adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a265a9e-9e54-4d44-a04e-42af950d210f.json

392 lines
No EOL
17 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a265a9e-9e54-4d44-a04e-42af950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:09.000Z",
"modified": "2017-12-06T10:03:09.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a265a9e-9e54-4d44-a04e-42af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:09.000Z",
"modified": "2017-12-06T10:03:09.000Z",
"name": "OSINT - Halloware Ransomware on Sale on the Dark Web for Only $40",
"published": "2017-12-06T10:03:18Z",
"object_refs": [
"observed-data--5a265ab9-fd00-469a-a5fa-4019950d210f",
"url--5a265ab9-fd00-469a-a5fa-4019950d210f",
"x-misp-attribute--5a265d95-5644-43e2-ac0f-4744950d210f",
"indicator--5a265dba-e3e0-45fb-8c3a-42b7950d210f",
"indicator--5a265dba-0bc0-4d83-b3c8-4f6a950d210f",
"indicator--5a265dba-a5a8-4c74-8d40-4951950d210f",
"indicator--5a27c054-fd60-48db-a4b6-476a02de0b81",
"indicator--5a27c054-dee8-42e8-ba80-495202de0b81",
"observed-data--5a27c054-28b4-434a-8d0f-433b02de0b81",
"url--5a27c054-28b4-434a-8d0f-433b02de0b81",
"indicator--5a27c054-2594-4b77-8d21-494b02de0b81",
"indicator--5a27c054-4f14-494f-95de-44e802de0b81",
"observed-data--5a27c054-1928-4147-99a8-40e102de0b81",
"url--5a27c054-1928-4147-99a8-40e102de0b81",
"indicator--5a27c054-8dfc-40d4-9787-4bbc02de0b81",
"indicator--5a27c054-6144-49b2-9c3c-499902de0b81",
"observed-data--5a27c054-4558-4dc5-ac31-494f02de0b81",
"url--5a27c054-4558-4dc5-ac31-494f02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a265ab9-fd00-469a-a5fa-4019950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:02:59.000Z",
"modified": "2017-12-06T10:02:59.000Z",
"first_observed": "2017-12-06T10:02:59Z",
"last_observed": "2017-12-06T10:02:59Z",
"number_observed": 1,
"object_refs": [
"url--5a265ab9-fd00-469a-a5fa-4019950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a265ab9-fd00-469a-a5fa-4019950d210f",
"value": "https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a265d95-5644-43e2-ac0f-4744950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "A malware author by the name of Luc1F3R is peddling a new ransomware strain called Halloware for the lowly price of $40. Based on evidence gathered by Bleeping Computer, Luc1F3R started selling his ransomware this week, beginning Thursday.\r\n\r\nCurrently, the malware dev is selling and/or advertising his ransomware on a dedicated Dark Web portal, on Dark Web forums, two sites hosted on the public Internet, and via videos hosted on YouTube."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a265dba-e3e0-45fb-8c3a-42b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"pattern": "[file:hashes.SHA256 = '007c1f11afb195d77c176891d54b9cfd37c87b13dfe0ab5b6c368125e4459b8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a265dba-0bc0-4d83-b3c8-4f6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"pattern": "[file:hashes.SHA256 = 'd5b58bdda4ece79fbc264fff7f32df584d7b0051a5493119d336252f4668c73c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a265dba-a5a8-4c74-8d40-4951950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"pattern": "[file:hashes.SHA256 = 'c6d2e486109dc37f451dccce716e99e8a2653475d5605531d52756fc4fc88f09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-fd60-48db-a4b6-476a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: c6d2e486109dc37f451dccce716e99e8a2653475d5605531d52756fc4fc88f09",
"pattern": "[file:hashes.SHA1 = 'd94437d6aa2b74d56626e1cb31230949e21c4f48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-dee8-42e8-ba80-495202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: c6d2e486109dc37f451dccce716e99e8a2653475d5605531d52756fc4fc88f09",
"pattern": "[file:hashes.MD5 = '220cd79a8eddbfb19121e0b67165ab1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c054-28b4-434a-8d0f-433b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"first_observed": "2017-12-06T10:03:00Z",
"last_observed": "2017-12-06T10:03:00Z",
"number_observed": 1,
"object_refs": [
"url--5a27c054-28b4-434a-8d0f-433b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c054-28b4-434a-8d0f-433b02de0b81",
"value": "https://www.virustotal.com/file/c6d2e486109dc37f451dccce716e99e8a2653475d5605531d52756fc4fc88f09/analysis/1512455978/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-2594-4b77-8d21-494b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: d5b58bdda4ece79fbc264fff7f32df584d7b0051a5493119d336252f4668c73c",
"pattern": "[file:hashes.SHA1 = '56db07c9905d9bd2cc5fbc0f7091982b7e0aadc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-4f14-494f-95de-44e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: d5b58bdda4ece79fbc264fff7f32df584d7b0051a5493119d336252f4668c73c",
"pattern": "[file:hashes.MD5 = 'b01230be6e42bf7210ce244ca493a697']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c054-1928-4147-99a8-40e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"first_observed": "2017-12-06T10:03:00Z",
"last_observed": "2017-12-06T10:03:00Z",
"number_observed": 1,
"object_refs": [
"url--5a27c054-1928-4147-99a8-40e102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c054-1928-4147-99a8-40e102de0b81",
"value": "https://www.virustotal.com/file/d5b58bdda4ece79fbc264fff7f32df584d7b0051a5493119d336252f4668c73c/analysis/1512445343/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-8dfc-40d4-9787-4bbc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: 007c1f11afb195d77c176891d54b9cfd37c87b13dfe0ab5b6c368125e4459b8c",
"pattern": "[file:hashes.SHA1 = 'e3902bc1f576ad063db6da455a820a840c1556a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c054-6144-49b2-9c3c-499902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"description": "- Xchecked via VT: 007c1f11afb195d77c176891d54b9cfd37c87b13dfe0ab5b6c368125e4459b8c",
"pattern": "[file:hashes.MD5 = '7c10cf39ee3169bb3e46aac14c888228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c054-4558-4dc5-ac31-494f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:00.000Z",
"modified": "2017-12-06T10:03:00.000Z",
"first_observed": "2017-12-06T10:03:00Z",
"last_observed": "2017-12-06T10:03:00Z",
"number_observed": 1,
"object_refs": [
"url--5a27c054-4558-4dc5-ac31-494f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c054-4558-4dc5-ac31-494f02de0b81",
"value": "https://www.virustotal.com/file/007c1f11afb195d77c176891d54b9cfd37c87b13dfe0ab5b6c368125e4459b8c/analysis/1512445313/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink