misp-circl-feed/feeds/circl/misp/5e27f3d8-e238-4290-8b2c-422e950d210f.json

796 lines
26 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-01-22",
"extends_uuid": "",
"info": "Muhstik Botnet Attacks Tomato Routers",
"publish_timestamp": "1579684468",
"published": true,
"threat_level_id": "2",
"timestamp": "1579678870",
"uuid": "5e27f3d8-e238-4290-8b2c-422e950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#0088cc",
"name": "misp-galaxy:botnet=\"Muhstik\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:malpedia=\"Tsunami (ELF)\""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676721",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e27f431-6074-4393-8d36-4643950d210f",
"value": "46.149.233.35"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e27f432-029c-415b-b8f7-4884950d210f",
"value": "68.66.253.100"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e27f432-268c-444b-b628-4a10950d210f",
"value": "185.61.149.22"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "url",
"uuid": "5e27f432-0558-4d1c-a3aa-444a950d210f",
"value": "http://y.fd6fq54s6df541q23sdxfg.eu/nvr"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "url",
"uuid": "5e27f432-b7b8-4264-af32-43e6950d210f",
"value": "http://159.89.156.190/.y/pty1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "url",
"uuid": "5e27f432-6fb4-4896-a5a4-4ec5950d210f",
"value": "http://159.89.156.190/.y/pty3"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "url",
"uuid": "5e27f432-f41c-4b03-b2e8-4854950d210f",
"value": "http://159.89.156.190/.y/pty5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "url",
"uuid": "5e27f432-cd80-4a00-9121-4536950d210f",
"value": "http://159.89.156.190/.y/pty6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676722",
"to_ids": true,
"type": "hostname",
"uuid": "5e27f432-f3fc-4a5b-b104-40a3950d210f",
"value": "s.shadow.mods.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-9754-44e2-8360-49a1950d210f",
"value": "492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-f6b8-4a7f-aac6-4a66950d210f",
"value": "2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-b2dc-430c-a7e2-4e01950d210f",
"value": "a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-ded0-4a34-b6c6-47c9950d210f",
"value": "7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-4ab0-485f-930d-4fb5950d210f",
"value": "72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-ec38-4063-94da-4e10950d210f",
"value": "cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "5e27f454-b2e4-4773-a425-4766950d210f",
"value": "dc52a1193ecf6096192f771ae663de6e0389840cb5ceb7b979091333ce6f7f02"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579677461",
"to_ids": false,
"type": "link",
"uuid": "5e27f61d-4a0c-426c-b827-42f1950d210f",
"value": "https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/",
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1579677913",
"uuid": "ca140315-88e6-4fa3-913c-6d3b95cb2014",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ca140315-88e6-4fa3-913c-6d3b95cb2014",
"referenced_uuid": "e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
"relationship_type": "analysed-with",
"timestamp": "1579677928",
"uuid": "5e27f8e8-7b1c-4b69-a459-42d1950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1579676756",
"to_ids": true,
"type": "md5",
"uuid": "841dac8f-c06c-442a-a4e8-4276e1c4baca",
"value": "2d8a62b8a27e14f741098fe1ced8eae4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha1",
"uuid": "ab05c7fe-a7ee-4208-9562-c09a5ab3c74c",
"value": "e9a8aebc6822f01199ff311b94641044c4a38dd3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "cbdee7a7-4828-401f-a28d-d63ef6b484b8",
"value": "492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1579677926",
"uuid": "e9108fdc-2a51-4bcb-bf26-d96fc21ff641",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1579676756",
"to_ids": false,
"type": "datetime",
"uuid": "08464849-dffa-4bfe-981b-c6ac353080c5",
"value": "2020-01-22T02:13:52"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1579676756",
"to_ids": false,
"type": "link",
"uuid": "62282ccb-bfe8-4f86-9345-c1ed07e2c6b3",
"value": "https://www.virustotal.com/file/492780a9ac9f03305538b360d8a836c038da4920e8c1ae620988b120613c0b1f/analysis/1579659232/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1579676756",
"to_ids": false,
"type": "text",
"uuid": "b2164fbc-0292-4439-9a3f-556c2873ed7f",
"value": "32/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1579677926",
"uuid": "ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "ff1fbce4-7021-46b8-bc3b-5626cf7558a4",
"referenced_uuid": "59005259-d99c-4501-b679-27cc1352be06",
"relationship_type": "analysed-with",
"timestamp": "1579677928",
"uuid": "5e27f8e8-1b44-4ded-be6c-4012950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1579676756",
"to_ids": true,
"type": "md5",
"uuid": "4d650fae-6576-461f-8f2f-a24bc4e931f0",
"value": "8154ace62f0dcf7c47447153746c4be5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha1",
"uuid": "63e33802-7547-40e7-b476-b14de144a6ad",
"value": "6c9f004c977d3ce1ebda3b6e50313556f977d654"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "f1545d46-b106-43c6-9ddf-e12b7c463861",
"value": "a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1579677926",
"uuid": "59005259-d99c-4501-b679-27cc1352be06",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1579676756",
"to_ids": false,
"type": "datetime",
"uuid": "62de76cd-7eeb-4c9b-bf8e-917137803cd6",
"value": "2020-01-22T02:11:30"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1579676756",
"to_ids": false,
"type": "link",
"uuid": "6858ce27-5914-41ea-a246-40cfdc33e04a",
"value": "https://www.virustotal.com/file/a4ba50129408f9f52ddabe5bfd5bfb46aea0ca48fb616f495f2610b2f1729687/analysis/1579659090/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1579676756",
"to_ids": false,
"type": "text",
"uuid": "9089e013-f176-4f78-a05e-8624247c7115",
"value": "32/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1579677927",
"uuid": "d0e82d91-4339-424a-9b54-4b665bec0acd",
"ObjectReference": [
{
"comment": "",
"object_uuid": "d0e82d91-4339-424a-9b54-4b665bec0acd",
"referenced_uuid": "0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
"relationship_type": "analysed-with",
"timestamp": "1579677928",
"uuid": "5e27f8e8-4cdc-4201-b2f3-4e29950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1579676756",
"to_ids": true,
"type": "md5",
"uuid": "4302de46-edb9-4acf-8e7b-ac3c76754eb5",
"value": "167c2f5e0d6abe5b9b35348fd0269928"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha1",
"uuid": "7211f48d-b2b0-43c7-864c-e8165c722aff",
"value": "7914fb8e72e6a7a57998f8b7817c2508ce9ec865"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "a66a7987-142f-4390-85a8-ede2d81e54be",
"value": "7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1579677927",
"uuid": "0cb1df1f-6f48-4c96-b8b4-d1f852c7e97b",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1579676756",
"to_ids": false,
"type": "datetime",
"uuid": "ee761208-581a-463f-bd07-a6a16db38a4f",
"value": "2020-01-22T02:14:04"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1579676756",
"to_ids": false,
"type": "link",
"uuid": "fa0222dd-230a-4c6d-9ac8-4f382cd21ef9",
"value": "https://www.virustotal.com/file/7325742dc0d939542d4c04ae2ae8f2792711203de50d3d16de3a9f83baaf5435/analysis/1579659244/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1579676756",
"to_ids": false,
"type": "text",
"uuid": "55ee0b95-4cb9-4805-8669-e8766e01ceb2",
"value": "34/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1579677927",
"uuid": "7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7751dc85-88e3-4c9b-97c9-ebfdedb1ad56",
"referenced_uuid": "fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
"relationship_type": "analysed-with",
"timestamp": "1579677928",
"uuid": "5e27f8e8-7a84-4c94-be85-49a8950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1579676756",
"to_ids": true,
"type": "md5",
"uuid": "6ea29b48-7a86-4d10-b675-c6a76941bb46",
"value": "a3e3809eb10bae7d19787f6c52d2b289"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha1",
"uuid": "f2b296e3-e879-4776-ba87-bd6f04d8f71e",
"value": "00e4457de90df173b51757fcf120bc31ce16040e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "6b5f4b97-bde1-4746-8401-d5d585c74522",
"value": "72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1579677927",
"uuid": "fbe12b3c-849a-4b2e-8ef8-7fa83af759fe",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1579676756",
"to_ids": false,
"type": "datetime",
"uuid": "5d6040e0-a8c8-44e4-ac5e-8f7ca6fd856a",
"value": "2020-01-22T02:12:09"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1579676756",
"to_ids": false,
"type": "link",
"uuid": "a1431de8-5639-40e8-b902-f7f51a47c035",
"value": "https://www.virustotal.com/file/72123c51bcdf8c1784654d9e2470e69131872407408aa3cf775ea0ace87bb9a0/analysis/1579659129/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1579676756",
"to_ids": false,
"type": "text",
"uuid": "0abc5f32-ac9a-435d-9ae4-3f26fc75c0bf",
"value": "32/57"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1579677927",
"uuid": "bd930756-f6fa-414c-ab91-40111e80a4c7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "bd930756-f6fa-414c-ab91-40111e80a4c7",
"referenced_uuid": "b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
"relationship_type": "analysed-with",
"timestamp": "1579677928",
"uuid": "5e27f8e8-b614-45cd-80f3-4f95950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1579676756",
"to_ids": true,
"type": "md5",
"uuid": "70153d72-c7d2-4630-9410-dca6c537ac66",
"value": "b66fbdec14a7f7b0087aebb9c176ac12"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha1",
"uuid": "56dc42e2-d589-4dcf-868f-c98ac64d81e2",
"value": "0c6484d5bc91a75cb0d94a55795d543c409b3fb8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1579676756",
"to_ids": true,
"type": "sha256",
"uuid": "31c4c70c-8dd5-48fd-b840-0f77d9fe625d",
"value": "cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1579677928",
"uuid": "b9d8b1eb-c098-4e3a-af07-cd37c40d345a",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1579676756",
"to_ids": false,
"type": "datetime",
"uuid": "ce51439d-924b-4d65-b570-88a97c546fdc",
"value": "2020-01-22T02:12:56"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1579676756",
"to_ids": false,
"type": "link",
"uuid": "d5f26a7b-7151-43d4-91d3-03f7456f886b",
"value": "https://www.virustotal.com/file/cee20e79f20d35b95645f0cbda1897302e6e554c50f3e6754ce9293e3c1ba11c/analysis/1579659176/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1579676756",
"to_ids": false,
"type": "text",
"uuid": "b2de9ec0-3be3-462b-9250-e457f57ba795",
"value": "32/57"
}
]
}
]
}
}