01:37Z",
"last_observed": "2017-08-11T14:01:37Z",
"number_observed": 1,
"object_refs": [
"url--598db8c1-cc68-411c-ab76-41bb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db8c1-cc68-411c-ab76-41bb02de0b81",
"value": "https://www.virustotal.com/file/8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57/analysis/1500378259/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-f310-4028-9f76-4e3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 9b10685b774a783eabfecdb6119a8aa3",
"pattern": "[file:hashes.SHA256 = 'a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598db8c1-d750-4c50-8a1b-473702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"description": "- Xchecked via VT: 9b10685b774a783eabfecdb6119a8aa3",
"pattern": "[file:hashes.SHA1 = 'f293a2bfb728060c54efeeb03c5323893b5c80df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-11T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-11T14:01:37.000Z",
"modified": "2017-08-11T14:01:37.000Z",
"first_observed": "2017-08-11T14:01:37Z",
"last_observed": "2017-08-11T14:01:37Z",
"number_observed": 1,
"object_refs": [
"url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--598db8c1-5024-4a0c-bc3d-4f9b02de0b81",
"value": "https://www.virustotal.com/file/a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797/analysis/1501657253/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink