adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5e6f46d6-d104-4a35-83e7-965402de0b81.json

353 lines
540 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2020-03-16",
"extends_uuid": "",
"info": "OSINT - new sample of operation lagtime TA428",
"publish_timestamp": "1584352304",
"published": true,
"threat_level_id": "3",
"timestamp": "1584352112",
"uuid": "5e6f46d6-d104-4a35-83e7-965402de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:threat-actor=\"TA428\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584351009",
"to_ids": true,
"type": "md5",
"uuid": "5e6f4721-d150-4db7-9efb-6b9402de0b81",
"value": "08ebd6388b1194ca824199da49ff5769"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584351051",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e6f474b-9a14-4d6d-8a2c-98c202de0b81",
"value": "103.249.87.72"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584351069",
"to_ids": false,
"type": "link",
"uuid": "5e6f475d-d114-450e-9c53-6b9502de0b81",
"value": "https://app.any.run/tasks/8937295d-ea36-4398-96bd-20e7f3b193cb/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584351148",
"to_ids": false,
"type": "vulnerability",
"uuid": "5e6f47ac-cd60-4de4-8bbf-4b9e02de0b81",
"value": "CVE-2017-11882"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1584352112",
"uuid": "04a60462-7d93-465f-9136-a3f7d2345c1b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "04a60462-7d93-465f-9136-a3f7d2345c1b",
"referenced_uuid": "7448e7a5-3ee5-48cc-9e6e-4a6531d66e24",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584351018",
"uuid": "5e6f472a-3364-4af8-a99e-72fa02de0b81"
},
{
"comment": "",
"object_uuid": "04a60462-7d93-465f-9136-a3f7d2345c1b",
"referenced_uuid": "5e6f47ac-cd60-4de4-8bbf-4b9e02de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "abuses",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584352080",
"uuid": "5e6f4b50-9648-4e2b-808b-700f02de0b81"
},
{
"comment": "",
"object_uuid": "04a60462-7d93-465f-9136-a3f7d2345c1b",
"referenced_uuid": "5e6f4721-d150-4db7-9efb-6b9402de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "same-as",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584352111",
"uuid": "5e6f4b6f-e440-4a33-879b-700f02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1584351009",
"to_ids": true,
"type": "md5",
"uuid": "9a6f229c-aba1-411b-b884-395247bc0a54",
"value": "08ebd6388b1194ca824199da49ff5769"
},
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1584351009",
"to_ids": true,
"type": "sha1",
"uuid": "99f07b06-8768-4c91-8a01-610437f2a61c",
"value": "0d2fbb6ab0fb1d736a867e51bcd6aff1d7e7c890"
},
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1584351009",
"to_ids": true,
"type": "sha256",
"uuid": "9d811ebb-6ea8-42e3-a132-108a29be5e9f",
"value": "b7bebe92a5802aa922e5719c948e35716f908e67701cfffaeebfcadc7a6e650a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1584351018",
"uuid": "7448e7a5-3ee5-48cc-9e6e-4a6531d66e24",
"Attribute": [
{
"category": "Other",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1584351009",
"to_ids": false,
"type": "datetime",
"uuid": "b64a5648-777d-48ef-940a-259e8ddca702",
"value": "2020-03-13T05:08:55+00:00"
},
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1584351009",
"to_ids": false,
"type": "link",
"uuid": "45101ff7-1e2a-4871-9d77-450d73b748c6",
"value": "https://www.virustotal.com/file/b7bebe92a5802aa922e5719c948e35716f908e67701cfffaeebfcadc7a6e650a/analysis/1584076135/"
},
{
"category": "Payload delivery",
"comment": "rtf royal road",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1584351009",
"to_ids": false,
"type": "text",
"uuid": "0d9d6de4-8d01-4de8-be6f-9bcf3f5d5399",
"value": "10/58"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "18",
"timestamp": "1584352031",
"uuid": "5e6f4943-b100-4270-95a8-6b9402de0b81",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5e6f4943-b100-4270-95a8-6b9402de0b81",
"referenced_uuid": "5e6f475d-d114-450e-9c53-6b9502de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "references",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584351911",
"uuid": "5e6f4aa7-b8e8-4d03-8659-48c802de0b81"
},
{
"comment": "",
"object_uuid": "5e6f4943-b100-4270-95a8-6b9402de0b81",
"referenced_uuid": "5e6f4721-d150-4db7-9efb-6b9402de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "abuses",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584351958",
"uuid": "5e6f4abb-fcd8-4458-a153-47c002de0b81"
},
{
"comment": "",
"object_uuid": "5e6f4943-b100-4270-95a8-6b9402de0b81",
"referenced_uuid": "5e6f474b-9a14-4d6d-8a2c-98c202de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "references",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584351980",
"uuid": "5e6f4aec-1a90-448f-8dbe-6b9402de0b81"
},
{
"comment": "",
"object_uuid": "5e6f4943-b100-4270-95a8-6b9402de0b81",
"referenced_uuid": "5e6f4721-d150-4db7-9efb-6b9402de0b81",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "references",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"timestamp": "1584352031",
"uuid": "5e6f4b1f-2e00-46a9-8693-a9d502de0b81"
}
],
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1584351555",
"to_ids": false,
"type": "text",
"uuid": "5e6f4943-31d8-4686-8c7c-6b9402de0b81",
"value": "Twitter"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1584351555",
"to_ids": false,
"type": "text",
"uuid": "5e6f4943-80f8-42a6-bfff-6b9402de0b81",
"value": "new sample of operation lagtime TA428\r\n\r\nrtf royal road: 08ebd6388b1194ca824199da49ff5769 \r\n\r\nip: 103.249.87.72\r\n\r\nTarget: Mongolia"
},
{
"category": "External analysis",
"comment": "",
"data": "iVBORw0KGgoAAAANSUhEUgAABJ4AAASCCAYAAADzByYKAAAMRmlDQ1BJQ0MgUHJvZmlsZQAASImVVwdYU8kWnltSSWiBCEgJvYkiSJcSQosgIFWwEZJAQokxIYjYkUUF1y4iYMOKKLoWQNaKvSyKvT8sqKysiwUbKm9SQFe/9973Tr6598+Zc/5TMvdmBgCdap5UmoPqApAryZPFhQezxqakskhPAAI/ekAfmPL4cik7NjYKQOm//1Pe3YC2UK66KLl+nv+voicQyvkAILEQpwvk/FyI9wOAF/OlsjwAiN5Qbz01T6rE4yE2kMEEIZYqcaYaFytxuhpXqGwS4jgQ7wSATOPxZJkAaDdBPSufnwl5tG9B7CoRiCUA6JAhDuCLeAKIIyAekps7WYmhHXBI/44n8x+c6QOcPF7mAFbXohJyiFguzeFN+z/b8b8lN0fRH8MODppIFhGnrBn27Vb25EglpkHcJUmPjoFYH+IPYoHKHmKUKlJEJKrtUVO+nAN7BpgQuwp4IZEQm0IcJsmJjtLo0zPEYVyI4QpBC8R53ASN7wKhPDRew1ktmxwX048zZBy2xreeJ1PFVdqfVGQnsjX8t0RCbj//20JRQrI6Z4yaL06KhlgbYqY8Oz5SbYPZFIo40f02MkWcMn8biH2FkvBgNT82MUMWFqexl+XK++vFFojE3GgNrswTJURoeHbyear8jSBuEkrYif08QvnYqP5aBMKQUHXt2GWhJFFTL9YuzQuO0/i+lubEauxxqjAnXKm3gthUnh+v8cUD8uCCVPPj0dK82AR1nnh6Fm9UrDofvABEAQ4IASyggCMdTAZZQNza1dgFv6lnwgAPyEAmEAIXjabfI1k1I4HXeFAI/oJICOQDfsGqWSHIh/ovA1r11QVkqGbzVR7Z4CnEuSAS5MDvCpWXZCBaEngCNeKfovNhrjlwKOd+1rGhJkqjUfTzsnT6LYmhxBBiBDGM6Iib4AG4Hx4Fr0FwuOHeuE9/tt/sCU8JbYRHhOuEdsLtSeIi2Q/1sMBo0A4jhGlqTv++ZtwOsnrgwbg/5IfcOBM3AS74CBiJjQfC2B5Qy9Fkrqz+R+5/1PBd1zV2FFcKShlECaI4/Oip7aTtMcCi7On3HVLnmj7QV87AzI/xOd91WgDvkT9aYguwfdgZ7Dh2DjuENQIWdhRrwi5ih5V4YBU9Ua2i/mhxqnyyIY/4p3g8TUxlJ+Wuda6drp/Vc3nCAuX7EXAmS6fJxJmiPBYbvvmFLK6EP3QIy83VzRUA5f+I+jX1hqn6f0CY57/p5nkB4F/c19d36JsucgsA+1IAoF77prP/CN/F1gCcXcdXyPLVOlx5IQAq0IFPlDEwB9bAAdbjBjyBHwgCoWAUiAEJIAVMhF0WwfUsA1PBDDAXlIAysBSsApVgPdgEtoNdYC9oBIfAcXAaXACXwXVwF66eDvACdIN3oBdBEBJCRxiIMWKB2CLOiBvijQQgoUgUEoekIGlIJiJBFMgMZB5ShixHKpGNSC3yG3IQOY6cQ9qQ28hDpBN5jXxCMZSGGqBmqB06DPVG2WgkmoBOQDPRKWghWowuRivQGnQn2oAeRy+g19F29AXagwFMC2NilpgL5o1xsBgsFcvAZNgsrBQrx2qweqwZ/s5XsXasC/uIE3EGzsJd4AqOwBNxPj4Fn4Uvwivx7XgDfhK/ij/Eu/GvBDrBlOBM8CVwCWMJmYSphBJCOWEr4QDhFHyaOgjviEQik2hP9IJPYwoxiziduIi4lribeIzYRnxM7CGRSMYkZ5I/KYbEI+WRSkhrSDtJR0lXSB2kD2QtsgXZjRxGTiVLyEXkcvIO8hHyFfIzci9Fl2JL8aXEUASUaZQllM2UZsolSgell6pHtaf6UxOoWdS51ApqPfUU9R71jZaWlpWWj9YYLbHWHK0KrT1aZ7Uean2k6dOcaBzaeJqCtpi2jXaMdpv2hk6n29GD6Kn0PPpiei39BP0B/YM2Q3uoNldboD1bu0q7QfuK9ksdio6tDltnok6hTrnOPp1LOl26FF07XY4uT3eWbpXuQd2buj16DL3hejF6uXqL9HbondN7rk/St9MP1RfoF+tv0j+h/5iBMawZHAafMY+xmXGK0WFANLA34BpkGZQZ7DJoNeg21DccYZhkWGBYZXjYsJ2JMe2YXGYOcwlzL/MG89Mgs0HsQcJBCwfVD7oy6L3RYKMgI6FRqdFuo+tGn4xZxqHG2cbLjBuN75vgJk4mY0ymmqwzOWXSNdhgsN9g/uDSwXsH3zFFTZ1M40ynm24yvWjaY2ZuFm4mNVtjdsKsy5xpHmSeZb7S/Ih5pwXDIsBCbLHS4qjFnyxDFpuVw6pgnWR1W5paRlgqLDdatlr2WtlbJVoVWe22um9Ntfa2zrBead1i3W1jYTPaZoZNnc0dW4qtt63IdrXtGdv3dvZ2yXbz7Rrtntsb2XPtC+3r7O850B0CHaY41DhccyQ6ejtmO651vOyEOnk4iZyqnC45o86ezmLntc5tQwhDfIZIhtQMuelCc2G75LvUuTwcyhwaNbRoaOPQl8NshqUOWzbszLCvrh6uOa6bXe8O1x8+anjR8Obhr92c3PhuVW7X3OnuYe6z3ZvcX41wHiEcsW7ELQ+Gx2iP+R4tHl88vTxlnvWenV42Xmle1V43vQ28Y70XeZ/1IfgE+8z2OeTz0dfTN893r+/ffi5+2X47/J6PtB8pHLl55GN/K3+e/0b/9gBWQFrAhoD2QMtAXmBN4KMg6yBB0NagZ2xHdhZ7J/tlsGuwLPhA8HuOL2cm51gIFhIeUhrSGqofmhhaGfogzCosM6wurDvcI3x6+LEIQkRkxLKIm1wzLp9by+0e5TVq5qiTkbTI+MjKyEdRTlGyqObR6OhRo1eMvhdtGy2JbowBMdyYFTH3Y+1jp8T+PoY4JnZM1ZinccPjZsSdiWfET4rfEf8uIThhScLdRIdERWJLkk7S+KTapPfJIcnLk9vHDhs7c+yFFJMUcUpTKik1KXVras+40HGrxnWM9xhfMv7GBPsJBRPOTTSZmDPx8CSdSbxJ+9IIaclpO9I+82J4NbyedG56dXo3n8NfzX8hCBKsFHQK/YXLhc8y/DOWZzzP9M9ckdkpChSVi7rEHHGl+FVWRNb6rPfZMdnbsvtyknN255Jz03IPSvQl2ZKTk80nF0xukzpLS6TtU3ynrJrSLYuUbZUj8gnypjwDuGG/qHBQ/KJ4mB+QX5X/YWrS1H0FegWSgovTnKYtnPasMKxwy3R8On96ywzLGXNnPJzJnrlxFjIrfVbLbOvZxbM75oTP2T6XOjd77h9FrkXLi97OS57XXGxWPKf48S/hv9SVaJfISm7O95u/fgG+QLygdaH7wjULv5YKSs+XuZaVl31exF90/tfhv1b82rc4Y3HrEs8l65YSl0qW3lgWuGz7cr3lhcsfrxi9omEla2XpyrerJq06Vz6ifP1q6mrF6vaKqIqmNTZrlq75XCmqvF4VXLW72rR6YfX7tYK1V9YFratfb7a+bP2nDeINtzaGb2yosasp30TclL/p6eakzWe2eG+p3WqytWzrl22Sbe3b47afrPWqrd1humNJHVqnqOvcOX7n5V0hu5rqXeo37mbuLtsD9ij2/Plb2m839kbubdnnva9+v+3+6gOMA6UNSMO0hu5GUWN7U0pT28FRB1ua/ZoP/D70922HLA9VHTY8vOQI9Ujxkb6jhUd7jkmPdR3PPP64ZVLL3RNjT1w7OeZk66nIU2dPh50+cYZ95uhZ/7OHzvmeO3je+3zjBc8LDRc9Lh74w+OPA62erQ2XvC41Xfa53Nw2su3IlcArx6+GXD19jXvtwvXo6203Em/cujn+Zvstwa3nt3Nuv7qTf6f37px7hHul93Xvlz8wfVDzL8d/7W73bD/8MOThxUfxj+4+5j9+8UT+5HNH8VP60/JnFs9qn7s9P9QZ1nn5z3F/dryQvujtKvlL76/qlw4v9/8d9PfF7rHdHa9kr/peL3pj/Gbb2xFvW3piex68y33X+770g/GH7R+9P575lPzpWe/Uz6TPFV8cvzR/jfx6ry+3r0/Kk/
"deleted": false,
"disable_correlation": false,
"object_relation": "attachment",
"timestamp": "1584351555",
"to_ids": false,
"type": "attachment",
"uuid": "5e6f4943-9188-49a2-b458-6b9402de0b81",
"value": "Screenshot 2020-03-16 at 10.38.07.png"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1584351555",
"to_ids": false,
"type": "text",
"uuid": "5e6f4943-336c-40cf-b236-6b9402de0b81",
"value": "Sebdraven"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1584351555",
"to_ids": false,
"type": "text",
"uuid": "5e6f4943-f268-46ee-8bfd-6b9402de0b81",
"value": "Informative"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "verified-username",
"timestamp": "1584351555",
"to_ids": false,
"type": "text",
"uuid": "5e6f4943-8ad0-4b36-bf9f-6b9402de0b81",
"value": "Unknown"
}
]
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink