2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--eb8ec4e4-ea78-4cf5-80bc-974e765f08df" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:32:25.000Z" ,
"modified" : "2021-03-14T10:32:25.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--eb8ec4e4-ea78-4cf5-80bc-974e765f08df" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:32:25.000Z" ,
"modified" : "2021-03-14T10:32:25.000Z" ,
"name" : "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities" ,
"published" : "2021-03-14T10:32:31Z" ,
"object_refs" : [
"x-misp-attribute--2fd4e42f-f50d-4422-811e-9808d3f25658" ,
"indicator--112dd548-221d-499a-9f1b-10fe689f1ce4" ,
"indicator--758e07fe-3612-4c8d-b45c-bd7868620943" ,
"indicator--5d8b036a-d99e-4b44-a341-c7d1a8d07692" ,
"indicator--4fb975a9-b749-42b9-8d46-ce25b3174ac6" ,
"indicator--d1fe70e7-8ccf-4f94-9855-571ff6b3e54e" ,
"indicator--d851863a-b84b-4e99-ac91-1eb0386036ab" ,
"indicator--7b48d4b6-6368-4a46-8605-5e941c80bf7d" ,
"indicator--6ae59701-6443-44d2-9550-a407d109f510" ,
"indicator--da4e181c-590c-4fcb-8f3d-6cd70186daa7" ,
"indicator--e9830dde-d7b6-42a8-a806-82564d8c0d5c" ,
"indicator--63a255c1-9f2e-41dc-a9b6-015eab1e4f1b" ,
"indicator--a45f063b-affd-4489-bb10-e091ee58707f" ,
"indicator--d67ab090-19b7-41cb-841b-690dc1bf0e1a" ,
"indicator--050c1cb5-5ff0-4b34-812e-619a259e6e3e" ,
"indicator--ea7b3c25-adae-4c5a-8d55-b4315272a12e" ,
"indicator--84084971-53b1-47e6-a40f-72854d499579" ,
"indicator--a9c94953-112b-40b5-93b5-b9e8eaa1877d" ,
"indicator--ccff1409-c0b7-4b82-a7a2-e63916d20641" ,
"indicator--cb5c015c-73fd-4801-987b-7e9604cc215d" ,
"indicator--47823cda-5b8b-4a7c-a99c-774127967a54" ,
"indicator--4ad23c34-2da1-45dc-b227-2d084b1a1a42" ,
"indicator--88f07129-c8af-4365-8cf2-16a5bd950fa0" ,
"indicator--d4f0de17-daa0-4907-a0e0-8fb37337fc3d" ,
"x-misp-object--39474e19-95e7-45d4-968f-91b80f5949db" ,
"x-misp-object--59512712-98b1-4439-bddd-5307480562cc"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--2fd4e42f-f50d-4422-811e-9808d3f25658" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "Imported from STIX header description" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "This STIX file provides indicators of compromise (IOCs) associated with malicious activity reported in Activity Alert, AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities. For more information about this activity, to include detection and mitigation recommendations, see the Activity Alert."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--112dd548-221d-499a-9f1b-10fe689f1ce4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--758e07fe-3612-4c8d-b45c-bd7868620943" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d8b036a-d99e-4b44-a341-c7d1a8d07692" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4fb975a9-b749-42b9-8d46-ce25b3174ac6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d1fe70e7-8ccf-4f94-9855-571ff6b3e54e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d851863a-b84b-4e99-ac91-1eb0386036ab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7b48d4b6-6368-4a46-8605-5e941c80bf7d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ae59701-6443-44d2-9550-a407d109f510" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[file:hashes.SHA256 = '097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da4e181c-590c-4fcb-8f3d-6cd70186daa7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.192.103.43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e9830dde-d7b6-42a8-a806-82564d8c0d5c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.92.205.81']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--63a255c1-9f2e-41dc-a9b6-015eab1e4f1b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.2.69.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a45f063b-affd-4489-bb10-e091ee58707f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.254.43.18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d67ab090-19b7-41cb-841b-690dc1bf0e1a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.56.98.146']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--050c1cb5-5ff0-4b34-812e-619a259e6e3e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.160.69.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ea7b3c25-adae-4c5a-8d55-b4315272a12e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.81.208.169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--84084971-53b1-47e6-a40f-72854d499579" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.250.151.72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a9c94953-112b-40b5-93b5-b9e8eaa1877d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.99.168.251']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ccff1409-c0b7-4b82-a7a2-e63916d20641" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '157.230.221.198']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cb5c015c-73fd-4801-987b-7e9604cc215d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.28.14.163']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--47823cda-5b8b-4a7c-a99c-774127967a54" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.61.246.56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4ad23c34-2da1-45dc-b227-2d084b1a1a42" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.250.191.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--88f07129-c8af-4365-8cf2-16a5bd950fa0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.77.192.219']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d4f0de17-daa0-4907-a0e0-8fb37337fc3d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:46.000Z" ,
"modified" : "2021-03-14T10:30:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.140.114.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2021-03-14T10:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--39474e19-95e7-45d4-968f-91b80f5949db" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:30:47.000Z" ,
"modified" : "2021-03-14T10:30:47.000Z" ,
"labels" : [
"misp:name=\"original-imported-file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "attachment" ,
"object_relation" : "imported-sample" ,
"value" : "AA21-062A.stix.xml" ,
"category" : "External analysis" ,
"uuid" : "56c86ce5-5cdd-4a9f-b783-f10c72f77efd" ,
"data" : " P D 94 b W w g d m V y c 2 l v b j 0 i M S 4 w I i B l b m N v Z G l u Z z 0 i d X R m L T g i I D 8 + D Q o 8 I S 0 t I E d l b m V y Y X R l Z C B i e S B N U E U g M C 40 L j Q g b 24 g M D M v M D M v M j A y M S A t L T 4 N C j x z d G l 4 O l N U S V h f U G F j a 2 F n Z S A N C g l 4 b W x u c z p B Z G R y Z X N z T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j Q W R k c m V z c 0 9 i a m V j d C 0 y I g 0 K C X h t b G 5 z O n N 0 a X h W b 2 N h Y n M 9 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 k Z W Z h d W x 0 X 3 Z v Y 2 F i d W x h c m l l c y 0 x I g 0 K C X h t b G 5 z O n R s c E 1 h c m t p b m c 9 I m h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U T F A t M S I N C g l 4 b W x u c z p G a W x l T 2 J q P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j R m l s Z U 9 i a m V j d C 0 y I g 0 K C X h t b G 5 z O m N 5 Y m 94 V m 9 j Y W J z P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L T I i D Q o J e G 1 s b n M 6 V E 9 V T W F y a 2 l u Z z 0 i a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v Z X h 0 Z W 5 z a W 9 u c y 9 N Y X J r a W 5 n U 3 R y d W N 0 d X J l I 1 R l c m 1 z X 0 9 m X 1 V z Z S 0 x I g 0 K C X h t b G 5 z O n N 0 a X h D b 21 t b 249 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 j b 21 t b 24 t M S I N C g l 4 b W x u c z p p b m R p Y 2 F 0 b 3 I 9 I m h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 J b m R p Y 2 F 0 b 3 I t M i I N C g l 4 b W x u c z p j e W J v e E N v b W 1 v b j 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j b 21 t b 24 t M i I N C g l 4 b W x u c z p z d G l 4 P S J o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v c 3 R p e C 0 x I g 0 K C X h t b G 5 z O m 1 h c m t p b m c 9 I m h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 0 1 h c m t p b m c t M S I N C g l 4 b W x u c z p j e W J v e D 0 i a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 j e W J v e C 0 y I g 0 K C X h t b G 5 z O k N J U 0E9 I m h 0 d H A 6 L y 93 d 3 c u d X M t Y 2 V y d C 5 n b 3 Y v b m N j a W M i D Q o J e G 1 s b n M 6 e G x p b m s 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z E 5 O T k v e G x p b m s i D Q o J e G 1 s b n M 6 Z H M 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D A v M D k v e G 1 s Z H N p Z y M i D Q o J e G 1 s b n M 6 e H M 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I g 0 K C X h t b G 5 z O n h z a T 0 i a H R 0 c D o v L 3 d 3 d y 53 M y 5 v c m c v M j A w M S 9 Y T U x T Y 2 h l b W E t a W 5 z d G F u Y 2 U i D Q o J D Q o J e H N p O n N j a G V t Y U x v Y 2 F 0 a W 9 u P S J o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 29 i a m V j d H M j Q W R k c m V z c 0 9 i a m V j d C 0 y I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 29 i a m V j d H M v Q W R k c m V z c y 8 y L j E v Q W R k c m V z c 19 P Y m p l Y 3 Q u e H N k D Q o J a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 k Z W Z h d W x 0 X 3 Z v Y 2 F i d W x h c m l l c y 8 x L j E u M S 9 z d G l 4 X 2 R l Z m F 1 b H R f d m 9 j Y W J 1 b G F y a W V z L n h z Z A 0 K C W h 0 d H A 6 L y 9 k Y X R h L W 1 h c m t p b m c u b W l 0 c m U u b 3 J n L 2 V 4 d G V u c 2 l v b n M v T W F y a 2 l u Z 1 N 0 c n V j d H V y Z S N U T F A t M S B o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 V 4 d G V u c 2 l v b n M v b W F y a 2 l u Z y 90 b H A v M S 4 x L j E v d G x w X 21 h c m t p b m c u e H N k D Q o J a H R 0 c D o v L 2 N 5 Y m 94 L m 1 p d H J l L m 9 y Z y 9 v Y m p l Y 3 R z I 0 Z p b G V P Y m p l Y 3 Q t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 v Y m p l Y 3 R z L 0 Z p b G U v M i 4 x L 0 Z p b G V f T 2 J q Z W N 0 L n h z Z A 0 K C W h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 k Z W Z h d W x 0 X 3 Z v Y 2 F i d W x h c m l l c y 8 y L j E v Y 3 l i b 3 h f Z G V m Y X V s d F 92 b 2 N h Y n V s Y X J p Z X M u e H N k D Q o J a H R 0 c D o v L 2 R h d G E t b W F y a 2 l u Z y 5 t a X R y Z S 5 v c m c v Z X h 0 Z W 5 z a W 9 u c y 9 N Y X J r a W 5 n U 3 R y d W N 0 d X J l I 1 R l c m 1 z X 0 9 m X 1 V z Z S 0 x I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v Z X h 0 Z W 5 z a W 9 u c y 9 t Y X J r a W 5 n L 3 R l c m 1 z X 29 m X 3 V z Z S 8 x L j A u M S 90 Z X J t c 19 v Z l 91 c 2 V f b W F y a 2 l u Z y 54 c 2 Q N C g l o d H R w O i 8 v c 3 R p e C 5 t a X R y Z S 5 v c m c v Y 29 t b W 9 u L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 21 t b 24 v M S 4 x L j E v c 3 R p e F 9 j b 21 t b 24 u e H N k D Q o J a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 0 l u Z G l j Y X R v c i 0 y I G h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 Y T U x T Y 2 h l b W E v a W 5 k a W N h d G 9 y L z I u M S 4 x L 2 l u Z G l j Y X R v c i 54 c 2 Q N C g l o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 2 N v b W 1 v b i 0 y I G h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v W E 1 M U 2 N o Z W 1 h L 2 N v b W 1 v b i 8 y L j E v Y 3 l i b 3 h f Y 29 t b W 9 u L n h z Z A 0 K C W h 0 d H A 6 L y 9 z d G l 4 L m 1 p d H J l L m 9 y Z y 9 z d G l 4 L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 3 J l L z E u M S 4 x L 3 N 0 a X h f Y 29 y Z S 54 c 2 Q N C g l o d H R w O i 8 v Z G F 0 Y S 1 t Y X J r a W 5 n L m 1 p d H J l L m 9 y Z y 9 N Y X J r a W 5 n L T E g a H R 0 c D o v L 3 N 0 a X g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 k Y X R h X 21 h c m t p b m c v M S 4 x L j E v Z G F 0 Y V 9 t Y X J r a W 5 n L n h z Z A 0 K C W h 0 d H A 6 L y 9 j e W J v e C 5 t a X R y Z S 5 v c m c v Y 3 l i b 3 g t M i B o d H R w O i 8 v Y 3 l i b 3 g u b W l 0 c m U u b 3 J n L 1 h N T F N j a G V t Y S 9 j b 3 J l L z I u M S 9 j e W J v e F 9 j b 3 J l L n h z Z C I g a W Q 9 I k 5 Q R y 0 4 M z k 2 N D Q 1 I i B 2 Z X J z a W 9 u P S I x L j E u M S I g d G l t Z X N 0 Y W 1 w P S I y M D I x L T A z L T A z V D E 5 O j A 3 O j Q 0 I j 4 N C i A g I C A 8 c 3 R p e D p T V E l Y X 0 h l Y W R l c j 4 N C i A g I C A g I C A g P H N 0 a X g 6 V G l 0 b G U + Q U E y M S 0 w N j J B I E 1 p d G l n Y X R l I E 1 p Y 3 J v c 29 m d C B F e G N o Y W 5 n Z S B T Z X J 2 Z X I g V n V s b m V y Y W J p b G l 0 a W V z P C 9 z d G l 4 O l R p d G x l P g 0 K I C A g I C A g I C A 8 c 3 R p e D p Q Y W N r Y W d l X 0 l u d G V u d C B 4 c 2 k 6 d H l w Z T 0 i c 3 R p e F Z v Y 2 F i c z p Q Y W N r Y W d l S W 50 Z W 50 V m 9 j Y W I t M S 4 w I j 5 J b m R p Y 2 F 0 b 3 J z P C 9 z d G l 4 O l B h Y 2 t h Z 2 V f S W 50 Z W 50 P g 0 K I C A g I C A g I C A 8 c 3 R p e D p E Z X N j c m l w d G l v b j 5 U a G l z I F N U S V g g Z m l s Z S B w c m 92 a W R l c y B p b m R p Y 2 F 0 b 3 J z I G 9 m I G N v b X B y b 21 p c 2 U g K E l P Q 3 M p I G F z c 29 j a W F 0 Z W Q g d 2 l 0 a C B t Y W x p Y 2 l v d X M g Y W N 0 a X Z p d H k g c m V w b 3 J 0 Z W Q g a W 4 g Q W N 0 a X Z p d H k g Q W x l c n Q s I E F B M j E t M D Y y Q S B N a X R p Z 2 F 0 Z S B N a W N y b 3 N v Z n Q g R X h j a G F u Z 2 U g U 2 V y d m V y I F Z 1 b G 5 l c m F i a W x p d G l l c y 4 g R m 9 y I G 1 v c m U g a W 5 m b 3 J t Y X R p b 24 g Y W J v d X Q g d G h p c y
} ,
{
"type" : "text" ,
"object_relation" : "format" ,
"value" : "STIX 1.1" ,
"category" : "Other" ,
"uuid" : "cb3a8bd6-df0e-46de-8fdf-517c6cee297d"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "original-imported-file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--59512712-98b1-4439-bddd-5307480562cc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-03-14T10:31:53.000Z" ,
"modified" : "2021-03-14T10:31:53.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://us-cert.cisa.gov/ncas/alerts/aa21-062a" ,
"category" : "External analysis" ,
"uuid" : "59d841ae-a913-410b-b743-0602e5942c9f"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.\r\n\r\nThis Alert includes both tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity. To secure against this threat, CISA recommends organizations examine their systems for the TTPs and use the IOCs to detect any malicious activity. If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert." ,
"category" : "Other" ,
"uuid" : "4561f74e-6aaf-4616-a0c7-7a509868d9c4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
