adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5706756e-958c-4c53-8f77-45f4950d210f.json

363 lines
No EOL
16 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5706756e-958c-4c53-8f77-45f4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T15:01:31.000Z",
"modified": "2016-04-07T15:01:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5706756e-958c-4c53-8f77-45f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T15:01:31.000Z",
"modified": "2016-04-07T15:01:31.000Z",
"name": "PWS: Win32/Kegotip.C",
"published": "2016-04-07T15:10:09Z",
"object_refs": [
"indicator--570675b5-e1ec-4652-9bf7-350b950d210f",
"indicator--570675b5-cc80-446f-927a-350b950d210f",
"indicator--570675b6-d020-44d7-89c7-350b950d210f",
"indicator--570675b6-538c-4e04-855b-350b950d210f",
"indicator--570675b6-c650-4975-9ebc-350b950d210f",
"indicator--570675b7-aa74-4be3-b5b2-350b950d210f",
"indicator--570675b7-ab74-4d18-a67f-350b950d210f",
"indicator--570675b7-f404-471d-8e8f-350b950d210f",
"indicator--570675b7-69e8-4c6b-9676-350b950d210f",
"indicator--570675b8-88f0-42ea-8118-350b950d210f",
"indicator--570675b8-4cb0-473d-b9d9-350b950d210f",
"observed-data--570675ca-d5f4-473e-99a2-350b950d210f",
"url--570675ca-d5f4-473e-99a2-350b950d210f",
"x-misp-attribute--5706764b-31d0-436c-b293-6b92950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b5-e1ec-4652-9bf7-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:01.000Z",
"modified": "2016-04-07T14:59:01.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.31.104.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b5-cc80-446f-927a-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:01.000Z",
"modified": "2016-04-07T14:59:01.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.227.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b6-d020-44d7-89c7-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:02.000Z",
"modified": "2016-04-07T14:59:02.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.228.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b6-538c-4e04-855b-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:02.000Z",
"modified": "2016-04-07T14:59:02.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.165.243.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b6-c650-4975-9ebc-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:02.000Z",
"modified": "2016-04-07T14:59:02.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.178.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b7-aa74-4be3-b5b2-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:03.000Z",
"modified": "2016-04-07T14:59:03.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.113.37.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b7-ab74-4d18-a67f-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:03.000Z",
"modified": "2016-04-07T14:59:03.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.23.32.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b7-f404-471d-8e8f-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:03.000Z",
"modified": "2016-04-07T14:59:03.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.75.227.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b7-69e8-4c6b-9676-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:03.000Z",
"modified": "2016-04-07T14:59:03.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[domain-name:value = 'bestconspires.co.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b8-88f0-42ea-8118-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:04.000Z",
"modified": "2016-04-07T14:59:04.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[domain-name:value = 'gefuret.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570675b8-4cb0-473d-b9d9-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:04.000Z",
"modified": "2016-04-07T14:59:04.000Z",
"description": "The collected data will be sent to remote server. We have seen this threat connect to the following domains using TCP ports 80 and 20050-20053:",
"pattern": "[domain-name:value = 'localeventit.pro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-07T14:59:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570675ca-d5f4-473e-99a2-350b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T14:59:22.000Z",
"modified": "2016-04-07T14:59:22.000Z",
"first_observed": "2016-04-07T14:59:22Z",
"last_observed": "2016-04-07T14:59:22Z",
"number_observed": 1,
"object_refs": [
"url--570675ca-d5f4-473e-99a2-350b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570675ca-d5f4-473e-99a2-350b950d210f",
"value": "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS:Win32/Kegotip.C"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5706764b-31d0-436c-b293-6b92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-07T15:01:31.000Z",
"modified": "2016-04-07T15:01:31.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "This threat can steal your email addresses and other personal information, such as your user names and passwords, from several applications, including FTP software, Outlook Express and Internet Explorer. It sends the stolen data to a malicious hacker."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink