adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a69e332-f944-46f8-b172-637202de0b81.json

280 lines
12 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a69e332-f944-46f8-b172-637202de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-26T03:00:57.000Z",
"modified": "2018-01-26T03:00:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a69e332-f944-46f8-b172-637202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-26T03:00:57.000Z",
"modified": "2018-01-26T03:00:57.000Z",
"name": "OSINT - Masuta : Satori Creators\u00e2\u20ac\u2122 Second Botnet Weaponizes A New Router Exploit.",
"published": "2018-02-16T08:52:08Z",
"object_refs": [
"observed-data--5a69e33e-c4d8-40e4-95d5-4ea302de0b81",
"url--5a69e33e-c4d8-40e4-95d5-4ea302de0b81",
"x-misp-attribute--5a69e357-429c-4316-8060-4ae502de0b81",
"indicator--5a69e86e-d27c-403a-b897-4c5f02de0b81",
"observed-data--5a69e899-1048-4d87-b715-47f002de0b81",
"url--5a69e899-1048-4d87-b715-47f002de0b81",
"observed-data--5a69e9d9-f204-4cfc-8b59-492e02de0b81",
"url--5a69e9d9-f204-4cfc-8b59-492e02de0b81",
"observed-data--5a69e9fa-c15c-4663-af99-4d0d02de0b81",
"url--5a69e9fa-c15c-4663-af99-4d0d02de0b81",
"x-misp-attribute--5a69eb37-ae04-447b-a4ef-401402de0b81",
"x-misp-object--5a69e390-b5f0-42c1-a638-446502de0b81",
"x-misp-object--5a69e3c4-c604-4e3a-b1ed-4b1a02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ms-caro-malware:malware-platform=\"Linux\"",
"misp-galaxy:threat-actor=\"Nexus Zeta\"",
"misp-galaxy:tool=\"Masuta\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69e33e-c4d8-40e4-95d5-4ea302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:01:34.000Z",
"modified": "2018-01-25T14:01:34.000Z",
"first_observed": "2018-01-25T14:01:34Z",
"last_observed": "2018-01-25T14:01:34Z",
"number_observed": 1,
"object_refs": [
"url--5a69e33e-c4d8-40e4-95d5-4ea302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a69e33e-c4d8-40e4-95d5-4ea302de0b81",
"value": "https://blog.newskysecurity.com/masuta-satori-creators-second-botnet-weaponizes-a-new-router-exploit-2ddc51cc52a7"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a69e357-429c-4316-8060-4ae502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:01:59.000Z",
"modified": "2018-01-25T14:01:59.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Since the inception of the Mirai code leak, many botnets have been seen in the IoT threat landscape. While some of them are clearly Mirai carbon copies, others have added new attack methods, often taking the route of exploits to perform an attack. We analyzed two variants of an IoT botnet named \u00e2\u20ac\u0153Masuta\u00e2\u20ac\u009d where we observed the involvement of a well-known IoT threat actor and discovered a router exploit being weaponized for the first time in a botnet campaign."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a69e86e-d27c-403a-b897-4c5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:23:42.000Z",
"modified": "2018-01-25T14:23:42.000Z",
"pattern": "[url:value = 'http://purenetworks.com/HNAP1/GetDeviceSettings']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-25T14:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69e899-1048-4d87-b715-47f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:24:25.000Z",
"modified": "2018-01-25T14:24:25.000Z",
"first_observed": "2018-01-25T14:24:25Z",
"last_observed": "2018-01-25T14:24:25Z",
"number_observed": 1,
"object_refs": [
"url--5a69e899-1048-4d87-b715-47f002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a69e899-1048-4d87-b715-47f002de0b81",
"value": "http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69e9d9-f204-4cfc-8b59-492e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:29:45.000Z",
"modified": "2018-01-25T14:29:45.000Z",
"first_observed": "2018-01-25T14:29:45Z",
"last_observed": "2018-01-25T14:29:45Z",
"number_observed": 1,
"object_refs": [
"url--5a69e9d9-f204-4cfc-8b59-492e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a69e9d9-f204-4cfc-8b59-492e02de0b81",
"value": "https://www.exploit-db.com/exploits/38722/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a69e9fa-c15c-4663-af99-4d0d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:30:18.000Z",
"modified": "2018-01-25T14:30:18.000Z",
"first_observed": "2018-01-25T14:30:18Z",
"last_observed": "2018-01-25T14:30:18Z",
"number_observed": 1,
"object_refs": [
"url--5a69e9fa-c15c-4663-af99-4d0d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a69e9fa-c15c-4663-af99-4d0d02de0b81",
"value": "https://pastebin.com/WhGBivrU"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a69eb37-ae04-447b-a4ef-401402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:35:35.000Z",
"modified": "2018-01-25T14:35:35.000Z",
"labels": [
"misp:type=\"pattern-in-memory\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pattern-in-memory",
"x_misp_value": "/bin/busybox MASUTA"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a69e390-b5f0-42c1-a638-446502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:03:09.000Z",
"modified": "2018-01-25T14:03:09.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "domain",
"object_relation": "domain",
"value": "nexusiotsolutions.net",
"category": "Network activity",
"to_ids": true,
"uuid": "5a69e390-ee44-4042-a56d-4d4302de0b81"
},
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "nexuszeta1337@gmail.com",
"category": "Attribution",
"to_ids": true,
"uuid": "5a69e391-c430-4537-99fc-4f9e02de0b81"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a69e3c4-c604-4e3a-b1ed-4b1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-25T14:03:48.000Z",
"modified": "2018-01-25T14:03:48.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rrtype",
"value": "A",
"category": "Network activity",
"uuid": "5a69e3c4-df00-4ebd-8214-4f0102de0b81"
},
{
"type": "text",
"object_relation": "rrname",
"value": "93.174.93.63",
"category": "Network activity",
"uuid": "5a69e3c5-6274-4308-99bf-488e02de0b81"
},
{
"type": "text",
"object_relation": "rdata",
"value": "n.cf0.pw",
"category": "Other",
"uuid": "5a69e3c6-1d74-4d92-b433-4a1e02de0b81"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink