misp-circl-feed/feeds/circl/stix-2.1/5cc92e5a-c624-4343-8352-40fd02de0b81.json

274 lines
No EOL
11 KiB
JSON

{
"type": "bundle",
"id": "bundle--5cc92e5a-c624-4343-8352-40fd02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T07:01:15.000Z",
"modified": "2019-05-01T07:01:15.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cc92e5a-c624-4343-8352-40fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T07:01:15.000Z",
"modified": "2019-05-01T07:01:15.000Z",
"name": "OSINT - Kernel Mode Malicious Loader",
"published": "2019-05-01T07:01:24Z",
"object_refs": [
"indicator--5cc92e69-74a8-4690-90f4-482d02de0b81",
"indicator--5cc92e8a-6df8-4361-ab1b-4d4002de0b81",
"indicator--5cc92e8a-a568-4e06-8c35-42c102de0b81",
"observed-data--5cc92fa3-f1cc-46c7-9084-48c902de0b81",
"url--5cc92fa3-f1cc-46c7-9084-48c902de0b81",
"indicator--5cc9443b-9b54-4abf-a421-1ba002de0b81",
"indicator--5cc92fee-df1c-4c88-837f-4d7a02de0b81",
"indicator--837ee41b-cf9d-4b16-8de6-383694cf6f5c",
"x-misp-object--cd55b14c-14bc-4c8c-86e5-170d7444012a",
"relationship--7a04a99d-8e97-47a2-b7de-bba7f6e0cf52"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cc92e69-74a8-4690-90f4-482d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:28:09.000Z",
"modified": "2019-05-01T05:28:09.000Z",
"pattern": "[url:value = 'http://45.227.252.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T05:28:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cc92e8a-6df8-4361-ab1b-4d4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:28:42.000Z",
"modified": "2019-05-01T05:28:42.000Z",
"description": "first stage",
"pattern": "[file:hashes.SHA1 = '9cfced68abe4f2c0dc5c42f47652592077c26fd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T05:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cc92e8a-a568-4e06-8c35-42c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:28:42.000Z",
"modified": "2019-05-01T05:28:42.000Z",
"description": "unpacked stage",
"pattern": "[file:hashes.SHA1 = 'e1111022deeeed0389ff01ebb02489c45fa2f71a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T05:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cc92fa3-f1cc-46c7-9084-48c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:33:23.000Z",
"modified": "2019-05-01T05:33:23.000Z",
"first_observed": "2019-05-01T05:33:23Z",
"last_observed": "2019-05-01T05:33:23Z",
"number_observed": 1,
"object_refs": [
"url--5cc92fa3-f1cc-46c7-9084-48c902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cc92fa3-f1cc-46c7-9084-48c902de0b81",
"value": "https://twitter.com/PRODAFT/status/1123241137710555136"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cc9443b-9b54-4abf-a421-1ba002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T07:01:15.000Z",
"modified": "2019-05-01T07:01:15.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.227.252.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T07:01:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cc92fee-df1c-4c88-837f-4d7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:34:38.000Z",
"modified": "2019-05-01T05:34:38.000Z",
"description": "Malicious kernel mode loader",
"pattern": "[file:hashes.SHA1 = '73f346da7642fae92677a71b01bfcd460f8604bc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T05:34:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--837ee41b-cf9d-4b16-8de6-383694cf6f5c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:42:46.000Z",
"modified": "2019-05-01T05:42:46.000Z",
"pattern": "[file:hashes.MD5 = '3ae249513649876a34c60e04f385e156' AND file:hashes.SHA1 = '9cfced68abe4f2c0dc5c42f47652592077c26fd6' AND file:hashes.SHA256 = '1284962d30eabb8e47261414350c01ec04555800a3866f4e6cf1e20816e25a2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-01T05:42:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cd55b14c-14bc-4c8c-86e5-170d7444012a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-05-01T05:42:47.000Z",
"modified": "2019-05-01T05:42:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-23T10:47:04",
"category": "Other",
"comment": "first stage",
"uuid": "09a8c2c4-491f-4dab-b9ba-2d669878f830"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1284962d30eabb8e47261414350c01ec04555800a3866f4e6cf1e20816e25a2e/analysis/1550918824/",
"category": "Payload delivery",
"comment": "first stage",
"uuid": "d63e7483-709b-4a33-9799-1109f24b823d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/66",
"category": "Payload delivery",
"comment": "first stage",
"uuid": "0f752f01-5f37-4c8a-8ad8-56622bfe8a6a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7a04a99d-8e97-47a2-b7de-bba7f6e0cf52",
"created": "2019-05-01T05:42:47.000Z",
"modified": "2019-05-01T05:42:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--837ee41b-cf9d-4b16-8de6-383694cf6f5c",
"target_ref": "x-misp-object--cd55b14c-14bc-4c8c-86e5-170d7444012a"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}