adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b2783ba-57e4-44da-88ee-4c4f950d210f.json

264 lines
No EOL
11 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5b2783ba-57e4-44da-88ee-4c4f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:57:39.000Z",
"modified": "2018-10-26T12:57:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b2783ba-57e4-44da-88ee-4c4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:57:39.000Z",
"modified": "2018-10-26T12:57:39.000Z",
"name": "OSINT - New Donut Ransomware",
"published": "2018-10-28T09:00:00Z",
"object_refs": [
"observed-data--5b2783d2-af20-4e83-90ba-4d58950d210f",
"url--5b2783d2-af20-4e83-90ba-4d58950d210f",
"observed-data--5b2783d2-5414-4e5f-834d-49f4950d210f",
"url--5b2783d2-5414-4e5f-834d-49f4950d210f",
"indicator--5b278489-ce0c-4e19-9d7e-447f950d210f",
"x-misp-attribute--5b2784aa-adb0-444f-8bff-9f6f950d210f",
"x-misp-object--5b27843f-ca3c-48c7-8af0-4c29950d210f",
"indicator--5b278479-f028-47e9-abfa-207f950d210f",
"x-misp-object--b673d3aa-4fc7-4820-81cb-2f2a6182d627",
"x-misp-object--8c4f5afe-91b2-4a24-a417-b06dbf115f12",
"relationship--1fa30dc4-9a52-46f1-bfe0-989b0ce98139"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\"",
"osint:source-type=\"microblog-post\"",
"misp-galaxy:ransomware=\"Donut\"",
"workflow:state=\"complete\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2783d2-af20-4e83-90ba-4d58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:05:35.000Z",
"modified": "2018-06-18T10:05:35.000Z",
"first_observed": "2018-06-18T10:05:35Z",
"last_observed": "2018-06-18T10:05:35Z",
"number_observed": 1,
"object_refs": [
"url--5b2783d2-af20-4e83-90ba-4d58950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"microblog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b2783d2-af20-4e83-90ba-4d58950d210f",
"value": "https://twitter.com/siri_urz/status/1005438610806583296"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2783d2-5414-4e5f-834d-49f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:05:17.000Z",
"modified": "2018-06-18T10:05:17.000Z",
"first_observed": "2018-06-18T10:05:17Z",
"last_observed": "2018-06-18T10:05:17Z",
"number_observed": 1,
"object_refs": [
"url--5b2783d2-5414-4e5f-834d-49f4950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b2783d2-5414-4e5f-834d-49f4950d210f",
"value": "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b278489-ce0c-4e19-9d7e-447f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:08:09.000Z",
"modified": "2018-06-18T10:08:09.000Z",
"pattern": "[email-message:from_ref.value = 'donutmmm@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-18T10:08:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b2784aa-adb0-444f-8bff-9f6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:08:50.000Z",
"modified": "2018-06-18T10:08:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com."
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b27843f-ca3c-48c7-8af0-4c29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:06:55.000Z",
"modified": "2018-06-18T10:06:55.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "#Ransomware Donut E76ECA2F7D0450C84417A8AC242B424C .donut donutmmm@tutanota.com",
"category": "Other",
"uuid": "5b27843f-9a24-4869-bfb7-4509950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5b27843f-1490-410d-b455-49a8950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/siri_urz/status/1005438610806583296",
"category": "Network activity",
"to_ids": true,
"uuid": "5b27843f-c050-4923-8097-41a4950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-06-09T00:00:00",
"category": "Other",
"uuid": "5b278440-040c-4dbf-b857-4426950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@siri_urz",
"category": "Other",
"uuid": "5b278440-8e0c-4ddb-a2a3-40a1950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b278479-f028-47e9-abfa-207f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T10:07:53.000Z",
"modified": "2018-06-18T10:07:53.000Z",
"pattern": "[file:hashes.MD5 = 'e76eca2f7d0450c84417a8ac242b424c' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-18T10:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b673d3aa-4fc7-4820-81cb-2f2a6182d627",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T12:21:05.000Z",
"modified": "2018-06-18T12:21:05.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c4f5afe-91b2-4a24-a417-b06dbf115f12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T12:21:05.000Z",
"modified": "2018-06-18T12:21:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1fa30dc4-9a52-46f1-bfe0-989b0ce98139",
"created": "2018-06-18T12:21:08.000Z",
"modified": "2018-06-18T12:21:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--b673d3aa-4fc7-4820-81cb-2f2a6182d627",
"target_ref": "x-misp-object--8c4f5afe-91b2-4a24-a417-b06dbf115f12"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink