adulau/misp-circl-feed
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/489836ca-1176-4799-a698-877dc53b085f.json

232 lines
7 KiB
JSON
Raw Permalink Normal View History

chg: [feeds] updated
2024-12-27 11:52:46 +01:00
{
"Event": {
"analysis": "0",
"date": "2024-08-23",
"extends_uuid": "",
"info": "Fake booking.com service website gathering PII including passport",
"publish_timestamp": "1724404149",
"published": true,
"threat_level_id": "3",
"timestamp": "1724404100",
"uuid": "489836ca-1176-4799-a698-877dc53b085f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:sector=\"Hospitality\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Identify people of interest - T1269\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1268\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:mitre-attack-pattern=\"Identify sensitive personnel information - T1274\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Initial IP used for the setup of the malicious domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1724402790",
"to_ids": true,
"type": "ip-dst",
"uuid": "70b55dc9-5e51-455a-8aa4-e1e308514e9f",
"value": "93.157.63.150"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1724402820",
"to_ids": true,
"type": "domain",
"uuid": "6256e4f9-529d-4c62-9e7b-c9352b3727f4",
"value": "1fcaa.sbs"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1724402821",
"to_ids": true,
"type": "domain",
"uuid": "320d0f08-228c-46b5-82d3-60299d8fe8bd",
"value": "1fcca.pw"
}
],
"Object": [
{
"comment": "Email src trying to get PII documents",
"deleted": false,
"description": "Email object describing an email with meta-information",
"meta-category": "network",
"name": "email",
"template_uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"template_version": "19",
"timestamp": "1724403391",
"uuid": "cbda1fcf-aa3d-41b1-a896-6b9602b31b1c",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "from",
"timestamp": "1724403391",
"to_ids": true,
"type": "email-src",
"uuid": "c0514f41-c0ab-4b4d-94cc-df55f0972b7f",
"value": "michael.gutbier@posteo.com"
}
]
},
{
"comment": "Enriched via the url_import module",
"deleted": false,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"name": "url",
"template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"template_version": "9",
"timestamp": "1724403803",
"uuid": "0c14752c-cb54-45e0-bd0f-55778c8e6354",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1724403803",
"to_ids": true,
"type": "url",
"uuid": "46bdcb92-7e9f-4a32-a582-2fe57a652bb3",
"value": "https://booking-0ef4-8213-ae7f-3fec3e22.1facc.pw/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "tld",
"timestamp": "1724403803",
"to_ids": false,
"type": "text",
"uuid": "46f21676-63dd-4cd6-abce-a47a329bdc53",
"value": "pw"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "subdomain",
"timestamp": "1724403803",
"to_ids": false,
"type": "text",
"uuid": "e3e2b103-2d60-4abc-bbc0-517c3d291cb2",
"value": "booking-0ef4-8213-ae7f-3fec3e22"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "resource_path",
"timestamp": "1724403803",
"to_ids": false,
"type": "text",
"uuid": "fdcf3a2f-ea01-4d19-8257-7921e65f0e79",
"value": "/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "host",
"timestamp": "1724403803",
"to_ids": true,
"type": "hostname",
"uuid": "d58f7986-54b9-4b38-ad46-93f7722c44aa",
"value": "booking-0ef4-8213-ae7f-3fec3e22.1facc.pw"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain_without_tld",
"timestamp": "1724403803",
"to_ids": false,
"type": "text",
"uuid": "f3134ddb-fb41-4aa5-8d5e-040e1c0d0edc",
"value": "1facc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1724403803",
"to_ids": true,
"type": "domain",
"uuid": "632380de-b334-42d9-83b0-dd9857b928a8",
"value": "1facc.pw"
}
]
}
]
}
}
Reference in a new issue Copy permalink