misp-circl-feed/feeds/circl/misp/5da8181a-37f4-4da7-b1bb-4c54950d210f.json

1 line
1.6 MiB
JSON
Raw Permalink Normal View History

2023-12-14 14:30:15 +00:00
{"Event": {"info": "OSINT - Connecting the dots: Exposing the arsenal and methods of the Winnti Group", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-malware=\"Winnti\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-malware=\"Winnti - S0141\""}, {"colour": "#10c300", "exportable": true, "name": "misp-galaxy:threat-actor=\"Axiom\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1158\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Cryptographic Protocol - T1032\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Data Manipulation - T1492\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"ShadowPad\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"ShadowPad\""}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}], "publish_timestamp": "0", "timestamp": "1572951336", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5da81b53-15a4-4423-8709-4387950d210f", "sharing_group_id": "0", "timestamp": "1571298131", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "8", "Attribute": [{"comment": "", "category": "Other", "uuid": "5da81b53-e9c0-46d1-a9de-490f950d210f", "timestamp": "1571298131", "to_ids": false, "value": ".@welivesecurity\r\n and @eset\r\n used @censysio\r\n to measure continued winnti attacks. Check out their white paper to learn about indicators o