misp-circl-feed/feeds/circl/misp/e8141fc5-e84d-4aeb-8879-f71caffab35a.json

261 lines
7.8 KiB
JSON
Raw Normal View History

2023-12-14 13:47:04 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2023-08-29",
"extends_uuid": "",
"info": "FIN8-LINKED ACTOR TARGETS CITRIX NETSCALER SYSTEMS",
"publish_timestamp": "1693316705",
"published": true,
"threat_level_id": "2",
"timestamp": "1693316666",
"uuid": "e8141fc5-e84d-4aeb-8879-f71caffab35a",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
2024-04-05 12:15:17 +00:00
"local": true,
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
2024-04-05 12:15:17 +00:00
"local": true,
2023-12-14 14:30:15 +00:00
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
2024-04-05 12:15:17 +00:00
"local": true,
2023-12-14 14:30:15 +00:00
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": true,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": true,
2023-12-14 14:30:15 +00:00
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:malpedia=\"Unidentified 103 (FIN8)\"",
"relationship_type": ""
},
{
"colour": "#b7344f",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN8 - G0061\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:mitre-intrusion-set=\"FIN8 - G0061\"",
"relationship_type": ""
},
{
"colour": "#07db5b",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:threat-actor=\"FIN8\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "14f20043-2e62-43b0-92ff-f0aac97f3bd6",
"value": "ec89ec41f0e0a7e60fa3f6267d0197c7fa8568e11a2c564f6d59855ddd9e1d64"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "50beeb77-22e3-408b-b1a7-081e17e4d087",
"value": "bb28ba8d838c8eefdd5ae1e23d5872968d84e8cb86bf292b2c3bf4c84ad7dbd0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "4efab437-35ff-4c9d-8e6b-448f06df320d",
"value": "94f09d01e1397ca80c71b488b8775acfe2776b5ab42e9a54547d9e5f58caf11a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "9767d317-7f96-4d64-aae1-3c8102e08226",
"value": "857d6f7e4b96738adb9cc023e2c504362fe8b73bdce422f8f8cb791dd6ac2449"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "bb3747d5-07b1-44fd-8ecf-84807514b5bc",
"value": "383df272841f9a677ee03f6f553bc6cf3197427d792dc9f86b7fb1911dc83d71"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "71bb09f8-b274-403b-98c0-e15e46c62382",
"value": "2d53aaa2638f9a986779b9e36a7b6dfdaddf3cc06698f4aa9f558c1a0591dc9a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316576",
"to_ids": true,
"type": "sha256",
"uuid": "8d152d5d-8d23-4791-bf82-9583f51eb30e",
"value": "20b375ac4487a5955d4b0dd0a600e851d1e455a30c3f8babd0e7e1e97d11a073"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316577",
"to_ids": true,
"type": "sha256",
"uuid": "30767882-5846-4f4b-9887-5faac3f0aec0",
"value": "03657d8f9dcb49a690d4b07da4f49ead58000efe458ca3ba7f878233dd25e391"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316631",
"to_ids": true,
"type": "ip-dst",
"uuid": "d6756678-c4d9-4c96-ac80-9477ac1a28e1",
"value": "85.239.53.49"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1693316631",
"to_ids": true,
"type": "ip-dst",
"uuid": "d287851e-8762-4e63-96bc-b5ec5e9e93bf",
"value": "45.66.248.189"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1693316535",
"uuid": "04d8530b-7834-425b-8db9-83c89bf9712b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1693316535",
"to_ids": false,
"type": "link",
"uuid": "23aa69bc-7ae8-46fc-b56c-4259becdfb82",
"value": "https://github.com/sophoslabs/IoCs/blob/master/2023-08-25%20Citrix%20CVE-2023-3519%20attacks.csv"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1693316535",
"to_ids": false,
"type": "text",
"uuid": "22abc447-5527-43fc-ac45-f4b4de056416",
"value": "IoC-list"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1693316556",
"uuid": "d18c50e6-70d7-4ddf-8f19-67b233b1b9df",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1693316556",
"to_ids": false,
"type": "link",
"uuid": "3596e269-9e73-423f-b31a-b69988a2b29c",
"value": "https://securityaffairs.com/150028/hacking/fin8-citrix-netscaler.html"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1693316556",
"to_ids": false,
"type": "text",
"uuid": "ca88fda9-df20-49b6-be1c-b98cf066f145",
"value": "Blog"
}
]
}
2023-12-14 13:47:04 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-12-14 13:47:04 +00:00
}