misp-circl-feed/feeds/circl/misp/69df43bb-2c48-4b4d-aa85-8477e92cb010.json

{
  "Event": {
    "analysis": "1",
    "date": "2024-02-22",
    "extends_uuid": "",
    "info": "I-Soon / Anxun data leak in Github",
    "publish_timestamp": "1708686133",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1710248316",
    "uuid": "69df43bb-2c48-4b4d-aa85-8477e92cb010",
    "Orgc": {
      "name": "THA-CERT",
      "uuid": "58a4d347-8460-4fc7-a882-6728c0a82ae5"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "PAP:CLEAR",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Network activity",
        "comment": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672976",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "b654f397-3f2d-4fa2-a595-f0eb204794a4",
        "value": "8.218.67.52",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": true,
        "timestamp": "1708636569",
        "to_ids": false,
        "type": "link",
        "uuid": "8748d463-bd68-4c92-9a43-145fba7e7f8a",
        "value": "https://github.com/I-S00N/I-S00N"
      },
      {
        "category": "Network activity",
        "comment": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "62dcb0c7-95c6-495b-883d-ef943b74288d",
        "value": "118.31.3.116",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "Chinanet",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "0716d202-c2cb-444b-a86c-edaced876e6b",
        "value": "171.88.143.37",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "Luoyang",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "1fc9754b-30c5-4925-8fff-14a6a5eef03f",
        "value": "1.192.194.162",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "India Kolkata Aircel",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "64014b07-faf8-4490-8e8f-f918c7f91213",
        "value": "101.219.17.111",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "China Unicom",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "94fb148d-3ba1-45f1-a5e5-75499cd8b6b6",
        "value": "221.13.74.218",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "Chinanet",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "b9404608-78cb-44e3-a51c-106feb2525d3",
        "value": "171.88.142.148",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "Chinanet",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "6472ce15-9330-4e47-9862-9aa85ef21033",
        "value": "171.88.143.72",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "IT7NET",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672833",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "abc404be-9aa4-41ff-8eab-c82a64f4705c",
        "value": "66.98.127.105",
        "Tag": [
          {
            "colour": "#cc4900",
            "local": false,
            "name": "diamond-model:Infrastructure",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672898",
        "to_ids": false,
        "type": "link",
        "uuid": "d638e548-19d6-4987-befa-289210e1104b",
        "value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672898",
        "to_ids": false,
        "type": "link",
        "uuid": "e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
        "value": "https://x.com/ctiyeewesley/status/1760364208326418618"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1708672898",
        "to_ids": false,
        "type": "link",
        "uuid": "c6a9b73e-0094-4395-afe8-f7ebdceed729",
        "value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
        "meta-category": "network",
        "name": "domain-ip",
        "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
        "template_version": "11",
        "timestamp": "1708673121",
        "uuid": "2b352578-b6fe-46b7-ad3f-833487c39036",
        "Attribute": [
          {
            "category": "Network activity",
            "comment": "China Telecom - POISON CARP APT",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "ip",
            "timestamp": "1708673095",
            "to_ids": true,
            "type": "ip-dst",
            "uuid": "afd8bd8c-07e5-4bc0-a79b-113a73e37109",
            "value": "74.120.172.10",
            "Tag": [
              {
                "colour": "#cc4900",
                "local": false,
                "name": "diamond-model:Infrastructure",
                "relationship_type": ""
              }
            ]
          },
          {
            "category": "Network activity",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "domain",
            "timestamp": "1708673121",
            "to_ids": true,
            "type": "domain",
            "uuid": "e1bf6b62-e4ce-4772-bad2-4579970a287d",
            "value": "mailnotes.online"
          }
        ]
      }
    ]
  }
}
chg: [feeds] updated 2024-08-07 08:13:15 +00:00			`{`
			`"Event": {`
			`"analysis": "1",`
			`"date": "2024-02-22",`
			`"extends_uuid": "",`
			`"info": "I-Soon / Anxun data leak in Github",`
			`"publish_timestamp": "1708686133",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1710248316",`
			`"uuid": "69df43bb-2c48-4b4d-aa85-8477e92cb010",`
			`"Orgc": {`
			`"name": "THA-CERT",`
			`"uuid": "58a4d347-8460-4fc7-a882-6728c0a82ae5"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "tlp:clear",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"local": false,`
			`"name": "PAP:CLEAR",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672976",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "b654f397-3f2d-4fa2-a595-f0eb204794a4",`
			`"value": "8.218.67.52",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"timestamp": "1708636569",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "8748d463-bd68-4c92-9a43-145fba7e7f8a",`
			`"value": "https://github.com/I-S00N/I-S00N"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "62dcb0c7-95c6-495b-883d-ef943b74288d",`
			`"value": "118.31.3.116",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Chinanet",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "0716d202-c2cb-444b-a86c-edaced876e6b",`
			`"value": "171.88.143.37",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Luoyang",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "1fc9754b-30c5-4925-8fff-14a6a5eef03f",`
			`"value": "1.192.194.162",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "India Kolkata Aircel",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "64014b07-faf8-4490-8e8f-f918c7f91213",`
			`"value": "101.219.17.111",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "China Unicom",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "94fb148d-3ba1-45f1-a5e5-75499cd8b6b6",`
			`"value": "221.13.74.218",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Chinanet",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "b9404608-78cb-44e3-a51c-106feb2525d3",`
			`"value": "171.88.142.148",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Chinanet",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "6472ce15-9330-4e47-9862-9aa85ef21033",`
			`"value": "171.88.143.72",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "IT7NET",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672833",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "abc404be-9aa4-41ff-8eab-c82a64f4705c",`
			`"value": "66.98.127.105",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672898",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "d638e548-19d6-4987-befa-289210e1104b",`
			`"value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672898",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "e028f34d-5c61-4a47-a3ef-a742b7a30d9c",`
			`"value": "https://x.com/ctiyeewesley/status/1760364208326418618"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1708672898",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "c6a9b73e-0094-4395-afe8-f7ebdceed729",`
			`"value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx"`
			`}`
			`],`
			`"Object": [`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",`
			`"meta-category": "network",`
			`"name": "domain-ip",`
			`"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",`
			`"template_version": "11",`
			`"timestamp": "1708673121",`
			`"uuid": "2b352578-b6fe-46b7-ad3f-833487c39036",`
			`"Attribute": [`
			`{`
			`"category": "Network activity",`
			`"comment": "China Telecom - POISON CARP APT",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "ip",`
			`"timestamp": "1708673095",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "afd8bd8c-07e5-4bc0-a79b-113a73e37109",`
			`"value": "74.120.172.10",`
			`"Tag": [`
			`{`
			`"colour": "#cc4900",`
			`"local": false,`
			`"name": "diamond-model:Infrastructure",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "domain",`
			`"timestamp": "1708673121",`
			`"to_ids": true,`
			`"type": "domain",`
			`"uuid": "e1bf6b62-e4ce-4772-bad2-4579970a287d",`
			`"value": "mailnotes.online"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`