adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/355c00b3-a85f-4a6c-850f-95bc7357abd1.json

704 lines
No EOL
24 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2020-09-22",
"extends_uuid": "",
"info": "Linux/CDRThief\u2009\u2014\u2009Indicators of Compromise - Who is calling? CDRThief targets Linux VoIP softswitches",
"publish_timestamp": "1600777404",
"published": true,
"threat_level_id": "2",
"timestamp": "1600777302",
"uuid": "355c00b3-a85f-4a6c-850f-95bc7357abd1",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "50cd9c70-16e3-4d80-a63f-6a8cccc82068",
"value": "cc373d633a16817f7d21372c56955923c9dda825"
},
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "3e5b904b-5895-4b38-a3fe-3f1c45556e2d",
"value": "8e2624da4d209abd3364d90f7bc08230f84510db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "0e0e63a2-2df9-48bf-a051-033dc07e1c28",
"value": "fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac"
},
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "4bc87d38-3261-47a3-8aed-2f4e6d6a90b9",
"value": "8532e858eb24ae38632091d2d790a1299b7bbc87"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776944",
"to_ids": false,
"type": "link",
"uuid": "d0bc874d-f910-42af-8487-49d59744ac09",
"value": "https://github.com/eset/malware-ioc/tree/master/cdrthief"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "e709726a-d154-43ef-86c7-18eb24a81774",
"value": "119.29.173.65"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "7bba10cd-0db9-4236-8351-3e592852b524",
"value": "129.211.157.244"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "23f961d6-6059-47a4-854e-9122fe8ad07e",
"value": "129.226.134.180"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "509ee329-28fd-433e-866e-8756879ee048",
"value": "150.109.79.136"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "19c40342-9c51-4d22-863a-aa043f160819",
"value": "34.94.199.142"
},
{
"category": "Network activity",
"comment": "C&C servers",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600776964",
"to_ids": true,
"type": "ip-dst",
"uuid": "3f66f469-98f7-40d5-b7a8-f8107c5f494a",
"value": "35.236.173.187"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600777017",
"to_ids": true,
"type": "mutex",
"uuid": "bc967985-2f6a-4ddd-bdf2-65742ffc89c6",
"value": "/dev/shm/.bin"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600777017",
"to_ids": true,
"type": "mutex",
"uuid": "a753b1c5-18cd-4f49-903a-dbec8618f0c6",
"value": "/dev/shm/.linux"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600777050",
"to_ids": true,
"type": "filename",
"uuid": "d4470b8f-b772-415b-a89a-b22c25431d9f",
"value": "/dev/shm/callservice"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600777050",
"to_ids": true,
"type": "filename",
"uuid": "aeb2152e-d589-4dce-8691-2eb1b25b0430",
"value": "/dev/shm/sys.png"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1600777285",
"to_ids": false,
"type": "link",
"uuid": "b520b0c5-ba26-4f60-8ad4-77a9dd37987e",
"value": "https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Cryptographic materials such as public or/and private keys.",
"meta-category": "misc",
"name": "crypto-material",
"template_uuid": "50677f82-ec9c-4484-bb29-2519cfe56823",
"template_version": "3",
"timestamp": "1600777150",
"uuid": "88331ce0-09ff-4c8a-93c5-3e27fc8e287c",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "text",
"timestamp": "1600777150",
"to_ids": false,
"type": "text",
"uuid": "d54175fd-fa8c-4446-8b2c-548791780397",
"value": "-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQ3k3GgS3FX4pI7s9x0krBYqbMcSaw4BPY91Ln\r\ntt5/X8s9l0BC6PUTbQcUzs6PPXhKKTx8ph5CYQqdWynxOLJah0FMMRYxS8d0HX+Qx9eWUeKRHm2E\r\nAtZQjdHxqTJ9EBpHYWV4RrWmeoOsWAOisvedlb23O0E55e8rrGGrZLhPbwIDAQAB\r\n-----END PUBLIC KEY-----"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1600777150",
"to_ids": false,
"type": "text",
"uuid": "a31298ce-323c-49c0-84d7-2662b873a082",
"value": "RSA"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1600777150",
"to_ids": false,
"type": "text",
"uuid": "82b73e68-5afe-4e5c-9c52-38242f13c139",
"value": "malware-extraction"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1600777229",
"uuid": "f782bda7-4bcb-4ad0-8c2f-2c5f18863652",
"ObjectReference": [
{
"comment": "",
"object_uuid": "f782bda7-4bcb-4ad0-8c2f-2c5f18863652",
"referenced_uuid": "b53bd1ed-b1e6-46ac-b34d-3bbe67107eae",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "19706308-ed9f-45ca-9305-06f9909d3aae"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1600776924",
"to_ids": true,
"type": "md5",
"uuid": "0ee7a052-49d6-4205-866a-782b0ddb02cf",
"value": "7124c56ab6d8133e2ed2042fb8c2248e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "1bda1df0-b538-4edc-82fc-b74ac1d7ea10",
"value": "cc373d633a16817f7d21372c56955923c9dda825"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha256",
"uuid": "fe33304f-2e77-4b26-be57-c592b9adc0b5",
"value": "665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1600777229",
"uuid": "b53bd1ed-b1e6-46ac-b34d-3bbe67107eae",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1600776924",
"to_ids": false,
"type": "datetime",
"uuid": "9a8f52cd-f16e-49e5-a1ed-d019bbbd082d",
"value": "2020-09-22T10:56:34+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1600776924",
"to_ids": false,
"type": "link",
"uuid": "1fa1ca4e-2145-4caf-8ab8-4ad2c1052100",
"value": "https://www.virustotal.com/gui/file/665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b/detection/f-665acb48f9ad6317806231e52e5d3d05e91a93b20f40771a55e634192e8b094b-1600772194"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1600776924",
"to_ids": false,
"type": "text",
"uuid": "80c0cf1c-41e3-4ffa-9e48-374af830eaa4",
"value": "32/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1600777229",
"uuid": "0bc9fcae-fc75-4910-a8c0-61949bd76bb9",
"ObjectReference": [
{
"comment": "",
"object_uuid": "0bc9fcae-fc75-4910-a8c0-61949bd76bb9",
"referenced_uuid": "32b7a65f-d4d2-4920-a244-29c98222f6ff",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "b7911131-0ca9-4280-abc7-50b3b96e3df7"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1600776924",
"to_ids": true,
"type": "md5",
"uuid": "5018b10d-8d9b-441d-9244-d661dbd7f8e2",
"value": "926c77d3d9fdad7217a9b49bdf033336"
},
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "24c30340-027f-4955-987e-ce791629e33a",
"value": "8e2624da4d209abd3364d90f7bc08230f84510db"
},
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha256",
"uuid": "671df934-b704-4ed9-9277-57f0f0bcfb58",
"value": "ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1600777229",
"uuid": "32b7a65f-d4d2-4920-a244-29c98222f6ff",
"Attribute": [
{
"category": "Other",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1600776924",
"to_ids": false,
"type": "datetime",
"uuid": "7d174551-08ad-4371-819b-4f5ff30ea7e7",
"value": "2020-09-22T10:56:43+00:00"
},
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1600776924",
"to_ids": false,
"type": "link",
"uuid": "da28f735-72f5-4fe2-9789-adae6df6294f",
"value": "https://www.virustotal.com/gui/file/ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c/detection/f-ffe88d3012c15a680a506f0382264ea763ff2d426bf4ad3caf03111d47d9a80c-1600772203"
},
{
"category": "Payload delivery",
"comment": "(UPX packed)",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1600776924",
"to_ids": false,
"type": "text",
"uuid": "83b1dbb1-0edf-4939-80d1-7a0635d14587",
"value": "27/60"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1600777229",
"uuid": "10b7197c-b557-4d29-a593-8f81e682c400",
"ObjectReference": [
{
"comment": "",
"object_uuid": "10b7197c-b557-4d29-a593-8f81e682c400",
"referenced_uuid": "1752315a-8a3b-4114-badf-c204312c304b",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "c0bfecb2-8bac-44d2-9ebd-1d9d981ec49e"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1600776924",
"to_ids": true,
"type": "md5",
"uuid": "399de6c9-9da7-4b10-9131-20887e69d894",
"value": "444a5116c6e2b37b33066be16f3e7e6d"
},
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "d353ce60-e8ba-49ee-b2bb-c9df13782143",
"value": "8532e858eb24ae38632091d2d790a1299b7bbc87"
},
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha256",
"uuid": "eba6725a-5248-45ab-b633-78b2a86d022c",
"value": "af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1600777229",
"uuid": "1752315a-8a3b-4114-badf-c204312c304b",
"Attribute": [
{
"category": "Other",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1600776924",
"to_ids": false,
"type": "datetime",
"uuid": "f1afdfdd-941e-4136-a79c-19c30e0c3301",
"value": "2020-09-22T10:56:33+00:00"
},
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1600776924",
"to_ids": false,
"type": "link",
"uuid": "46b3ca6a-2d76-4117-9317-92c3c5dd32d8",
"value": "https://www.virustotal.com/gui/file/af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4/detection/f-af75687cb030418c3196d6535d10479bc45e4248d60d3427230381e0d09e5ca4-1600772193"
},
{
"category": "Payload delivery",
"comment": "(Corrupted)",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1600776924",
"to_ids": false,
"type": "text",
"uuid": "df800269-bf3b-432d-b8b3-aea329ae0be8",
"value": "25/62"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "22",
"timestamp": "1600777229",
"uuid": "4e2be21d-c114-470c-8845-572d708cdbec",
"ObjectReference": [
{
"comment": "",
"object_uuid": "4e2be21d-c114-470c-8845-572d708cdbec",
"referenced_uuid": "25558597-1dd5-4fb9-99b6-53db526d0e6e",
"relationship_type": "analysed-with",
"timestamp": "0",
"uuid": "4f36e930-b9b4-407e-ad93-bd14590f3b69"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1600776924",
"to_ids": true,
"type": "md5",
"uuid": "6aa15e75-5b94-4541-a279-cdc971c44017",
"value": "3339b8c4a522548b67fca732c54fa232"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha1",
"uuid": "cc8bf8c5-00a7-42bf-85bd-1d51c108fc8f",
"value": "fc7ccabb239ad6fd22472e5b7bb6a5773b7a3dac"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1600776924",
"to_ids": true,
"type": "sha256",
"uuid": "c05acdee-d720-477a-b0f6-74acc29a3825",
"value": "6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "3",
"timestamp": "1600777229",
"uuid": "25558597-1dd5-4fb9-99b6-53db526d0e6e",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1600776924",
"to_ids": false,
"type": "datetime",
"uuid": "baf23e87-428f-4974-8764-e4bbcd5ea9b4",
"value": "2020-09-22T10:56:24+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1600776924",
"to_ids": false,
"type": "link",
"uuid": "b397af60-d203-4dfe-bfad-d67bc45763ff",
"value": "https://www.virustotal.com/gui/file/6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6/detection/f-6b15cf51e4dff3e25b805173eef88940dbeb52b2662bd265450e6e54d5bb84d6-1600772184"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1600776924",
"to_ids": false,
"type": "text",
"uuid": "f9400666-419d-444a-b2dd-bf8ea02c78e6",
"value": "30/61"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink