adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5ec2382b-1f78-40cf-b07b-4d5d950d210f.json

208 lines
No EOL
6.6 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "1",
"date": "2020-05-18",
"extends_uuid": "",
"info": "KuGou trojan backdoor campaign aim RDP on HFS panels",
"publish_timestamp": "1589787461",
"published": true,
"threat_level_id": "2",
"timestamp": "1589787453",
"uuid": "5ec2382b-1f78-40cf-b07b-4d5d950d210f",
"Orgc": {
"name": "MalwareMustDie",
"uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c0037",
"local": false,
"name": "ms-caro-malware:malware-type=\"Backdoor\"",
"relationship_type": ""
},
{
"colour": "#530068",
"local": false,
"name": "ms-caro-malware:malware-type=\"TrojanDownloader\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Payload distribution in HFS via USA network (as TTP)",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-17T00:00:00+00:00",
"timestamp": "1589786946",
"to_ids": false,
"type": "ip-src",
"uuid": "5ec23942-0cd4-4e0e-b8a2-4374950d210f",
"value": "192.161.86.218"
},
{
"category": "Payload delivery",
"comment": "Payload distribution in HFS via USA network (as TTP)",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-17T00:00:00+00:00",
"timestamp": "1589786954",
"to_ids": false,
"type": "ip-src",
"uuid": "5ec2394a-f734-48cb-8aba-459e950d210f",
"value": "162.209.193.211"
},
{
"category": "Network activity",
"comment": "C2 IPv4",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-17T00:00:00+00:00",
"timestamp": "1589787008",
"to_ids": false,
"type": "ip-dst",
"uuid": "5ec23980-1e14-49e1-b225-4c42950d210f",
"value": "111.229.231.218"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-17T00:00:00+00:00",
"timestamp": "1589787099",
"to_ids": false,
"type": "hostname",
"uuid": "5ec239db-3410-4faf-8e04-45d4950d210f",
"value": "a222222.f3322.net"
},
{
"category": "Network activity",
"comment": "C2",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-17T00:00:00+00:00",
"timestamp": "1589787099",
"to_ids": false,
"type": "hostname",
"uuid": "5ec239db-0060-4a17-8f3e-4c40950d210f",
"value": "moqi.f3322.net"
},
{
"category": "Payload delivery",
"comment": "payloads",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787159",
"to_ids": false,
"type": "md5",
"uuid": "5ec23a17-d498-49bd-ad7e-4882950d210f",
"value": "ca3f461b313f3daec1f01a901b56c24e"
},
{
"category": "Payload delivery",
"comment": "payloads",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787159",
"to_ids": false,
"type": "md5",
"uuid": "5ec23a17-432c-4a62-b39f-4b43950d210f",
"value": "d5a36d65adf01a8bbad1546c3e113695"
},
{
"category": "Payload delivery",
"comment": "payloads",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787159",
"to_ids": false,
"type": "md5",
"uuid": "5ec23a17-a228-41c4-9f53-4cf8950d210f",
"value": "27ce0cd60fd409023e84fcbd03b113c0"
},
{
"category": "Payload delivery",
"comment": "payloads",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787159",
"to_ids": false,
"type": "md5",
"uuid": "5ec23a17-1c44-4a72-9f22-48cb950d210f",
"value": "8c19d83ff359a1b77cb06939c2e5f0cb"
},
{
"category": "Payload delivery",
"comment": "payloads",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787159",
"to_ids": false,
"type": "md5",
"uuid": "5ec23a17-7688-428f-8682-4184950d210f",
"value": "1444bebbb5deb71e3243aec2ac0d78e5"
},
{
"category": "Payload delivery",
"comment": "Payload filenames",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787233",
"to_ids": false,
"type": "filename",
"uuid": "5ec23a61-9110-4bbe-86aa-4805950d210f",
"value": "1521"
},
{
"category": "Payload delivery",
"comment": "Payload filenames",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-16T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787234",
"to_ids": false,
"type": "filename",
"uuid": "5ec23a62-0924-4357-88d9-44ce950d210f",
"value": "NetSyst96.dl"
},
{
"category": "Internal reference",
"comment": "Threat anouncement w/screenshots",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-05-15T00:00:00+00:00",
"last_seen": "2020-05-18T00:00:00+00:00",
"timestamp": "1589787453",
"to_ids": false,
"type": "link",
"uuid": "5ec23acb-c50c-4331-aad2-4e25950d210f",
"value": "https://twitter.com/malwaremustd1e/status/1262274362872229888"
}
]
}
}
Reference in a new issue View git blame Copy permalink