adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5bb71d5e-8784-489b-b33f-46e7950d210f.json

201 lines
6.2 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2017-10-16",
"extends_uuid": "",
"info": "OSINT - CoalaBot: http Ddos Bot",
"publish_timestamp": "1540717002",
"published": true,
"threat_level_id": "3",
"timestamp": "1540716975",
"uuid": "5bb71d5e-8784-489b-b33f-46e7950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:tool=\"CoalaBot\"",
"relationship_type": ""
},
{
"colour": "#00bdbd",
"local": "0",
"name": "ecsirt:availability=\"ddos\"",
"relationship_type": ""
},
{
"colour": "#285c00",
"local": "0",
"name": "ddos:type=\"amplification-attack\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538732907",
"to_ids": false,
"type": "text",
"uuid": "5bb71d7e-b968-4998-ac69-4c42950d210f",
"value": "CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)\r\n\r\nI found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds malvertising.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1538732894",
"to_ids": false,
"type": "link",
"uuid": "5bb72389-6444-419d-8c8e-4877950d210f",
"value": "https://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "15",
"timestamp": "1540716844",
"uuid": "5bb727a6-c410-4389-b3c0-4fbf950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1538729894",
"to_ids": true,
"type": "sha1",
"uuid": "5bb727a6-c35c-4ef0-8214-498e950d210f",
"value": "0ff1584eec4fc5c72439d94e8cee922703c44049"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1538729895",
"to_ids": true,
"type": "sha256",
"uuid": "5bb727a7-e830-4435-8bb8-49e8950d210f",
"value": "fd07ad13dbf9da3f7841bc0dbfd303dc18153ad36259d9c6db127b49fa01d08f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1538729900",
"to_ids": true,
"type": "md5",
"uuid": "5bb727ac-7f4c-4787-acc8-4dd8950d210f",
"value": "f3862c311c67cb027a06d4272b680a3b"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1538729904",
"to_ids": false,
"type": "text",
"uuid": "5bb727b0-3d84-4e65-ba6c-479e950d210f",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1540716847",
"uuid": "bbdbeb9e-0530-483d-b1c9-5351a35d1be7",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1540716851",
"to_ids": false,
"type": "datetime",
"uuid": "07e074a4-cebf-4e42-9d97-2424eefe62f3",
"value": "2018-05-19T06:43:56"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1540716852",
"to_ids": false,
"type": "link",
"uuid": "0be6e036-4e69-4a59-8f46-c88815452718",
"value": "https://www.virustotal.com/file/fd07ad13dbf9da3f7841bc0dbfd303dc18153ad36259d9c6db127b49fa01d08f/analysis/1526712236/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1540716852",
"to_ids": false,
"type": "text",
"uuid": "e03a39f8-2e23-436e-be47-81ef153eaed7",
"value": "48/67"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink