misp-circl-feed/feeds/circl/misp/5a0d5bf4-99c8-4f15-9879-22b1950d210f.json

1 line
158 KiB
JSON
Raw Permalink Normal View History

2023-12-14 14:30:15 +00:00
{"Event": {"info": "OSINT - HIDDEN COBRA \u2013 North Korean Remote Administration Tool: FALLCHILL", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#002b4a", "exportable": true, "name": "osint:source-type=\"technical-report\""}, {"colour": "#13eb00", "exportable": true, "name": "misp-galaxy:threat-actor=\"Lazarus Group\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:rat=\"FALLCHILL\""}], "publish_timestamp": "0", "timestamp": "1511183733", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a0d68b2-c4d0-4721-936b-77bb950d210f", "sharing_group_id": "0", "timestamp": "1510828210", "description": "File object describing a file with meta-information", "template_version": "4", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a0d68b3-9de8-4b28-ab58-77bb950d210f", "timestamp": "1510828211", "to_ids": true, "value": "e48fe20eb1f5a5887f2ac631fed9ed63", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5a0d68b3-f5ec-470e-8e6f-77bb950d210f", "timestamp": "1510828211", "to_ids": false, "value": "5.49321665686", "disable_correlation": false, "object_relation": "entropy", "type": "float"}, {"comment": "", "category": "Payload delivery", "uuid": "5a0d68b3-6da0-4ced-8233-77bb950d210f", "timestamp": "1510828211", "to_ids": true, "value": "E48FE20EB1F5A5887F2AC631FED9ED63", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a0d68b3-2600-4859-a347-77bb950d210f", "timestamp": "1510828211", "to_ids": true, "value": "f83f30bd284074d1daaf2e262a280ca780791f2c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a0d68b3-6138-4c7f-987c-77bb950d210f", "timestamp": "1510828211", "to_ids": true, "value": "1536:qJhDLw1yDhhzoN/e/C/O/C/a/D/I26251K06Zk/XrqqitM4NvL:qvfw1ahEVOS+Sq7IN251ikzq5tM4NvL", "disable_correlation": false, "object_relation": "ssdeep", "type": "ssdeep"}, {"comment": "", "category": "Other", "uuid": "5a0d68b3-c3f0-4fe1-9479-77bb950d210f", "timestamp": "1510828211", "to_ids": false, "value": "94208", "disable_correlation": false, "object_relation": "size-in-bytes", "type": "size-in-bytes"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "uuid": "5a0d6aa6-a230-4f7b-8ab3-469a950d210f", "sharing_group_id": "0", "timestamp": "1510828710", "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.", "template_version": "4", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a0d6aa6-4254-40d9-8d15-407e950d210f", "timestamp": "1510828710", "to_ids": false, "value": "443", "disable_correlation": false, "object_relation": "dst-port", "type": "port"}, {"comment": "", "category": "Network activity", "uuid": "5a0d6aa6-ab7c-45af-a562-45d4950d210f", "timestamp": "1510828710", "to_ids": true, "value": "125.212.132.222", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}], "distribution": "5", "meta-category": "network", "name": "ip-port"}, {"comment": "", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "uuid": "5a0d6abb-4910-4c4c-9004-7753950d210f", "sharing_group_id": "0", "timestamp": "1510828731", "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.", "template_version": "4", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5a0d6abb-6300-44e7-82fb-7753950d210f", "timestamp": "1510828731", "to_ids": false, "value": "443", "disable_correlation": false, "object_relation": "dst-port", "type": "port"}, {"comment": "", "category": "Network activity", "uuid": "5a0d6abb-d8d0-414c-89bb-7753950d210f", "timestamp": "1510828731", "to_ids": true, "value": "175.100.189.174", "disable_correlation"