misp-circl-feed/feeds/circl/misp/c98a638f-29c5-4233-a283-34ddbcc40be4.json

174 lines
39 KiB
JSON
Raw Normal View History

2023-12-14 13:47:04 +00:00
{
"type": "bundle",
"id": "bundle--c98a638f-29c5-4233-a283-34ddbcc40be4",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-06T14:16:37.000Z",
"modified": "2023-12-06T14:16:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--c98a638f-29c5-4233-a283-34ddbcc40be4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-06T14:16:37.000Z",
"modified": "2023-12-06T14:16:37.000Z",
"name": "AA23-339A Threat Actors Exploit Adobe ColdFusion CVE- 2023-26360 for Initial Access to Government Servers",
"published": "2023-12-06T14:16:50Z",
"object_refs": [
"indicator--e10f5ebe-8c4d-4ec9-8a17-63e07348efa5",
"indicator--d267f6c6-a29b-47f6-8646-84496be09fa6",
"indicator--2c455592-2569-4ca6-b6e1-a7ac9dd2745e",
"x-misp-object--c09384c7-640e-4779-910e-9de0fe0fa00b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:stix-2.1-attack-pattern=\"f0a904f4-b3f5-4e42-b565-418dc6932d44\"",
"misp-galaxy:stix-2.1-attack-pattern=\"e8b9ef62-f34a-4d8c-8095-196c7e6f607d\"",
"misp-galaxy:stix-2.1-attack-pattern=\"84783d50-c513-428f-b288-17b4bd24821b\"",
"misp-galaxy:stix-2.1-attack-pattern=\"2d41cc0d-be1b-47e5-8491-ada86f624ec4\"",
"misp-galaxy:stix-2.1-attack-pattern=\"a1fe1a1c-ae50-4812-a064-dbec116d1fc3\"",
"misp-galaxy:stix-2.1-attack-pattern=\"4ff7e674-9bdb-43bf-bce4-406351ac1188\"",
"misp-galaxy:stix-2.1-attack-pattern=\"4c312255-f721-4a07-b49a-006387d79a2d\"",
"misp-galaxy:stix-2.1-attack-pattern=\"7a388102-a1e3-4f69-99a0-23d4d2344312\"",
"misp-galaxy:stix-2.1-attack-pattern=\"23a9ad16-95c1-4b7d-98b8-049fdd9ef8b2\"",
"misp-galaxy:stix-2.1-attack-pattern=\"75868d94-271e-4dac-8885-b51843a4c9d4\"",
"misp-galaxy:stix-2.1-attack-pattern=\"2fd37eac-035a-48f7-83da-cefa8937d859\"",
"misp-galaxy:stix-2.1-attack-pattern=\"be2cdeb0-048c-4aa2-8cee-0dba9687e975\"",
"misp-galaxy:stix-2.1-attack-pattern=\"d6d7c433-a139-43b7-9f6c-8cc6e97b8a72\"",
"misp-galaxy:stix-2.1-attack-pattern=\"c31d692e-0be1-4678-abf0-2e64dfb24890\"",
"misp-galaxy:stix-2.1-attack-pattern=\"a6c90d18-9b9d-4bdf-9cfa-b0abb5889f86\"",
"misp-galaxy:stix-2.1-attack-pattern=\"f8695dd5-3fa7-40c8-941f-ee8f7d8d0080\"",
"misp-galaxy:stix-2.1-attack-pattern=\"9a9fd346-3ca7-42ee-874b-ba706dbdcb03\"",
"misp-galaxy:stix-2.1-attack-pattern=\"22b606d1-33c8-4182-9ad1-9d5c7fbd7daf\"",
"misp-galaxy:stix-2.1-attack-pattern=\"96115b0f-f094-4ae6-bad4-e5a6715f48e0\"",
"misp-galaxy:stix-2.1-attack-pattern=\"9c44b26b-ebfa-402b-bf16-10fe3551bbc7\"",
"misp-galaxy:stix-2.1-attack-pattern=\"11d0fed1-9205-4d0f-85e5-d8b76cc3b3c1\"",
"misp-galaxy:stix-2.1-attack-pattern=\"351cb297-4ddc-4ee1-8e65-40b054834106\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e10f5ebe-8c4d-4ec9-8a17-63e07348efa5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T21:01:50.000Z",
"modified": "2023-12-04T21:01:50.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.227.50.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-06-02T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d267f6c6-a29b-47f6-8646-84496be09fa6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T21:01:50.000Z",
"modified": "2023-12-04T21:01:50.000Z",
"pattern": "[file:hashes.SHA1 = 'be332b6e2e2ed9e1e57d8aafa0c00aa77d4b8656' AND file:name = 'fscan.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-06-02T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c455592-2569-4ca6-b6e1-a7ac9dd2745e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-04T21:01:50.000Z",
"modified": "2023-12-04T21:01:50.000Z",
"pattern": "[file:hashes.MD5 = 'ba69669818ef9ccec174d647a8021a7b' AND file:hashes.SHA1 = 'b6818d2d5cbd902ce23461f24fc47e24937250e6' AND file:hashes.SHA256 = 'a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd178bc806e1773c864' AND file:name = 'eee.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-06-02T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c09384c7-640e-4779-910e-9de0fe0fa00b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-06T11:03:50.000Z",
"modified": "2023-12-06T11:03:50.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "AA23-339A-Threat-Actors-Exploit-Adobe-ColdFusion-CVE-2023-26360-for-Initial-Access-to-Government-Servers.stix_.json",
"category": "External analysis",
"uuid": "a7af729f-85da-48ee-8848-0f18febd2ddc",
"data": "ewogICAgInR5cGUiOiAiYnVuZGxlIiwKICAgICJpZCI6ICJidW5kbGUtLTZiMjc5M2FjLTA4MTItNDhhZC1hOGQ1LWYyNzA4ODE5ZTIzYSIsCiAgICAib2JqZWN0cyI6IFsKICAgICAgICB7CiAgICAgICAgICAgICJpZCI6ICJsb2NhdGlvbi0tYTdhODg5ZTctOTc3YS00NDAwLWE1YzQtOTUxN2FlZmNjNmY5IiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAidHlwZSI6ICJsb2NhdGlvbiIsCiAgICAgICAgICAgICJjb3VudHJ5IjogIlVTIiwKICAgICAgICAgICAgImFkbWluaXN0cmF0aXZlX2FyZWEiOiAiVVMtREMiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTEyLTA0VDIxOjAxOjUwLjAwMFoiLAogICAgICAgICAgICAibW9kaWZpZWQiOiAiMjAyMy0xMi0wNFQyMTowMTo1MC4wMDBaIiwKICAgICAgICAgICAgImNyZWF0ZWRfYnlfcmVmIjogImlkZW50aXR5LS1iM2JjYTNjMi0xZjNkLTRiNTQtYjQ0Zi1kYWM0MmMzYThmMDEiLAogICAgICAgICAgICAib2JqZWN0X21hcmtpbmdfcmVmcyI6IFsKICAgICAgICAgICAgICAgICJtYXJraW5nLWRlZmluaXRpb24tLTQ3OTA4MWM4LTNhNjAtNGViOC1iNDEwLTk2YTMwZjM5NWRlZiIsCiAgICAgICAgICAgICAgICAibWFya2luZy1kZWZpbml0aW9uLS02MTNmMmUyNi00MDdkLTQ4YzctOWVjYS1iOGU5MWRmOTlkYzkiCiAgICAgICAgICAgIF0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgInR5cGUiOiAibWFya2luZy1kZWZpbml0aW9uIiwKICAgICAgICAgICAgInNwZWNfdmVyc2lvbiI6ICIyLjEiLAogICAgICAgICAgICAiaWQiOiAibWFya2luZy1kZWZpbml0aW9uLS00NzkwODFjOC0zYTYwLTRlYjgtYjQxMC05NmEzMGYzOTVkZWYiLAogICAgICAgICAgICAiY3JlYXRlZCI6ICIyMDIzLTAzLTAyVDE2OjQ4OjU3Ljk1OVoiLAogICAgICAgICAgICAiZXh0ZW5zaW9ucyI6IHsKICAgICAgICAgICAgICAgICJleHRlbnNpb24tZGVmaW5pdGlvbi0tM2E2NTg4NGQtMDA1YS00MjkwLTgzMzUtY2IyZDc3OGE4M2NlIjogewogICAgICAgICAgICAgICAgICAgICJleHRlbnNpb25fdHlwZSI6ICJwcm9wZXJ0eS1leHRlbnNpb24iLAogICAgICAgICAgICAgICAgICAgICJpZGVudGlmaWVyIjogImlzYTpndWlkZS4xOTAwMS5BQ1MzLTllMGNkNTBlLTZlZmMtNDViMy04YTNkLWI2Mzc2NTQxYzljNSIsCiAgICAgICAgICAgICAgICAgICAgImNyZWF0ZV9kYXRlX3RpbWUiOiAiMjAyMy0wMy0wMlQxNjo0ODo1Ny45NTlaIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X2N1c3RvZGlhbiI6ICJVU0EuREhTLk5DQ0lDIiwKICAgICAgICAgICAgICAgICAgICAicmVzcG9uc2libGVfZW50aXR5X29yaWdpbmF0b3IiOiAiVVNBLkRIUy5OQ0NJQyIsCiAgICAgICAgICAgICAgICAgICAgInBvbGljeV9yZWZlcmVuY2UiOiAidXJuOmlzYTpwb2xpY3k6YWNzOm5zOnYzLjA/cHJpdmRlZmF1bHQ9ZGVueSZzaGFyZWRlZmF1bHQ9cGVybWl0IiwKICAgICAgICAgICAgICAgICAgICAiY29udHJvbF9zZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJjbGFzc2lmaWNhdGlvbiI6ICJVIiwKICAgICAgICAgICAgICAgICAgICAgICAgImZvcm1hbF9kZXRlcm1pbmF0aW9uIjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIklORk9STUFUSU9OLURJUkVDVExZLVJFTEFURUQtVE8tQ1lCRVJTRUNVUklUWS1USFJFQVQiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIlBVQlJFTCIKICAgICAgICAgICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgICAgImF1dGhvcml0eV9yZWZlcmVuY2UiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cm46aXNhOmF1dGhvcml0eTphaXMiCiAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAiYWNjZXNzX3ByaXZpbGVnZSI6IFsKICAgICAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInByaXZpbGVnZV9hY3Rpb24iOiAiQ0lTQVVTRVMiLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgInJ1bGVfZWZmZWN0IjogInBlcm1pdCIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicHJpdmlsZWdlX3Njb3BlIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJlbnRpdHkiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX25hdGlvbmFsaXRpZXMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAicGVybWl0dGVkX29yZ2FuaXphdGlvbnMiOiBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJBTEwiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAic2hhcmVhYmlsaXR5IjogWwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUxMIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0sCiAgICAgICAgewogICAgICAgICAgICAiaWQiOiAiYXR0YWNrLXBhdHRlcm4tLWYwYTkwNGY0LWIzZjUtNGU0Mi1iNTY1LTQxOGRjNjkzMmQ0NCIsCiAgICAgICAgICAgICJ0eXBlIjogImF0dGFjay1wYXR0ZXJuIiwKICAgICAgICAgICAgImNyZWF0ZWQiOiAiMjAyMy0xMi0wNFQyMTowMTo1MC4wMDBaIiwKICAgICAgICAgICAgIm1vZGlmaWVkIjogIjIwMjMtMTItMDRUMjE6MDE6NTAuMDAwWiIsCiAgICAgICAgICAgICJzcGVjX3ZlcnNpb2
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 2.1",
"category": "Other",
"uuid": "ef359ef2-81cf-46da-94b5-43f804854632"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}