{ "Event": { "analysis": "1", "date": "2024-02-22", "extends_uuid": "", "info": "I-Soon / Anxun data leak in Github", "publish_timestamp": "1708686133", "published": true, "threat_level_id": "3", "timestamp": "1710248316", "uuid": "69df43bb-2c48-4b4d-aa85-8477e92cb010", "Orgc": { "name": "THA-CERT", "uuid": "58a4d347-8460-4fc7-a882-6728c0a82ae5" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "PAP:CLEAR", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011", "deleted": false, "disable_correlation": false, "timestamp": "1708672976", "to_ids": true, "type": "ip-dst", "uuid": "b654f397-3f2d-4fa2-a595-f0eb204794a4", "value": "8.218.67.52", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": true, "timestamp": "1708636569", "to_ids": false, "type": "link", "uuid": "8748d463-bd68-4c92-9a43-145fba7e7f8a", "value": "https://github.com/I-S00N/I-S00N" }, { "category": "Network activity", "comment": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "62dcb0c7-95c6-495b-883d-ef943b74288d", "value": "118.31.3.116", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Chinanet", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "0716d202-c2cb-444b-a86c-edaced876e6b", "value": "171.88.143.37", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Luoyang", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "1fc9754b-30c5-4925-8fff-14a6a5eef03f", "value": "1.192.194.162", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "India Kolkata Aircel", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "64014b07-faf8-4490-8e8f-f918c7f91213", "value": "101.219.17.111", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "China Unicom", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "94fb148d-3ba1-45f1-a5e5-75499cd8b6b6", "value": "221.13.74.218", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Chinanet", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "b9404608-78cb-44e3-a51c-106feb2525d3", "value": "171.88.142.148", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Chinanet", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "6472ce15-9330-4e47-9862-9aa85ef21033", "value": "171.88.143.72", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IT7NET", "deleted": false, "disable_correlation": false, "timestamp": "1708672833", "to_ids": true, "type": "ip-dst", "uuid": "abc404be-9aa4-41ff-8eab-c82a64f4705c", "value": "66.98.127.105", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1708672898", "to_ids": false, "type": "link", "uuid": "d638e548-19d6-4987-befa-289210e1104b", "value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1708672898", "to_ids": false, "type": "link", "uuid": "e028f34d-5c61-4a47-a3ef-a742b7a30d9c", "value": "https://x.com/ctiyeewesley/status/1760364208326418618" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1708672898", "to_ids": false, "type": "link", "uuid": "c6a9b73e-0094-4395-afe8-f7ebdceed729", "value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx" } ], "Object": [ { "comment": "", "deleted": false, "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", "template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", "template_version": "11", "timestamp": "1708673121", "uuid": "2b352578-b6fe-46b7-ad3f-833487c39036", "Attribute": [ { "category": "Network activity", "comment": "China Telecom - POISON CARP APT", "deleted": false, "disable_correlation": false, "object_relation": "ip", "timestamp": "1708673095", "to_ids": true, "type": "ip-dst", "uuid": "afd8bd8c-07e5-4bc0-a79b-113a73e37109", "value": "74.120.172.10", "Tag": [ { "colour": "#cc4900", "local": false, "name": "diamond-model:Infrastructure", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "domain", "timestamp": "1708673121", "to_ids": true, "type": "domain", "uuid": "e1bf6b62-e4ce-4772-bad2-4579970a287d", "value": "mailnotes.online" } ] } ] } }