141 lines
No EOL
4 KiB
JSON
141 lines
No EOL
4 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2019-01-10",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT",
|
|
"publish_timestamp": "1547730923",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1547727524",
|
|
"uuid": "5c37602c-b178-47ea-8f49-45d5950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:threat-actor=\"TA505\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:backdoor=\"ServHelper\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:rat=\"FlawedGrace\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#3a7300",
|
|
"local": false,
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00a9ce",
|
|
"local": false,
|
|
"name": "veris:action:malware:variety=\"Backdoor\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#440055",
|
|
"local": false,
|
|
"name": "ms-caro-malware:malware-type=\"RemoteAccess\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547724060",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5c384678-4750-43e9-b559-4efb950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547724059",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5c384692-32f8-4871-ad57-477b950d210f",
|
|
"value": "Malware researchers discovered two new malware families distributed through phishing campaigns last year carried out by the TA505 cybercriminal group: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT).",
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ServHelper's C2 servers:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547196479",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c38583f-9830-47aa-996a-4a7f950d210f",
|
|
"value": "dedsolutions.bit"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "ServHelper's C2 servers:",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1547196480",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5c385840-dea4-410a-a178-4a2c950d210f",
|
|
"value": "arepos.bit"
|
|
}
|
|
]
|
|
}
|
|
} |