{ "type": "bundle", "id": "bundle--69df43bb-2c48-4b4d-aa85-8477e92cb010", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-03-12T12:58:36.000Z", "modified": "2024-03-12T12:58:36.000Z", "name": "THA-CERT", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--69df43bb-2c48-4b4d-aa85-8477e92cb010", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-03-12T12:58:36.000Z", "modified": "2024-03-12T12:58:36.000Z", "name": "I-Soon / Anxun data leak in Github", "published": "2024-02-23T11:02:13Z", "object_refs": [ "indicator--b654f397-3f2d-4fa2-a595-f0eb204794a4", "observed-data--8748d463-bd68-4c92-9a43-145fba7e7f8a", "url--8748d463-bd68-4c92-9a43-145fba7e7f8a", "indicator--62dcb0c7-95c6-495b-883d-ef943b74288d", "indicator--0716d202-c2cb-444b-a86c-edaced876e6b", "indicator--1fc9754b-30c5-4925-8fff-14a6a5eef03f", "indicator--64014b07-faf8-4490-8e8f-f918c7f91213", "indicator--94fb148d-3ba1-45f1-a5e5-75499cd8b6b6", "indicator--b9404608-78cb-44e3-a51c-106feb2525d3", "indicator--6472ce15-9330-4e47-9862-9aa85ef21033", "indicator--abc404be-9aa4-41ff-8eab-c82a64f4705c", "observed-data--d638e548-19d6-4987-befa-289210e1104b", "url--d638e548-19d6-4987-befa-289210e1104b", "observed-data--e028f34d-5c61-4a47-a3ef-a742b7a30d9c", "url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c", "observed-data--c6a9b73e-0094-4395-afe8-f7ebdceed729", "url--c6a9b73e-0094-4395-afe8-f7ebdceed729", "indicator--2b352578-b6fe-46b7-ad3f-833487c39036" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "tlp:clear", "PAP:CLEAR" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b654f397-3f2d-4fa2-a595-f0eb204794a4", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:22:56.000Z", "modified": "2024-02-23T07:22:56.000Z", "description": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.218.67.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:22:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--8748d463-bd68-4c92-9a43-145fba7e7f8a", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-22T21:16:09.000Z", "modified": "2024-02-22T21:16:09.000Z", "first_observed": "2024-02-22T21:16:09Z", "last_observed": "2024-02-22T21:16:09Z", "number_observed": 1, "object_refs": [ "url--8748d463-bd68-4c92-9a43-145fba7e7f8a" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--8748d463-bd68-4c92-9a43-145fba7e7f8a", "value": "https://github.com/I-S00N/I-S00N" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--62dcb0c7-95c6-495b-883d-ef943b74288d", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.31.3.116']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0716d202-c2cb-444b-a86c-edaced876e6b", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "Chinanet", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.143.37']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1fc9754b-30c5-4925-8fff-14a6a5eef03f", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "Luoyang", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.192.194.162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--64014b07-faf8-4490-8e8f-f918c7f91213", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "India Kolkata Aircel", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.219.17.111']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--94fb148d-3ba1-45f1-a5e5-75499cd8b6b6", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "China Unicom", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.13.74.218']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b9404608-78cb-44e3-a51c-106feb2525d3", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "Chinanet", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.142.148']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--6472ce15-9330-4e47-9862-9aa85ef21033", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "Chinanet", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.143.72']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--abc404be-9aa4-41ff-8eab-c82a64f4705c", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:20:33.000Z", "modified": "2024-02-23T07:20:33.000Z", "description": "IT7NET", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.98.127.105']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:20:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--d638e548-19d6-4987-befa-289210e1104b", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:21:38.000Z", "modified": "2024-02-23T07:21:38.000Z", "first_observed": "2024-02-23T07:21:38Z", "last_observed": "2024-02-23T07:21:38Z", "number_observed": 1, "object_refs": [ "url--d638e548-19d6-4987-befa-289210e1104b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--d638e548-19d6-4987-befa-289210e1104b", "value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--e028f34d-5c61-4a47-a3ef-a742b7a30d9c", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:21:38.000Z", "modified": "2024-02-23T07:21:38.000Z", "first_observed": "2024-02-23T07:21:38Z", "last_observed": "2024-02-23T07:21:38Z", "number_observed": 1, "object_refs": [ "url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c", "value": "https://x.com/ctiyeewesley/status/1760364208326418618" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--c6a9b73e-0094-4395-afe8-f7ebdceed729", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:21:38.000Z", "modified": "2024-02-23T07:21:38.000Z", "first_observed": "2024-02-23T07:21:38Z", "last_observed": "2024-02-23T07:21:38Z", "number_observed": 1, "object_refs": [ "url--c6a9b73e-0094-4395-afe8-f7ebdceed729" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--c6a9b73e-0094-4395-afe8-f7ebdceed729", "value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--2b352578-b6fe-46b7-ad3f-833487c39036", "created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5", "created": "2024-02-23T07:25:21.000Z", "modified": "2024-02-23T07:25:21.000Z", "pattern": "[domain-name:value = 'mailnotes.online' AND domain-name:resolves_to_refs[*].value = '74.120.172.10']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2024-02-23T07:25:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "network" } ], "labels": [ "misp:name=\"domain-ip\"", "misp:meta-category=\"network\"", "misp:to_ids=\"True\"", "diamond-model:Infrastructure" ] } ] }