adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/69df43bb-2c48-4b4d-aa85-8477e92cb010.json

396 lines
No EOL
16 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--69df43bb-2c48-4b4d-aa85-8477e92cb010",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-03-12T12:58:36.000Z",
"modified": "2024-03-12T12:58:36.000Z",
"name": "THA-CERT",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--69df43bb-2c48-4b4d-aa85-8477e92cb010",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-03-12T12:58:36.000Z",
"modified": "2024-03-12T12:58:36.000Z",
"name": "I-Soon / Anxun data leak in Github",
"published": "2024-02-23T11:02:13Z",
"object_refs": [
"indicator--b654f397-3f2d-4fa2-a595-f0eb204794a4",
"observed-data--8748d463-bd68-4c92-9a43-145fba7e7f8a",
"url--8748d463-bd68-4c92-9a43-145fba7e7f8a",
"indicator--62dcb0c7-95c6-495b-883d-ef943b74288d",
"indicator--0716d202-c2cb-444b-a86c-edaced876e6b",
"indicator--1fc9754b-30c5-4925-8fff-14a6a5eef03f",
"indicator--64014b07-faf8-4490-8e8f-f918c7f91213",
"indicator--94fb148d-3ba1-45f1-a5e5-75499cd8b6b6",
"indicator--b9404608-78cb-44e3-a51c-106feb2525d3",
"indicator--6472ce15-9330-4e47-9862-9aa85ef21033",
"indicator--abc404be-9aa4-41ff-8eab-c82a64f4705c",
"observed-data--d638e548-19d6-4987-befa-289210e1104b",
"url--d638e548-19d6-4987-befa-289210e1104b",
"observed-data--e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
"url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
"observed-data--c6a9b73e-0094-4395-afe8-f7ebdceed729",
"url--c6a9b73e-0094-4395-afe8-f7ebdceed729",
"indicator--2b352578-b6fe-46b7-ad3f-833487c39036"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"tlp:clear",
"PAP:CLEAR"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b654f397-3f2d-4fa2-a595-f0eb204794a4",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:22:56.000Z",
"modified": "2024-02-23T07:22:56.000Z",
"description": "AWS USA - Jackpot Panda or Iron Tiger - On port tcp/27011 or tcp/17011",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.218.67.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:22:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--8748d463-bd68-4c92-9a43-145fba7e7f8a",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-22T21:16:09.000Z",
"modified": "2024-02-22T21:16:09.000Z",
"first_observed": "2024-02-22T21:16:09Z",
"last_observed": "2024-02-22T21:16:09Z",
"number_observed": 1,
"object_refs": [
"url--8748d463-bd68-4c92-9a43-145fba7e7f8a"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--8748d463-bd68-4c92-9a43-145fba7e7f8a",
"value": "https://github.com/I-S00N/I-S00N"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--62dcb0c7-95c6-495b-883d-ef943b74288d",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "Hangzhou Alibaba - C2 IP for SecuritySystemv5 Windows RAT aka ShadowPad",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.31.3.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0716d202-c2cb-444b-a86c-edaced876e6b",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "Chinanet",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.143.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1fc9754b-30c5-4925-8fff-14a6a5eef03f",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "Luoyang",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.192.194.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64014b07-faf8-4490-8e8f-f918c7f91213",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "India Kolkata Aircel",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.219.17.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94fb148d-3ba1-45f1-a5e5-75499cd8b6b6",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "China Unicom",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.13.74.218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9404608-78cb-44e3-a51c-106feb2525d3",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "Chinanet",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.142.148']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6472ce15-9330-4e47-9862-9aa85ef21033",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "Chinanet",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.88.143.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--abc404be-9aa4-41ff-8eab-c82a64f4705c",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:20:33.000Z",
"modified": "2024-02-23T07:20:33.000Z",
"description": "IT7NET",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.98.127.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:20:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--d638e548-19d6-4987-befa-289210e1104b",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:21:38.000Z",
"modified": "2024-02-23T07:21:38.000Z",
"first_observed": "2024-02-23T07:21:38Z",
"last_observed": "2024-02-23T07:21:38Z",
"number_observed": 1,
"object_refs": [
"url--d638e548-19d6-4987-befa-289210e1104b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--d638e548-19d6-4987-befa-289210e1104b",
"value": "https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:21:38.000Z",
"modified": "2024-02-23T07:21:38.000Z",
"first_observed": "2024-02-23T07:21:38Z",
"last_observed": "2024-02-23T07:21:38Z",
"number_observed": 1,
"object_refs": [
"url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--e028f34d-5c61-4a47-a3ef-a742b7a30d9c",
"value": "https://x.com/ctiyeewesley/status/1760364208326418618"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--c6a9b73e-0094-4395-afe8-f7ebdceed729",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:21:38.000Z",
"modified": "2024-02-23T07:21:38.000Z",
"first_observed": "2024-02-23T07:21:38Z",
"last_observed": "2024-02-23T07:21:38Z",
"number_observed": 1,
"object_refs": [
"url--c6a9b73e-0094-4395-afe8-f7ebdceed729"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--c6a9b73e-0094-4395-afe8-f7ebdceed729",
"value": "https://blogger.googleusercontent.com/img/a/AVvXsEjbMEXqlKuWpUjEfU_CDZ3Gp88lSgCBA8nIqqx7rSqWLaLK6P5VUNpvMYe2CF84_SDRmiSWGeyH5nphRzs1gHfzprgcPyE9dabx1VgampBDgV-7lutQAyHMmqgOot0UHFADir8OlXEKhDHvYtXNRQ7-10UBxeiOqevBhtN7xNStQgA3nt1eH-Hji-p4kzBx"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2b352578-b6fe-46b7-ad3f-833487c39036",
"created_by_ref": "identity--58a4d347-8460-4fc7-a882-6728c0a82ae5",
"created": "2024-02-23T07:25:21.000Z",
"modified": "2024-02-23T07:25:21.000Z",
"pattern": "[domain-name:value = 'mailnotes.online' AND domain-name:resolves_to_refs[*].value = '74.120.172.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-02-23T07:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\"",
"diamond-model:Infrastructure"
]
}
]
}
Reference in a new issue View git blame Copy permalink