misp-circl-feed/feeds/circl/stix-2.1/57a05786-71b8-49a2-892e-32ec950d210f.json

269 lines
No EOL
11 KiB
JSON

{
"type": "bundle",
"id": "bundle--57a05786-71b8-49a2-892e-32ec950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:22:49.000Z",
"modified": "2016-08-02T08:22:49.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57a05786-71b8-49a2-892e-32ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:22:49.000Z",
"modified": "2016-08-02T08:22:49.000Z",
"name": "OSINT - LuminosityLink RAT",
"published": "2016-08-02T08:23:46Z",
"object_refs": [
"observed-data--57a05794-7ea4-47f7-9fc3-32ee950d210f",
"url--57a05794-7ea4-47f7-9fc3-32ee950d210f",
"indicator--57a057a8-1dfc-4534-a5f5-32ea950d210f",
"indicator--57a057ba-045c-48c4-b603-32f3950d210f",
"observed-data--57a057e6-aa78-4e17-b3e6-32f2950d210f",
"domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f",
"observed-data--57a05801-3198-41a9-b077-32f1950d210f",
"x509-certificate--57a05801-3198-41a9-b077-32f1950d210f",
"indicator--57a0581f-4d64-4314-92c0-32eb02de0b81",
"indicator--57a05820-5d1c-4df7-af97-32eb02de0b81",
"observed-data--57a05820-d2f0-4bd8-9425-32eb02de0b81",
"url--57a05820-d2f0-4bd8-9425-32eb02de0b81",
"x-misp-attribute--57a05859-655c-497b-8482-35fb950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a05794-7ea4-47f7-9fc3-32ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:19:32.000Z",
"modified": "2016-08-02T08:19:32.000Z",
"first_observed": "2016-08-02T08:19:32Z",
"last_observed": "2016-08-02T08:19:32Z",
"number_observed": 1,
"object_refs": [
"url--57a05794-7ea4-47f7-9fc3-32ee950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a05794-7ea4-47f7-9fc3-32ee950d210f",
"value": "https://virustotal.com/en/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a057a8-1dfc-4534-a5f5-32ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:19:52.000Z",
"modified": "2016-08-02T08:19:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.123.44.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-02T08:19:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a057ba-045c-48c4-b603-32f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:20:10.000Z",
"modified": "2016-08-02T08:20:10.000Z",
"pattern": "[file:hashes.SHA256 = 'e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-02T08:20:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a057e6-aa78-4e17-b3e6-32f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:20:54.000Z",
"modified": "2016-08-02T08:20:54.000Z",
"first_observed": "2016-08-02T08:20:54Z",
"last_observed": "2016-08-02T08:20:54Z",
"number_observed": 1,
"object_refs": [
"domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--57a057e6-aa78-4e17-b3e6-32f2950d210f",
"value": "zippa.biz"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a05801-3198-41a9-b077-32f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:21:21.000Z",
"modified": "2016-08-02T08:21:21.000Z",
"first_observed": "2016-08-02T08:21:21Z",
"last_observed": "2016-08-02T08:21:21Z",
"number_observed": 1,
"object_refs": [
"x509-certificate--57a05801-3198-41a9-b077-32f1950d210f"
],
"labels": [
"misp:type=\"x509-fingerprint-sha1\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "x509-certificate",
"spec_version": "2.1",
"id": "x509-certificate--57a05801-3198-41a9-b077-32f1950d210f",
"hashes": {
"SHA-1": "c1e2727e8fb206f126c10c3ba9a5474874b6bb55"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a0581f-4d64-4314-92c0-32eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:21:51.000Z",
"modified": "2016-08-02T08:21:51.000Z",
"description": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85",
"pattern": "[file:hashes.SHA1 = '76ca6782aa5e63d61144225d1b9c282af8fe2259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-02T08:21:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a05820-5d1c-4df7-af97-32eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:21:52.000Z",
"modified": "2016-08-02T08:21:52.000Z",
"description": "- Xchecked via VT: e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85",
"pattern": "[file:hashes.MD5 = '63116861ea68c75441b6915bbeab0919']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-02T08:21:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57a05820-d2f0-4bd8-9425-32eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:21:52.000Z",
"modified": "2016-08-02T08:21:52.000Z",
"first_observed": "2016-08-02T08:21:52Z",
"last_observed": "2016-08-02T08:21:52Z",
"number_observed": 1,
"object_refs": [
"url--57a05820-d2f0-4bd8-9425-32eb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57a05820-d2f0-4bd8-9425-32eb02de0b81",
"value": "https://www.virustotal.com/file/e633fb678d91e5fe2a1468d13de42c4871be884885c23efe7456924ad7db5a85/analysis/1470111161/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57a05859-655c-497b-8482-35fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-08-02T08:22:49.000Z",
"modified": "2016-08-02T08:22:49.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_comment": "From https://virustotal.com/en/user/benkow_/",
"x_misp_type": "comment",
"x_misp_value": "190.123.44.134|4288|190.123.44.134|Soundmgr.exe|Sound|Packet|Monitor|clientmonitor.exe|eb894fba356e3be7fb05313de362d5b1c44df50ce3e77ba89f295ee647a332d1|Nnamdi|1idsanmvhb|"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}