misp-circl-feed/feeds/circl/misp/e3b6b6a1-fe4a-4475-948b-fe763b7254a4.json

333 lines
11 KiB
JSON
Raw Normal View History

2023-12-14 13:47:04 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2023-09-11",
"extends_uuid": "",
"info": "Spyware Telegram mod distributed via Google Play - Evil Telegram doppelganger attacks Chinese users",
"publish_timestamp": "1694415526",
"published": true,
"threat_level_id": "3",
"timestamp": "1694415518",
"uuid": "e3b6b6a1-fe4a-4475-948b-fe763b7254a4",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:target-information=\"China\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1565\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "83aadc2b-44f4-4738-8f78-098e41255d4a",
"value": "39df26099caf5d5edf264801a486e4ee"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "12bcd121-7b31-4adf-9562-c745a9aba991",
"value": "b9e9a29229a10deecc104654cb7c71ae"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "a5dac10b-60b8-450d-8242-848b4c3b4eb5",
"value": "e0dab7efb9cea5b6a010c8c5fee1a285"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "b3da79d0-621c-42cc-8c6a-058e9937714f",
"value": "efcbcd6a2166745153c329fd2d486b3a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "75bbf299-9426-410a-bdba-d62e0b4b83bb",
"value": "8e878695aab7ab16e38265c3a5f17970"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "c4e4d6d6-bea5-4bf2-b778-a3b8378dac28",
"value": "65377fa1d86351c7bd353b51f68f6b80"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "e26db0bf-8249-4eea-a5d2-a849cfd4bf9b",
"value": "19f927386a03ce8d2866879513f37ea0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "10adc0e7-32f1-4fad-b078-41aaca610978",
"value": "a0e197b9c359b89e48c3f0c01af21713"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414890",
"to_ids": true,
"type": "md5",
"uuid": "d8a7cf9f-2216-4ea5-851e-496eac78deab",
"value": "c7a8c3c78ac973785f700c537fbfcb00"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1694414919",
"to_ids": true,
"type": "hostname",
"uuid": "5b3ee997-0541-4199-98ce-e05e64730321",
"value": "sg.telegrnm.org"
}
],
"Object": [
{
"comment": "sg.telegrnm.org: Enriched via the farsight_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
"first_seen": "2023-02-12T15:26:41+00:00",
"last_seen": "2023-09-10T14:33:58+00:00",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "5",
"timestamp": "1694414969",
"uuid": "1b6a0b6f-1365-44ef-ba5c-9f8af907febe",
"ObjectReference": [
{
"comment": "",
"object_uuid": "1b6a0b6f-1365-44ef-ba5c-9f8af907febe",
"referenced_uuid": "5b3ee997-0541-4199-98ce-e05e64730321",
2023-12-14 13:47:04 +00:00
"relationship_type": "related-to",
2023-12-14 14:30:15 +00:00
"timestamp": "1694414969",
"uuid": "1892f452-f450-4d1b-be73-bf6c71393e1d"
}
],
"Attribute": [
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1694414969",
"to_ids": false,
"type": "text",
"uuid": "bff0d874-84e6-432a-be38-8caa68d8250d",
"value": "103.148.186.32"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1694414969",
"to_ids": false,
"type": "counter",
"uuid": "6f25b86b-91d2-4ad7-be11-ecad7993bb50",
"value": "258"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1694414969",
"to_ids": false,
"type": "datetime",
"uuid": "0c4e545a-1695-4bea-9aed-001f6a7255f1",
"value": "2023-02-12T15:26:41+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1694414969",
"to_ids": false,
"type": "datetime",
"uuid": "b79c91e3-4825-4e5b-bdde-060687684499",
"value": "2023-09-10T14:33:58+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1694414969",
"to_ids": false,
"type": "text",
"uuid": "a28c90a5-20c1-4b5d-808d-5eead02d25c9",
"value": "sg.telegrnm.org."
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1694414969",
"to_ids": false,
"type": "text",
"uuid": "e5828613-c8cb-458b-8e6b-49252371b86d",
"value": "A"
},
{
"category": "Network activity",
"comment": "Result from a rrset lookup on DNSDB about the hostname: sg.telegrnm.org",
"deleted": false,
"disable_correlation": true,
"object_relation": "bailiwick",
"timestamp": "1694414969",
"to_ids": true,
"type": "domain",
"uuid": "ff8f605a-8398-4743-9c1b-0d130dfb14fc",
"value": "telegrnm.org"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1694415447",
"uuid": "b390191c-a16c-415c-ba31-78a2c2a698bf",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1694415447",
"to_ids": false,
"type": "link",
"uuid": "3306d70b-3806-4926-ad3d-643238f9fec8",
"value": "https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1694415447",
"to_ids": false,
"type": "text",
"uuid": "97ecae7a-4806-490b-b674-e2b561a1793a",
"value": "Evil Telegram doppelganger attacks Chinese users"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1694415447",
"to_ids": false,
"type": "text",
"uuid": "19fbec9f-5913-486b-bfc5-a00fad5ae39c",
"value": "Blog"
}
]
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-12-14 13:47:04 +00:00
}