misp-circl-feed/feeds/circl/stix-2.1/5b27bbde-0ba0-4bd3-ad7d-469c950d210f.json

360 lines
No EOL
14 KiB
JSON

{
"type": "bundle",
"id": "bundle--5b27bbde-0ba0-4bd3-ad7d-469c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-24T07:47:22.000Z",
"modified": "2018-09-24T07:47:22.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5b27bbde-0ba0-4bd3-ad7d-469c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-24T07:47:22.000Z",
"modified": "2018-09-24T07:47:22.000Z",
"name": "OSINT - The Week in Ransomware - June 15th 2018 - DBGer, Scarab, and More",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5b27bc4b-aaf8-4f92-ac83-49c5950d210f",
"url--5b27bc4b-aaf8-4f92-ac83-49c5950d210f",
"indicator--5b27bc9a-f144-45a4-bd58-c52c950d210f",
"indicator--5b28a8be-3360-4a66-93b5-493f950d210f",
"indicator--5b28a8be-4208-4cc4-88d6-44ad950d210f",
"indicator--5b28a8bf-8898-4434-ab42-4719950d210f",
"indicator--5b28a8bf-cd38-4eb7-982c-4630950d210f",
"indicator--5b28b323-83e4-4492-a760-4f4e950d210f",
"indicator--5b28b324-f6ec-47e8-a3a6-4e10950d210f",
"indicator--5b28cc3c-df58-41f5-8416-4134950d210f",
"indicator--5b28cc3c-05d0-4539-8e15-4116950d210f",
"indicator--5b28cea4-fab4-46e5-b593-4efb950d210f",
"indicator--5b28cea5-0318-42a6-b336-49bc950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:ransomware=\"Donut\"",
"misp-galaxy:ransomware=\"NemeS1S Ransomware\"",
"misp-galaxy:ransomware=\"Paradise Ransomware\"",
"misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\"",
"misp-galaxy:ransomware=\"B2DR Ransomware\"",
"misp-galaxy:ransomware=\"Scarab\"",
"misp-galaxy:ransomware=\"YYTO Ransomware\"",
"misp-galaxy:ransomware=\"Xorist\"",
"misp-galaxy:ransomware=\"DBGer Ransomware\"",
"misp-galaxy:ransomware=\"Unnamed ramsomware 2\"",
"misp-galaxy:ransomware=\"Everbe Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b27bc4b-aaf8-4f92-ac83-49c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T14:06:16.000Z",
"modified": "2018-06-18T14:06:16.000Z",
"first_observed": "2018-06-18T14:06:16Z",
"last_observed": "2018-06-18T14:06:16Z",
"number_observed": 1,
"object_refs": [
"url--5b27bc4b-aaf8-4f92-ac83-49c5950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b27bc4b-aaf8-4f92-ac83-49c5950d210f",
"value": "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b27bc9a-f144-45a4-bd58-c52c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-18T14:07:22.000Z",
"modified": "2018-06-18T14:07:22.000Z",
"description": "B2DR Ransomware Ransomnote",
"pattern": "[file:name = 'ScrewYou.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-18T14:07:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28a8be-3360-4a66-93b5-493f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T06:55:24.000Z",
"modified": "2018-06-19T06:55:24.000Z",
"description": "YYTO Ransomware",
"pattern": "[email-message:from_ref.value = 'codyprince92@mail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T06:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28a8be-4208-4cc4-88d6-44ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T06:55:24.000Z",
"modified": "2018-06-19T06:55:24.000Z",
"description": "YYTO Ransomware",
"pattern": "[url:value = 'https://www.torproject.org/download/download-easy.html.en']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T06:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28a8bf-8898-4434-ab42-4719950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T06:55:24.000Z",
"modified": "2018-06-19T06:55:24.000Z",
"description": "YYTO Ransomware",
"pattern": "[domain-name:value = 'torbox3uiot6wchz.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T06:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28a8bf-cd38-4eb7-982c-4630950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T06:55:24.000Z",
"modified": "2018-06-19T06:55:24.000Z",
"description": "YYTO Ransomware",
"pattern": "[email-message:from_ref.value = 'codyprince@torbox3uiot6wchz.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T06:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28b323-83e4-4492-a760-4f4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T07:39:15.000Z",
"modified": "2018-06-19T07:39:15.000Z",
"description": "B2DR Ransomware",
"pattern": "[email-message:from_ref.value = 'ssananunak1987@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T07:39:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28b324-f6ec-47e8-a3a6-4e10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T07:39:16.000Z",
"modified": "2018-06-19T07:39:16.000Z",
"description": "B2DR Ransomware",
"pattern": "[email-message:from_ref.value = 'ssananunak1987@torbox3uiot6wchz.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T07:39:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28cc3c-df58-41f5-8416-4134950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T09:26:20.000Z",
"modified": "2018-06-19T09:26:20.000Z",
"description": "Everbe",
"pattern": "[email-message:from_ref.value = 'everbe@airmail.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T09:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28cc3c-05d0-4539-8e15-4116950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T09:26:20.000Z",
"modified": "2018-06-19T09:26:20.000Z",
"description": "Everbe",
"pattern": "[file:name = '!=How_recovery_files=!.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T09:26:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28cea4-fab4-46e5-b593-4efb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T09:36:36.000Z",
"modified": "2018-06-19T09:36:36.000Z",
"description": "Scarab ransomware",
"pattern": "[email-message:from_ref.value = 'mr.leen@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T09:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b28cea5-0318-42a6-b336-49bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-19T09:36:37.000Z",
"modified": "2018-06-19T09:36:37.000Z",
"description": "Scarab ransomware",
"pattern": "[file:name = 'INSTRUCTIONS FOR RESTORING FILES.TXT']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-19T09:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}