misp-circl-feed/feeds/circl/misp/5c37602c-b178-47ea-8f49-45d5950d210f.json

117 lines
3.3 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-01-10",
"extends_uuid": "",
"info": "OSINT - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT",
"publish_timestamp": "1547730923",
"published": true,
"threat_level_id": "3",
"timestamp": "1547727524",
"uuid": "5c37602c-b178-47ea-8f49-45d5950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:threat-actor=\"TA505\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:backdoor=\"ServHelper\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:rat=\"FlawedGrace\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#3b7500",
"name": "circl:incident-classification=\"malware\""
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#00a9ce",
"name": "veris:action:malware:variety=\"Backdoor\""
},
{
"colour": "#440055",
"name": "ms-caro-malware:malware-type=\"RemoteAccess\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547724060",
"to_ids": false,
"type": "link",
"uuid": "5c384678-4750-43e9-b559-4efb950d210f",
"value": "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547724059",
"to_ids": false,
"type": "text",
"uuid": "5c384692-32f8-4871-ad57-477b950d210f",
"value": "Malware researchers discovered two new malware families distributed through phishing campaigns last year carried out by the TA505 cybercriminal group: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).",
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "Network activity",
"comment": "ServHelper's C2 servers:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547196479",
"to_ids": true,
"type": "domain",
"uuid": "5c38583f-9830-47aa-996a-4a7f950d210f",
"value": "dedsolutions.bit"
},
{
"category": "Network activity",
"comment": "ServHelper's C2 servers:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1547196480",
"to_ids": true,
"type": "domain",
"uuid": "5c385840-dea4-410a-a178-4a2c950d210f",
"value": "arepos.bit"
}
]
}
}