misp-circl-feed/feeds/circl/misp/5d9afc7d-4f88-4174-a116-4830950d210f.json

{"Event": {"info": "SUPPLY CHAIN ATTACKS", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Wmiexec\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"MimiKatz\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-tool=\"Mimikatz\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-tool=\"Mimikatz - S0002\""}, {"colour": "#064800", "exportable": true, "name": "misp-galaxy:tool=\"Mimikatz\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"CertMig\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Netscan\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"ProcDump\""}, {"colour": "#002b4a", "exportable": true, "name": "osint:source-type=\"technical-report\""}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}], "publish_timestamp": "0", "timestamp": "1570699283", "analysis": "0", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5d9b0246-4750-446e-8080-4e5b950d210f", "timestamp": "1570439750", "to_ids": false, "value": "alerttcpanyany->anyany(msg:\"Non-StdTCPClientTrafficcontains'HX1|3a|''HX2|3a|''HX3|3a|''HX4|3a|'(PLUGXVariant)\";sid:XX;rev:1;flow:established,to_server;content:\"Accept|3a202a2f2a|\";nocase;content:\"HX1|3a|\";distance:0;within:6;fast_pattern;content:\"HX2|3a|\";nocase;distance:0;content:\"HX3|3a|\";nocase;distance:0;content:\"HX4|3a|\";nocase;distance:0;classtype:nonstd-tcp;priority:X;)", "disable_correlation": false, "object_relation": null, "type": "snort"}, {"comment": "", "category": "Network activity", "uuid": "5d9b051f-6318-4fb2-917e-4500950d210f", "timestamp": "1570440479", "to_ids": false, "value": "alerttcpanyany->anyany(msg:\"Non-StdTCPClientTrafficcontains'X-Session|3a|''X-Status|3a|''X-Size|3a|''X-Sn|3a|'(PLUGX)\";sid:XX;rev:1;flow:established,to_server;content:\"X-Session|3a|\";nocase;fast_pattern;content:\"X-Status|3a|\";nocase;distance:0;content:\"X-Size|3a|\";nocase;distance:0;content:\"X-Sn|3a|\";nocase;distance:0;classtype:nonstd-tcp;priority:X;)", "disable_correlation": false, "object_relation": null, "type": "snort"}, {"comment": "", "category": "Network activity", "uuid": "5d9b0aad-4e08-4cf3-9eff-44c0950d210f", "timestamp": "1570441901", "to_ids": false, "value": "alerttcpanyany->anyany(msg:\"Non-StdTCPClientTrafficcontains'MJ1X|3a|''MJ2X|3a|''MJ3X|3a|''MJ4X|3a|'(PLUGXVariant)\";sid:XX;rev:1;flow:established,to_server;content:\"MJ1X|3a|\";nocase;fast_pattern;content:\"MJ2X|3a|\";nocase;distance:0;content:\"MJ3X|3a|\";nocase;distance:0;content:\"MJ4X|3a|\";nocase;distance:0;classtype:nonstd-tcp;priority:X;)", "disable_correlat