misp-circl-feed/feeds/circl/misp/591334cc-3b68-47fc-acc9-4763950d210f.json

481 lines
No EOL
19 KiB
JSON

{
"type": "bundle",
"id": "bundle--591334cc-3b68-47fc-acc9-4763950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T11:39:53.000Z",
"modified": "2017-05-18T11:39:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--591334cc-3b68-47fc-acc9-4763950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T11:39:53.000Z",
"modified": "2017-05-18T11:39:53.000Z",
"name": "Password-protected docs 2017-05-10 : Ursnif 2002 - \"payment confirmation.ab1_c23def4lg56hi#78j.docx\"",
"published": "2017-05-22T12:15:35Z",
"object_refs": [
"indicator--591334cf-5cf8-4198-b0e2-e7b0950d210f",
"indicator--591334d0-7b2c-4afa-8870-4d91950d210f",
"indicator--591334d2-c0b0-4ad7-b745-46d3950d210f",
"indicator--591334d4-0c30-438b-a680-44dd950d210f",
"indicator--591334d6-af0c-4359-8ca8-4410950d210f",
"indicator--591334d8-1bc8-48b5-bd5c-4cbf950d210f",
"indicator--591334da-04e8-47b5-9692-4890950d210f",
"observed-data--591334dc-9a94-4d9a-a144-4450950d210f",
"url--591334dc-9a94-4d9a-a144-4450950d210f",
"indicator--591334e2-9b0c-41c2-bd85-4cc4950d210f",
"indicator--591334e3-7464-437f-a12b-4e12950d210f",
"indicator--591334e5-71dc-43c4-8d8e-42d8950d210f",
"indicator--591334e6-60a8-4979-8f60-49b1950d210f",
"indicator--591334e8-d9a4-4cd2-b017-479a950d210f",
"indicator--591334e9-6790-47c0-aad4-e7b0950d210f",
"indicator--591334eb-aef4-4886-8081-4088950d210f",
"indicator--591334ec-04c4-4674-a97a-454a950d210f",
"indicator--591334ed-ee68-4ac9-96c5-4305950d210f",
"indicator--591334ee-b790-48e7-91a7-47f0950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Snifula\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334cf-5cf8-4198-b0e2-e7b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:07.000Z",
"modified": "2017-05-10T15:42:07.000Z",
"pattern": "[file:hashes.MD5 = 'd09d24fc872b120ebc3cbda20f28d8ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334d0-7b2c-4afa-8870-4d91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:08.000Z",
"modified": "2017-05-10T15:42:08.000Z",
"pattern": "[file:hashes.MD5 = '21b0ffda74ede6e0d161ddbab84e58d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334d2-c0b0-4ad7-b745-46d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:10.000Z",
"modified": "2017-05-10T15:42:10.000Z",
"pattern": "[url:value = 'http://urbansoft.cc/sql.db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334d4-0c30-438b-a680-44dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:12.000Z",
"modified": "2017-05-10T15:42:12.000Z",
"pattern": "[domain-name:value = 'urbansoft.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334d6-af0c-4359-8ca8-4410950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:14.000Z",
"modified": "2017-05-10T15:42:14.000Z",
"description": "urbansoft.cc",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.238.124.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334d8-1bc8-48b5-bd5c-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:16.000Z",
"modified": "2017-05-10T15:42:16.000Z",
"pattern": "[url:value = 'http://91.210.166.142/skdata.sql']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334da-04e8-47b5-9692-4890950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:18.000Z",
"modified": "2017-05-10T15:42:18.000Z",
"pattern": "[domain-name:value = '91.210.166.142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--591334dc-9a94-4d9a-a144-4450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-18T11:37:44.000Z",
"modified": "2017-05-18T11:37:44.000Z",
"first_observed": "2017-05-18T11:37:44Z",
"last_observed": "2017-05-18T11:37:44Z",
"number_observed": 1,
"object_refs": [
"url--591334dc-9a94-4d9a-a144-4450950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--591334dc-9a94-4d9a-a144-4450950d210f",
"value": "http://www.php.net/license/3_0.txt"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e2-9b0c-41c2-bd85-4cc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:26.000Z",
"modified": "2017-05-10T15:42:26.000Z",
"pattern": "[url:value = 'groupemtheoryparti.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e3-7464-437f-a12b-4e12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:27.000Z",
"modified": "2017-05-10T15:42:27.000Z",
"pattern": "[domain-name:value = 'groupemtheoryparti.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e5-71dc-43c4-8d8e-42d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:29.000Z",
"modified": "2017-05-10T15:42:29.000Z",
"pattern": "[url:value = 'thepbinarymaycodewhats.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e6-60a8-4979-8f60-49b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:30.000Z",
"modified": "2017-05-10T15:42:30.000Z",
"pattern": "[domain-name:value = 'thepbinarymaycodewhats.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e8-d9a4-4cd2-b017-479a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:32.000Z",
"modified": "2017-05-10T15:42:32.000Z",
"pattern": "[url:value = 'termsphpchoose.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334e9-6790-47c0-aad4-e7b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:33.000Z",
"modified": "2017-05-10T15:42:33.000Z",
"pattern": "[domain-name:value = 'termsphpchoose.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334eb-aef4-4886-8081-4088950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:35.000Z",
"modified": "2017-05-10T15:42:35.000Z",
"pattern": "[url:value = 'ttyouuincludingphpnorand.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334ec-04c4-4674-a97a-454a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:36.000Z",
"modified": "2017-05-10T15:42:36.000Z",
"pattern": "[domain-name:value = 'ttyouuincludingphpnorand.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334ed-ee68-4ac9-96c5-4305950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:37.000Z",
"modified": "2017-05-10T15:42:37.000Z",
"pattern": "[url:value = 'codeandpromoteuseunder.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--591334ee-b790-48e7-91a7-47f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-10T15:42:38.000Z",
"modified": "2017-05-10T15:42:38.000Z",
"pattern": "[domain-name:value = 'codeandpromoteuseunder.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-10T15:42:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}