misp-circl-feed/feeds/circl/misp/5d7dba44-67d4-4fad-b919-4c2d950d210f.json

129 lines
3.7 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2019-09-15",
"extends_uuid": "",
"info": "On-memory post exploit payloads from encoded binary",
"publish_timestamp": "1568643213",
"published": true,
"threat_level_id": "2",
"timestamp": "1568643188",
"uuid": "5d7dba44-67d4-4fad-b919-4c2d950d210f",
"Orgc": {
"name": "MalwareMustDie",
"uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#380046",
"local": "0",
"name": "ms-caro-malware:malware-type=\"HackTool\"",
"relationship_type": ""
},
{
"colour": "#ffc100",
"local": "0",
"name": "poshc2 beacon",
"relationship_type": ""
},
{
"colour": "#c1e21c",
"local": "0",
"name": " C2",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:course-of-action=\"PowerShell Mitigation\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:course-of-action=\"Network Sniffing Mitigation\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:course-of-action=\"Credential Dumping Mitigation\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Internal reference",
"comment": "Threat analysis report and analysis screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568520892",
"to_ids": false,
"type": "link",
"uuid": "5d7dbabc-3ef8-4eb1-9500-448e950d210f",
"value": "https://imgur.com/a/k60b8pm"
},
{
"category": "Network activity",
"comment": "The attacker C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568520952",
"to_ids": true,
"type": "ip-dst",
"uuid": "5d7dbaf8-3e4c-4334-a278-403c950d210f",
"value": "154.121.50.129"
},
{
"category": "Network activity",
"comment": "The attacker C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568520989",
"to_ids": true,
"type": "hostname",
"uuid": "5d7dbb1d-a2ec-4534-9e0b-48f0950d210f",
"value": "amazon34.duckdns.org"
},
{
"category": "Payload delivery",
"comment": "The post exploitation outbound traffic for attack initiation (beacon and reverse HTTP)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568521103",
"to_ids": false,
"type": "url",
"uuid": "5d7dbb8f-210c-4f25-86d9-4e5c950d210f",
"value": "https://pastebin.com/Pgi3pMgj"
},
{
"category": "Payload delivery",
"comment": "The post exploitation outbound traffic for attack initiation (beacon and reverse HTTP)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568521103",
"to_ids": false,
"type": "url",
"uuid": "5d7dbb8f-2dec-4875-b15d-4f31950d210f",
"value": "https://pastebin.com/SAQRkmef"
},
{
"category": "Network activity",
"comment": "The attacker C2's network AS Number",
"deleted": false,
"disable_correlation": false,
"timestamp": "1568521195",
"to_ids": false,
"type": "AS",
"uuid": "5d7dbbeb-9aa0-4209-beda-4a70950d210f",
"value": "AS327712"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}