misp-circl-feed/feeds/circl/misp/69df43bb-2c48-4b4d-aa85-8477e92cb010.json

295 lines
8.5 KiB
JSON
Raw Normal View History

2024-08-07 08:13:15 +00:00
{
"Event": {
"analysis": "1",
"date": "2024-02-22",
"extends_uuid": "",
"info": "I-Soon / Anxun data leak in Github",
"publish_timestamp": "1708686133",
"published": true,
"threat_level_id": "3",
"timestamp": "1710248316",
"uuid": "69df43bb-2c48-4b4d-aa85-8477e92cb010",
"Orgc": {
"name": "THA-CERT",
"uuid": "58a4d347-8460-4fc7-a882-6728c0a82ae5"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "PAP:CLEAR",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672976",
"to_ids": true,
"type": "ip-dst",
"uuid": "b654f397-3f2d-4fa2-a595-f0eb204794a4",
"value": "8.218.67.52",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": true,
"timestamp": "1708636569",
"to_ids": false,
"type": "link",
"uuid": "8748d463-bd68-4c92-9a43-145fba7e7f8a",
"value": "https://github.com/I-S00N/I-S00N"
},
{
"category": "Network activity",
"comment": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "62dcb0c7-95c6-495b-883d-ef943b74288d",
"value": "118.31.3.116",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Chinanet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "0716d202-c2cb-444b-a86c-edaced876e6b",
"value": "171.88.143.37",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Luoyang",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "1fc9754b-30c5-4925-8fff-14a6a5eef03f",
"value": "1.192.194.162",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "India Kolkata Aircel",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "64014b07-faf8-4490-8e8f-f918c7f91213",
"value": "101.219.17.111",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "China Unicom",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "94fb148d-3ba1-45f1-a5e5-75499cd8b6b6",
"value": "221.13.74.218",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Chinanet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "b9404608-78cb-44e3-a51c-106feb2525d3",
"value": "171.88.142.148",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Chinanet",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "6472ce15-9330-4e47-9862-9aa85ef21033",
"value": "171.88.143.72",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "IT7NET",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672833",
"to_ids": true,
"type": "ip-dst",
"uuid": "abc404be-9aa4-41ff-8eab-c82a64f4705c",
"value": "66.98.127.105",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672898",
"to_ids": false,
"type": "link",
"uuid": "d638e548-19d6-4987-befa-289210e1104b",
"value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672898",
"to_ids": false,
"type": "link",
"uuid": "e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
"value": "https://x.com/ctiyeewesley/status/1760364208326418618"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1708672898",
"to_ids": false,
"type": "link",
"uuid": "c6a9b73e-0094-4395-afe8-f7ebdceed729",
"value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "11",
"timestamp": "1708673121",
"uuid": "2b352578-b6fe-46b7-ad3f-833487c39036",
"Attribute": [
{
"category": "Network activity",
"comment": "China Telecom - POISON CARP APT",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1708673095",
"to_ids": true,
"type": "ip-dst",
"uuid": "afd8bd8c-07e5-4bc0-a79b-113a73e37109",
"value": "74.120.172.10",
"Tag": [
{
"colour": "#cc4900",
"local": false,
"name": "diamond-model:Infrastructure",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1708673121",
"to_ids": true,
"type": "domain",
"uuid": "e1bf6b62-e4ce-4772-bad2-4579970a287d",
"value": "mailnotes.online"
}
]
}
]
}
}