adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59a516e2-a578-44e4-9689-4fe1950d210f.json

240 lines
No EOL
10 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59a516e2-a578-44e4-9689-4fe1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:18.000Z",
"modified": "2017-08-29T13:33:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59a516e2-a578-44e4-9689-4fe1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:18.000Z",
"modified": "2017-08-29T13:33:18.000Z",
"name": "OSINT - New Nuclear BTCWare Ransomware Released",
"published": "2017-08-29T15:57:29Z",
"object_refs": [
"observed-data--59a5171c-2494-412d-a8db-449d950d210f",
"url--59a5171c-2494-412d-a8db-449d950d210f",
"x-misp-attribute--59a51730-937c-4441-b40b-4796950d210f",
"indicator--59a5175b-4ce4-475f-8b98-470b950d210f",
"indicator--59a517b0-ee14-4ba8-a01d-499c950d210f",
"indicator--59a517eb-62cc-48b3-b60c-4a26950d210f",
"indicator--59a56d1a-c994-47da-bc97-1ab802de0b81",
"indicator--59a56d1a-09b4-4e85-9f31-1ab802de0b81",
"observed-data--59a56d1a-699c-4782-a236-1ab802de0b81",
"url--59a56d1a-699c-4782-a236-1ab802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a5171c-2494-412d-a8db-449d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"first_observed": "2017-08-29T13:33:14Z",
"last_observed": "2017-08-29T13:33:14Z",
"number_observed": 1,
"object_refs": [
"url--59a5171c-2494-412d-a8db-449d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a5171c-2494-412d-a8db-449d950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-nuclear-btcware-ransomware-released/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59a51730-937c-4441-b40b-4796950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "A new variant of the BTCWare ransomware was discovered by ID-Ransomware's Michael Gillespie that appends the .[affiliate_email].nuclear extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services. Once they are able to gain access to a computer, they will install the ransomware and encrypt the victim's files."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a5175b-4ce4-475f-8b98-470b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"pattern": "[file:hashes.SHA256 = 'd5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-29T13:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a517b0-ee14-4ba8-a01d-499c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"pattern": "[file:name = 'Help.hta']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-29T13:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a517eb-62cc-48b3-b60c-4a26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"pattern": "[email-message:from_ref.value = 'black.world@tuta.io']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-29T13:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a56d1a-c994-47da-bc97-1ab802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"description": "- Xchecked via VT: d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41",
"pattern": "[file:hashes.SHA1 = '3dcaa81e30d0fb389f95f8af114b0846b28fcc26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-29T13:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a56d1a-09b4-4e85-9f31-1ab802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"description": "- Xchecked via VT: d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41",
"pattern": "[file:hashes.MD5 = 'f55f84089c903777e00194b1407df417']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-29T13:33:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a56d1a-699c-4782-a236-1ab802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-29T13:33:14.000Z",
"modified": "2017-08-29T13:33:14.000Z",
"first_observed": "2017-08-29T13:33:14Z",
"last_observed": "2017-08-29T13:33:14Z",
"number_observed": 1,
"object_refs": [
"url--59a56d1a-699c-4782-a236-1ab802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a56d1a-699c-4782-a236-1ab802de0b81",
"value": "https://www.virustotal.com/file/d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41/analysis/1503992287/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink