adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5d108cdd-eae4-471e-b0ca-7ad4950d210f.json

494 lines
No EOL
22 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5d108cdd-eae4-471e-b0ca-7ad4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:26.000Z",
"modified": "2019-07-19T09:16:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5d108cdd-eae4-471e-b0ca-7ad4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:26.000Z",
"modified": "2019-07-19T09:16:26.000Z",
"name": "OSINT - Felipe, a new infostealer Trojan",
"context": "suspicious-activity",
"object_refs": [
"indicator--5d109aae-7258-4c36-82d2-349d950d210f",
"indicator--5d10a4dd-9130-4c72-b3ec-482d950d210f",
"indicator--5d10a4dd-8900-4d2d-89a9-4b84950d210f",
"indicator--5d109029-f448-4859-b7c3-acd8950d210f",
"indicator--5d1092e1-eb28-463b-83ec-47da950d210f",
"indicator--5d10960d-6330-4179-8a72-34c0950d210f",
"indicator--5d10968d-e280-472b-9a3f-55b2950d210f",
"indicator--5d10a495-ca5c-4920-bb2d-4e7a950d210f",
"indicator--88a609e6-3d3d-4325-bac6-6be3cd920d7b",
"x-misp-object--855e4596-70af-4ec9-8471-2efd8ba7ea66",
"indicator--0b40b29f-6b71-4cfb-b529-2b30ea155b66",
"x-misp-object--25782699-9e62-4a5c-a1d3-f6bbdcec04cb",
"x-misp-object--02aee86e-c588-4ea9-bd2e-aef1535846cd",
"x-misp-object--ecc0c45a-2208-4171-a606-ccacbe28b955",
"relationship--e1860d49-68bb-41a9-b421-64c280f4e04f",
"relationship--fdb482bf-00bc-4a4b-9551-eb997ff77481",
"relationship--95a105d0-e7e5-4047-b0d9-971f22d08b7b",
"relationship--bacb93fd-56da-4bae-8947-5b012cc277fb"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"malware_classification:malware-category=\"Trojan\"",
"ms-caro-malware:malware-type=\"Trojan\"",
"ms-caro-malware-full:malware-type=\"Trojan\"",
"ecsirt:malicious-code=\"trojan\"",
"CERT-XLM:malicious-code=\"trojan-malware\"",
"keylogger/infostealer",
"workflow:state=\"incomplete\"",
"workflow:todo=\"add-missing-misp-galaxy-cluster-values\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d109aae-7258-4c36-82d2-349d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T09:41:02.000Z",
"modified": "2019-06-24T09:41:02.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.99.215.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T09:41:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d10a4dd-9130-4c72-b3ec-482d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T10:24:29.000Z",
"modified": "2019-06-24T10:24:29.000Z",
"description": "Download URLs",
"pattern": "[url:value = '192.99.215.95/uploads']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T10:24:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d10a4dd-8900-4d2d-89a9-4b84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T10:24:29.000Z",
"modified": "2019-06-24T10:24:29.000Z",
"description": "Download URLs",
"pattern": "[domain-name:value = 'inmemory.tech']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T10:24:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d109029-f448-4859-b7c3-acd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:19.000Z",
"modified": "2019-07-19T09:16:19.000Z",
"pattern": "[file:hashes.MD5 = '15ce8f849fff4cc8675900ec838a93f9' AND file:name = 'vshost.exe' AND file:parent_directory_ref.path = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\Local Settings\\\\Temp\\\\vshost.exe' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\vshost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-19T09:16:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d1092e1-eb28-463b-83ec-47da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:20.000Z",
"modified": "2019-07-19T09:16:20.000Z",
"pattern": "[file:hashes.MD5 = 'd912771c8cd5720ad835e08eb80a77b6' AND file:name = 'explorer32.exe' AND file:parent_directory_ref.path = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\Local Settings\\\\Temp\\\\explorer32.exe' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\explorer32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-19T09:16:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d10960d-6330-4179-8a72-34c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T09:50:02.000Z",
"modified": "2019-06-24T09:50:02.000Z",
"pattern": "[file:hashes.MD5 = '7d016a3bb29904a6e00161694fc6ab4e' AND file:name = 'install2.bat' AND file:parent_directory_ref.path = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\Local Settings\\\\Temp\\\\install2.bat' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\install2.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T09:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d10968d-e280-472b-9a3f-55b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T09:23:25.000Z",
"modified": "2019-06-24T09:23:25.000Z",
"pattern": "[file:name = 'infect.txt' AND file:parent_directory_ref.path = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\Local Settings\\\\Temp\\\\infect.txt' AND file:x_misp_fullpath = '\\\\%UserProfile\\\\%\\\\AppData\\\\Local\\\\Temp\\\\infect.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T09:23:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d10a495-ca5c-4920-bb2d-4e7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-24T10:23:17.000Z",
"modified": "2019-06-24T10:23:17.000Z",
"pattern": "[file:hashes.MD5 = '61b06e49d514f3dc5be4f4ef08f6b43c' AND file:name = 'down.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-24T10:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--88a609e6-3d3d-4325-bac6-6be3cd920d7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-18T09:41:39.000Z",
"modified": "2019-07-18T09:41:39.000Z",
"pattern": "[file:hashes.MD5 = '15ce8f849fff4cc8675900ec838a93f9' AND file:hashes.SHA1 = '5089aa7a2895e07a9f182a77407f8d7570c7ad56' AND file:hashes.SHA256 = 'bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-18T09:41:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--855e4596-70af-4ec9-8471-2efd8ba7ea66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-18T09:41:39.000Z",
"modified": "2019-07-18T09:41:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-19 21:05:11",
"category": "Other",
"uuid": "cbaec671-305f-4f57-aef0-4cd165490955"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1/analysis/1560978311/",
"category": "Payload delivery",
"uuid": "05e95691-153a-4e2d-8120-a6da025b555a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/72",
"category": "Payload delivery",
"uuid": "e402f89d-c139-423b-90a9-9432114dd561"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b40b29f-6b71-4cfb-b529-2b30ea155b66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-18T09:41:40.000Z",
"modified": "2019-07-18T09:41:40.000Z",
"pattern": "[file:hashes.MD5 = 'd912771c8cd5720ad835e08eb80a77b6' AND file:hashes.SHA1 = '24767b14ab8ab53a3194ad16ba65cf9a5e2279e7' AND file:hashes.SHA256 = 'ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-18T09:41:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--25782699-9e62-4a5c-a1d3-f6bbdcec04cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-18T09:41:41.000Z",
"modified": "2019-07-18T09:41:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-20 22:19:40",
"category": "Other",
"uuid": "ee2f27a1-5677-47a6-8e25-ddc8113659fb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d/analysis/1561069180/",
"category": "Payload delivery",
"uuid": "ad6c4b04-e40b-4195-83ae-3320c5554afd"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/72",
"category": "Payload delivery",
"uuid": "48eda93b-9a4a-4564-95b5-0bf61abfd7ff"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--02aee86e-c588-4ea9-bd2e-aef1535846cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:20.000Z",
"modified": "2019-07-19T09:16:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-20 22:19:40",
"category": "Other",
"uuid": "a34f65ae-9d55-4730-b4bc-d9743afa3bd9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ae0655e0a18286a797171a891c96ca9fed5e880ad171bfeb21ed6c0afc00261d/analysis/1561069180/",
"category": "Payload delivery",
"uuid": "749ba503-e2a8-4491-8c9c-0e607d2cd3dc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/72",
"category": "Payload delivery",
"uuid": "c9a70846-ec1a-4716-85a2-18ae57937c17"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ecc0c45a-2208-4171-a606-ccacbe28b955",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-19T09:16:20.000Z",
"modified": "2019-07-19T09:16:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-19 21:05:11",
"category": "Other",
"uuid": "7f93341a-29e0-4a52-b71a-15b07b632f4a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bf6e6c7808a9bb023fc1fea1822438ad0b6ebefd1bdc703d2acb280c328a4eb1/analysis/1560978311/",
"category": "Payload delivery",
"uuid": "f3e93485-3178-490f-a77a-0412f6d09e1a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/72",
"category": "Payload delivery",
"uuid": "52fb0fb6-0dce-4d09-a876-820f06f4762d"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e1860d49-68bb-41a9-b421-64c280f4e04f",
"created": "2019-07-19T09:16:20.000Z",
"modified": "2019-07-19T09:16:20.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5d109029-f448-4859-b7c3-acd8950d210f",
"target_ref": "x-misp-object--ecc0c45a-2208-4171-a606-ccacbe28b955"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fdb482bf-00bc-4a4b-9551-eb997ff77481",
"created": "2019-07-19T09:16:20.000Z",
"modified": "2019-07-19T09:16:20.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5d1092e1-eb28-463b-83ec-47da950d210f",
"target_ref": "x-misp-object--02aee86e-c588-4ea9-bd2e-aef1535846cd"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--95a105d0-e7e5-4047-b0d9-971f22d08b7b",
"created": "2019-07-18T09:41:42.000Z",
"modified": "2019-07-18T09:41:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--88a609e6-3d3d-4325-bac6-6be3cd920d7b",
"target_ref": "x-misp-object--855e4596-70af-4ec9-8471-2efd8ba7ea66"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bacb93fd-56da-4bae-8947-5b012cc277fb",
"created": "2019-07-18T09:41:42.000Z",
"modified": "2019-07-18T09:41:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0b40b29f-6b71-4cfb-b529-2b30ea155b66",
"target_ref": "x-misp-object--25782699-9e62-4a5c-a1d3-f6bbdcec04cb"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink