misp-circl-feed/feeds/circl/misp/be8c3307-4b09-4ddf-af24-41c2385d8036.json

247 lines
7.2 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2022-08-29",
"extends_uuid": "",
"info": "Remcos RAT New TTPS \u2013 Detection & Response",
"publish_timestamp": "1666619765",
"published": true,
"threat_level_id": "1",
"timestamp": "1661935212",
"uuid": "be8c3307-4b09-4ddf-af24-41c2385d8036",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:malpedia=\"Remcos\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-tool=\"Remcos - S0332\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:rat=\"Remcos\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929982",
"to_ids": true,
"type": "md5",
"uuid": "df994929-4233-49d8-8ee1-fe74efa43e04",
"value": "6d25e04e66cccb61648f34728af7c2f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929982",
"to_ids": true,
"type": "md5",
"uuid": "9968fbe6-da06-43b8-a264-f972a350bc74",
"value": "f331c18c3f685d245d40911d3bd20519"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929982",
"to_ids": true,
"type": "md5",
"uuid": "3276f7e4-03a3-4c09-9d4d-e8a0dcd39e05",
"value": "8cea687c5c02c9b71303c53dc2641f03"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929997",
"to_ids": true,
"type": "url",
"uuid": "5510130e-924e-4efc-9b33-76ac8c0b5495",
"value": "http://geoplugin.net/json.gp"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929997",
"to_ids": true,
"type": "hostname",
"uuid": "54ec8646-3bba-4695-85be-3399b0294058",
"value": "falimore001.hopto.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929997",
"to_ids": true,
"type": "ip-dst",
"uuid": "da77edf5-854d-4a5c-ae31-cdc72e63c2ab",
"value": "178.237.33.50"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661929997",
"to_ids": true,
"type": "ip-dst",
"uuid": "0116dee7-8bb3-44d5-89ee-0e48099ec265",
"value": "194.147.140.29"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661930088",
"to_ids": true,
"type": "sha256",
"uuid": "e47a293f-bb9c-486d-8d1d-1ababb321a9e",
"value": "bf7212910de7bff455c3b3fe4b3a1a05059fe0da0c29e69b3aef492fe2a66fc0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661930088",
"to_ids": true,
"type": "sha256",
"uuid": "43213f12-3d3d-4e84-9304-ad3e97814c35",
"value": "af9596cf630f0f3e6e453ac8bdd6671f84feb65a057483ec5f620d04f4068209"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661930088",
"to_ids": true,
"type": "sha256",
"uuid": "ca123a03-e340-441a-aa28-ab5fd1284558",
"value": "e2816883a7a514fe1a3fbce95c04c2fc735f0c7ab872f7c23978388c42aea5c2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661935212",
"to_ids": true,
"type": "filename",
"uuid": "2eb72bd3-77a7-4040-aae7-2879896ca54e",
"value": "%WINDIR%\\Microsoft.NET\\Framework64\\v4.0.30319\\vbc.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1661935212",
"to_ids": true,
"type": "filename",
"uuid": "640fee1c-2637-4c90-bf25-ef1563fcca05",
"value": "%WINDIR%\\Microsoft.NET\\Framework64\\v4.0.30319\\vbc.exe.config"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1661863367",
"uuid": "53d47357-bc5c-4c53-b3d5-fca18380b817",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1661863367",
"to_ids": false,
"type": "link",
"uuid": "7bbed825-6ab9-4612-887e-1623b04429bb",
"value": "https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1661868209",
"uuid": "06ec68ed-5627-4d27-b9c0-3fe3e0b9e50a",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1661868209",
"to_ids": false,
"type": "link",
"uuid": "c51bbd6b-ba7a-4370-97fb-09972c3b3b0d",
"value": "https://otx.alienvault.com/pulse/630cbb6eb1975f82211a702f"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}