misp-circl-feed/feeds/circl/misp/5714a8d1-52a4-48fa-8696-4066950d210f.json

488 lines
No EOL
20 KiB
JSON

{
"type": "bundle",
"id": "bundle--5714a8d1-52a4-48fa-8696-4066950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:41:11.000Z",
"modified": "2016-04-18T09:41:11.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5714a8d1-52a4-48fa-8696-4066950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:41:11.000Z",
"modified": "2016-04-18T09:41:11.000Z",
"name": "OSINT - Retefe is back in town",
"published": "2016-04-18T09:41:31Z",
"object_refs": [
"observed-data--5714a8f3-f978-4eae-9d7e-4155950d210f",
"url--5714a8f3-f978-4eae-9d7e-4155950d210f",
"indicator--5714a962-d618-4f29-afce-45fd950d210f",
"observed-data--5714a994-df20-4cce-8736-4ede950d210f",
"domain-name--5714a994-df20-4cce-8736-4ede950d210f",
"observed-data--5714a9a5-e770-4323-bbd2-44d5950d210f",
"network-traffic--5714a9a5-e770-4323-bbd2-44d5950d210f",
"ipv4-addr--5714a9a5-e770-4323-bbd2-44d5950d210f",
"indicator--5714aac8-3124-47c7-ae60-46c4950d210f",
"indicator--5714aad9-1788-40a9-b626-48ba950d210f",
"indicator--5714ab5b-7658-4a37-8dbe-4d31950d210f",
"indicator--5714ab74-2be4-4d58-84ed-49ba950d210f",
"indicator--5714ab9c-8ce4-4249-9aeb-441402de0b81",
"indicator--5714ab9d-ef60-426b-8139-48e802de0b81",
"observed-data--5714ab9d-dd0c-4f1e-98cd-446a02de0b81",
"url--5714ab9d-dd0c-4f1e-98cd-446a02de0b81",
"indicator--5714ab9d-5330-47fb-b73f-4fa102de0b81",
"indicator--5714ab9e-8844-4790-8e59-421002de0b81",
"observed-data--5714ab9e-71c8-4d2d-a646-4ee402de0b81",
"url--5714ab9e-71c8-4d2d-a646-4ee402de0b81",
"indicator--5714ab9e-4690-472f-b31f-49ed02de0b81",
"indicator--5714ab9f-3b24-4a24-803e-4c5b02de0b81",
"observed-data--5714ab9f-9378-4d32-9600-493a02de0b81",
"url--5714ab9f-9378-4d32-9600-493a02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714a8f3-f978-4eae-9d7e-4155950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:29:23.000Z",
"modified": "2016-04-18T09:29:23.000Z",
"first_observed": "2016-04-18T09:29:23Z",
"last_observed": "2016-04-18T09:29:23Z",
"number_observed": 1,
"object_refs": [
"url--5714a8f3-f978-4eae-9d7e-4155950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5714a8f3-f978-4eae-9d7e-4155950d210f",
"value": "https://isc.sans.edu/diary/Retefe+is+back+in+town/20957"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714a962-d618-4f29-afce-45fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:31:14.000Z",
"modified": "2016-04-18T09:31:14.000Z",
"description": ".zip archive as attachment contained an obfuscated .js file.",
"pattern": "[file:hashes.MD5 = 'fcb54818faf6884d2e00cfd5fec49872']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:31:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714a994-df20-4cce-8736-4ede950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:32:04.000Z",
"modified": "2016-04-18T09:32:04.000Z",
"first_observed": "2016-04-18T09:32:04Z",
"last_observed": "2016-04-18T09:32:04Z",
"number_observed": 1,
"object_refs": [
"domain-name--5714a994-df20-4cce-8736-4ede950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5714a994-df20-4cce-8736-4ede950d210f",
"value": "www.cablecar.at"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714a9a5-e770-4323-bbd2-44d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:41:11.000Z",
"modified": "2016-04-18T09:41:11.000Z",
"first_observed": "2016-04-18T09:41:11Z",
"last_observed": "2016-04-18T09:41:11Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5714a9a5-e770-4323-bbd2-44d5950d210f",
"ipv4-addr--5714a9a5-e770-4323-bbd2-44d5950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5714a9a5-e770-4323-bbd2-44d5950d210f",
"dst_ref": "ipv4-addr--5714a9a5-e770-4323-bbd2-44d5950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5714a9a5-e770-4323-bbd2-44d5950d210f",
"value": "81.19.145.97"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714aac8-3124-47c7-ae60-46c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:37:12.000Z",
"modified": "2016-04-18T09:37:12.000Z",
"description": "self-extracting archive that drops several files,",
"pattern": "[file:hashes.MD5 = '4ed56cdb8b14cae19747ac05dc852bb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714aad9-1788-40a9-b626-48ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:37:29.000Z",
"modified": "2016-04-18T09:37:29.000Z",
"description": "malicious js in zip",
"pattern": "[file:hashes.MD5 = '008faf67f1fbfcb60c88335ea601344f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab5b-7658-4a37-8dbe-4d31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:39:39.000Z",
"modified": "2016-04-18T09:39:39.000Z",
"description": "powershell scripts to install the certificate",
"pattern": "[file:hashes.MD5 = '627f74992a9e7e2fb58a9f6814aa6f82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:39:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab74-2be4-4d58-84ed-49ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:04.000Z",
"modified": "2016-04-18T09:40:04.000Z",
"description": "powershell scripts to install the certificate",
"pattern": "[file:hashes.MD5 = 'c955dcbeaa7647e9915db54fce67564b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9c-8ce4-4249-9aeb-441402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:44.000Z",
"modified": "2016-04-18T09:40:44.000Z",
"description": "self-extracting archive that drops several files, - Xchecked via VT: 4ed56cdb8b14cae19747ac05dc852bb5",
"pattern": "[file:hashes.SHA256 = '2959a6f9a9df4ec06f5a2026f20fadb7747b8bf8127a9b99027faf1149bca48f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9d-ef60-426b-8139-48e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:45.000Z",
"modified": "2016-04-18T09:40:45.000Z",
"description": "self-extracting archive that drops several files, - Xchecked via VT: 4ed56cdb8b14cae19747ac05dc852bb5",
"pattern": "[file:hashes.SHA1 = '1244e1dd63c04d6ee753f65b898398e2da7c1612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714ab9d-dd0c-4f1e-98cd-446a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:45.000Z",
"modified": "2016-04-18T09:40:45.000Z",
"first_observed": "2016-04-18T09:40:45Z",
"last_observed": "2016-04-18T09:40:45Z",
"number_observed": 1,
"object_refs": [
"url--5714ab9d-dd0c-4f1e-98cd-446a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5714ab9d-dd0c-4f1e-98cd-446a02de0b81",
"value": "https://www.virustotal.com/file/2959a6f9a9df4ec06f5a2026f20fadb7747b8bf8127a9b99027faf1149bca48f/analysis/1460970912/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9d-5330-47fb-b73f-4fa102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:45.000Z",
"modified": "2016-04-18T09:40:45.000Z",
"description": "malicious js in zip - Xchecked via VT: 008faf67f1fbfcb60c88335ea601344f",
"pattern": "[file:hashes.SHA256 = '5e8d3f367e287d84c4fd49228c40e238fdb2cb3e2896d30f26c2fb7594b0314a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9e-8844-4790-8e59-421002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:46.000Z",
"modified": "2016-04-18T09:40:46.000Z",
"description": "malicious js in zip - Xchecked via VT: 008faf67f1fbfcb60c88335ea601344f",
"pattern": "[file:hashes.SHA1 = 'dcf821881f4e7ad844e75900d66c8b7c29e87af6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714ab9e-71c8-4d2d-a646-4ee402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:46.000Z",
"modified": "2016-04-18T09:40:46.000Z",
"first_observed": "2016-04-18T09:40:46Z",
"last_observed": "2016-04-18T09:40:46Z",
"number_observed": 1,
"object_refs": [
"url--5714ab9e-71c8-4d2d-a646-4ee402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5714ab9e-71c8-4d2d-a646-4ee402de0b81",
"value": "https://www.virustotal.com/file/5e8d3f367e287d84c4fd49228c40e238fdb2cb3e2896d30f26c2fb7594b0314a/analysis/1460718161/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9e-4690-472f-b31f-49ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:46.000Z",
"modified": "2016-04-18T09:40:46.000Z",
"description": ".zip archive as attachment contained an obfuscated .js file. - Xchecked via VT: fcb54818faf6884d2e00cfd5fec49872",
"pattern": "[file:hashes.SHA256 = 'f9359c9d84e949b2d0f3c179cb05039a400e260e65f9fcd14c66111ff6d4040f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5714ab9f-3b24-4a24-803e-4c5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:47.000Z",
"modified": "2016-04-18T09:40:47.000Z",
"description": ".zip archive as attachment contained an obfuscated .js file. - Xchecked via VT: fcb54818faf6884d2e00cfd5fec49872",
"pattern": "[file:hashes.SHA1 = 'd0f1cb4b417072bc9cf767fb974175037bcffde5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-18T09:40:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5714ab9f-9378-4d32-9600-493a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-18T09:40:47.000Z",
"modified": "2016-04-18T09:40:47.000Z",
"first_observed": "2016-04-18T09:40:47Z",
"last_observed": "2016-04-18T09:40:47Z",
"number_observed": 1,
"object_refs": [
"url--5714ab9f-9378-4d32-9600-493a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5714ab9f-9378-4d32-9600-493a02de0b81",
"value": "https://www.virustotal.com/file/f9359c9d84e949b2d0f3c179cb05039a400e260e65f9fcd14c66111ff6d4040f/analysis/1460716014/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}