Guest User

Untitled

a guest
Apr 27th, 2021
64
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. {
  2. "id": "ORGNAME:Package-6592cb54-ffd0-441e-bb15-fef4a102d8e3",
  3. "version": "1.1.1",
  4. "stix_header": {
  5. "package_intent": [
  6. {
  7. "value": "Threat Report",
  8. "xsi:type": "stixVocabs:PackageIntentVocab-1.0"
  9. }
  10. ],
  11. "title": "Export from ORGNAME MISP"
  12. },
  13. "observables": {
  14. "cybox_major_version": "2",
  15. "cybox_minor_version": "1",
  16. "cybox_update_version": "0"
  17. },
  18. "timestamp": "2021-04-27T11:15:23.390575",
  19. "related_packages": [
  20. {
  21. "package": {
  22. "id": "ORGNAME:STIXPackage-a2bf9fc9-7996-4a44-afbb-bfa2aa315bef",
  23. "version": "1.1.1",
  24. "stix_header": {
  25. "package_intent": [
  26. {
  27. "value": "Threat Report",
  28. "xsi:type": "stixVocabs:PackageIntentVocab-1.0"
  29. }
  30. ],
  31. "title": "Export from ORGNAME MISP"
  32. },
  33. "observables": {
  34. "cybox_major_version": "2",
  35. "cybox_minor_version": "1",
  36. "cybox_update_version": "0"
  37. },
  38. "incidents": [
  39. {
  40. "id": "ORGNAME:Incident-a2bf9fc9-7996-4a44-afbb-bfa2aa315bef",
  41. "title": "Behzad Mesri Indictment",
  42. "timestamp": "1970-01-01T00:00:00",
  43. "related_indicators": {
  44. "indicators": [
  45. {
  46. "relationship": "followthemoney",
  47. "indicator": {
  48. "id": "ORGNAME:MISPObject-a11e6c31-e908-4e8d-9612-f2194a9d9434",
  49. "title": "followthemoney: ftm-Organization (MISP Object)",
  50. "description": "Organisational associations for Behzad Mesri",
  51. "timestamp": "2021-04-27T11:03:15",
  52. "observable": {
  53. "id": "ORGNAME:ftm-OrganizationCustom-a11e6c31-e908-4e8d-9612-f2194a9d9434",
  54. "object": {
  55. "id": "ORGNAME:ftm-OrganizationCustomObject-a11e6c31-e908-4e8d-9612-f2194a9d9434",
  56. "properties": {
  57. "custom_properties": [
  58. {
  59. "value": "Islamic Revolutionary Guard Corps (IRGC)",
  60. "name": "ftm-Organization text: name"
  61. },
  62. {
  63. "value": "Iran",
  64. "name": "ftm-Organization text: country"
  65. },
  66. {
  67. "value": "https://www.fbi.gov/wanted/cyber/copy_of_behzad-mesri/@@download.pdf",
  68. "name": "ftm-Organization url: sourceUrl"
  69. }
  70. ],
  71. "xsi:type": "CustomObjectType"
  72. }
  73. }
  74. },
  75. "indicator_types": [
  76. {
  77. "value": "Malware Artifacts",
  78. "xsi:type": "stixVocabs:IndicatorTypeVocab-1.1"
  79. }
  80. ],
  81. "suggested_coas": {},
  82. "sightings": {},
  83. "kill_chain_phases": {},
  84. "related_indicators": {},
  85. "related_campaigns": {},
  86. "related_packages": {},
  87. "producer": {
  88. "identity": {
  89. "name": "MaleficentLab"
  90. }
  91. },
  92. "valid_time_positions": [
  93. {}
  94. ]
  95. }
  96. },
  97. {
  98. "relationship": "followthemoney",
  99. "indicator": {
  100. "id": "ORGNAME:MISPObject-33097c77-ecde-4925-b67d-f6f34c2b7894",
  101. "title": "followthemoney: ftm-Organization (MISP Object)",
  102. "description": "followthemoney: ftm-Organization (MISP Object)",
  103. "timestamp": "2021-04-27T11:07:08",
  104. "observable": {
  105. "id": "ORGNAME:ftm-OrganizationCustom-33097c77-ecde-4925-b67d-f6f34c2b7894",
  106. "object": {
  107. "id": "ORGNAME:ftm-OrganizationCustomObject-33097c77-ecde-4925-b67d-f6f34c2b7894",
  108. "properties": {
  109. "custom_properties": [
  110. {
  111. "value": "Net Peygard Samavat Company",
  112. "name": "ftm-Organization text: name"
  113. },
  114. {
  115. "value": "Iran",
  116. "name": "ftm-Organization text: country"
  117. },
  118. {
  119. "value": "https://home.treasury.gov/news/press-releases/sm611",
  120. "name": "ftm-Organization url: sourceUrl"
  121. }
  122. ],
  123. "xsi:type": "CustomObjectType"
  124. }
  125. }
  126. },
  127. "indicator_types": [
  128. {
  129. "value": "Malware Artifacts",
  130. "xsi:type": "stixVocabs:IndicatorTypeVocab-1.1"
  131. }
  132. ],
  133. "suggested_coas": {},
  134. "sightings": {},
  135. "kill_chain_phases": {},
  136. "related_indicators": {},
  137. "related_campaigns": {},
  138. "related_packages": {},
  139. "producer": {
  140. "identity": {
  141. "name": "MaleficentLab"
  142. }
  143. },
  144. "valid_time_positions": [
  145. {}
  146. ]
  147. }
  148. }
  149. ]
  150. },
  151. "related_observables": {
  152. "observables": [
  153. {
  154. "relationship": "followthemoney",
  155. "observable": {
  156. "id": "ORGNAME:ftm-PersonCustom-1ce81dbe-c41f-4369-bc39-9c07fa2aca93",
  157. "object": {
  158. "id": "ORGNAME:ftm-PersonCustomObject-1ce81dbe-c41f-4369-bc39-9c07fa2aca93",
  159. "properties": {
  160. "custom_properties": [
  161. {
  162. "value": "BEHZAD MESRI",
  163. "name": "ftm-Person text: name"
  164. },
  165. {
  166. "value": "1988-08-24",
  167. "name": "ftm-Person text: birthDate"
  168. },
  169. {
  170. "value": "Iran",
  171. "name": "ftm-Person text: country"
  172. },
  173. {
  174. "value": "Iranian",
  175. "name": "ftm-Person text: nationality"
  176. },
  177. {
  178. "value": "https://www.fbi.gov/wanted/cyber/copy_of_behzad-mesri",
  179. "name": "ftm-Person text: retrievedAt"
  180. },
  181. {
  182. "value": "Male",
  183. "name": "ftm-Person text: gender"
  184. },
  185. {
  186. "value": "Skote Vahshat",
  187. "name": "ftm-Person text: alias"
  188. },
  189. {
  190. "value": "Naghadeh, Iran",
  191. "name": "ftm-Person text: birthPlace"
  192. },
  193. {
  194. "value": "Behzad",
  195. "name": "ftm-Person text: firstName"
  196. },
  197. {
  198. "value": "Mesri",
  199. "name": "ftm-Person text: lastName"
  200. },
  201. {
  202. "value": "Iran",
  203. "name": "ftm-Person text: mainCountry"
  204. }
  205. ],
  206. "xsi:type": "CustomObjectType"
  207. }
  208. }
  209. }
  210. }
  211. ]
  212. },
  213. "related_incidents": {},
  214. "related_packages": {},
  215. "leveraged_ttps": {},
  216. "time": {
  217. "incident_discovery": "2021-04-27T00:00:00",
  218. "incident_reported": "1970-01-01T00:00:00"
  219. },
  220. "handling": [
  221. {
  222. "marking_structures": [
  223. {
  224. "statement": "misp-galaxy:threat-actor=\"APT35\"",
  225. "xsi:type": "simpleMarking:SimpleMarkingStructureType"
  226. }
  227. ]
  228. },
  229. {
  230. "marking_structures": [
  231. {
  232. "statement": "misp-galaxy:threat-actor=\"Cleaver\"",
  233. "xsi:type": "simpleMarking:SimpleMarkingStructureType"
  234. }
  235. ]
  236. }
  237. ],
  238. "external_ids": [
  239. {
  240. "value": "3",
  241. "source": "MISP Event"
  242. }
  243. ],
  244. "status": {
  245. "value": "Open",
  246. "xsi:type": "stixVocabs:IncidentStatusVocab-1.0"
  247. },
  248. "information_source": {
  249. "identity": {
  250. "name": "MaleficentLab"
  251. }
  252. },
  253. "reporter": {
  254. "identity": {
  255. "name": "MaleficentLab"
  256. }
  257. },
  258. "history": {
  259. "history_items": [
  260. {
  261. "journal_entry": {
  262. "value": "Event Threat Level: Undefined",
  263. "time_precision": "second"
  264. }
  265. },
  266. {
  267. "journal_entry": {
  268. "value": "MISP Tag: misp:tool=\"misp2stix\"",
  269. "time_precision": "second"
  270. }
  271. }
  272. ]
  273. }
  274. }
  275. ],
  276. "threat_actors": [
  277. {
  278. "id": "ORGNAME:ThreatActor-b8967b3c-3bc9-11e8-8701-8b1ead8c099e",
  279. "title": "APT35",
  280. "description": "FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.",
  281. "timestamp": "2021-04-27T11:15:23.794039+00:00",
  282. "observed_ttps": {},
  283. "associated_campaigns": {},
  284. "associated_actors": {},
  285. "related_packages": {}
  286. },
  287. {
  288. "id": "ORGNAME:ThreatActor-86724806-7ec9-4a48-a0a7-ecbde3bf4810",
  289. "title": "Cleaver",
  290. "description": "A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. This threat actor targets entities in the government, energy, and technology sectors that are located in or do business with Saudi Arabia.",
  291. "timestamp": "2021-04-27T11:15:23.794721+00:00",
  292. "observed_ttps": {},
  293. "associated_campaigns": {},
  294. "associated_actors": {},
  295. "related_packages": {},
  296. "intended_effects": [
  297. {
  298. "timestamp": "2021-04-27T11:15:23.794806+00:00",
  299. "timestamp_precision": "second",
  300. "value": "Espionage"
  301. }
  302. ]
  303. }
  304. ],
  305. "timestamp": "2021-04-27T11:12:23"
  306. }
  307. }
  308. ]
  309. }
RAW Paste Data