misp-circl-feed/feeds/circl/misp/b6084bdd-5570-4e1e-965c-c587c9ae1c77.json

{
  "Event": {
    "analysis": "2",
    "date": "2023-12-05",
    "extends_uuid": "",
    "info": "PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin",
    "publish_timestamp": "1701869294",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1701869265",
    "uuid": "b6084bdd-5570-4e1e-965c-c587c9ae1c77",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0071c3",
        "local": false,
        "name": "osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      },
      {
        "colour": "#0087e8",
        "local": false,
        "name": "osint:certainty=\"50\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1701786607",
        "to_ids": true,
        "type": "sha256",
        "uuid": "1009168e-83c3-48f1-99ca-1dd9aaead647",
        "value": "ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1701786653",
        "to_ids": true,
        "type": "domain",
        "uuid": "43af36d1-b96b-4c0b-aa55-0da337eb3f8a",
        "value": "en-gb-wordpress.org"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "Metadata used to generate an executive level report",
        "meta-category": "misc",
        "name": "report",
        "template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
        "template_version": "7",
        "timestamp": "1701786581",
        "uuid": "89be2f54-b5a4-4099-8c4a-138ea688675f",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "link",
            "timestamp": "1701786581",
            "to_ids": false,
            "type": "link",
            "uuid": "aa454770-7e5f-4a36-9aec-3027b4d7ee1b",
            "value": "https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "summary",
            "timestamp": "1701786581",
            "to_ids": false,
            "type": "text",
            "uuid": "ff3ea0ed-ad25-47f0-8ffb-52d62c983873",
            "value": "The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user\u2019s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a \u201cPatch\u201d plugin and install it."
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "type",
            "timestamp": "1701786581",
            "to_ids": false,
            "type": "text",
            "uuid": "b90a4e7c-04e6-4f87-99ed-482bf917a2e7",
            "value": "Blog"
          }
        ]
      },
      {
        "comment": "en-gb-wordpress.org: Enriched via the farsight_passivedns module",
        "deleted": false,
        "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
        "first_seen": "2023-11-16T00:46:40+00:00",
        "last_seen": "2023-12-05T03:32:16+00:00",
        "meta-category": "network",
        "name": "passive-dns",
        "template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
        "template_version": "5",
        "timestamp": "1701787598",
        "uuid": "add42f59-32d7-44e1-8606-afd42b50d090",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "add42f59-32d7-44e1-8606-afd42b50d090",
            "referenced_uuid": "43af36d1-b96b-4c0b-aa55-0da337eb3f8a",
            "relationship_type": "related-to",
            "timestamp": "1701786849",
            "uuid": "6343e349-7f3a-445c-b041-550e4d0f2501"
          }
        ],
        "Attribute": [
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rdata",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "0c32b096-3bad-4861-b7e1-a83d722b8543",
            "value": "104.21.91.135"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rdata",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "e6fd76fd-52e6-4faa-bcb9-258a13125e93",
            "value": "172.67.220.234"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "count",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "counter",
            "uuid": "285eb4da-db3a-48be-a269-a944db746bac",
            "value": "18"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "time_first",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "datetime",
            "uuid": "60ba032c-6e3a-4abe-bb00-531655568bf0",
            "value": "2023-11-16T00:46:40+00:00"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "time_last",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "datetime",
            "uuid": "ec150c17-317d-44ba-a076-890a2b67c962",
            "value": "2023-12-05T03:32:16+00:00"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rrname",
            "timestamp": "1701787598",
            "to_ids": true,
            "type": "text",
            "uuid": "9baed676-7223-4efe-9df0-ee976f53d7f5",
            "value": "en-gb-wordpress.org."
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "rrtype",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "dce25f21-886c-4a8d-b3f4-a38835c4e46e",
            "value": "A"
          },
          {
            "category": "Network activity",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "bailiwick",
            "timestamp": "1701786849",
            "to_ids": true,
            "type": "domain",
            "uuid": "2998baa2-3b2d-4299-b92c-6391d5b2aafe",
            "value": "en-gb-wordpress.org"
          }
        ]
      },
      {
        "comment": "en-gb-wordpress.org: Enriched via the farsight_passivedns module",
        "deleted": false,
        "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
        "first_seen": "2023-12-05T02:34:39+00:00",
        "last_seen": "2023-12-05T03:32:16+00:00",
        "meta-category": "network",
        "name": "passive-dns",
        "template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
        "template_version": "5",
        "timestamp": "1701786849",
        "uuid": "2f9c6547-4254-41ff-9728-c7134cd2f3d8",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "2f9c6547-4254-41ff-9728-c7134cd2f3d8",
            "referenced_uuid": "43af36d1-b96b-4c0b-aa55-0da337eb3f8a",
            "relationship_type": "related-to",
            "timestamp": "1701786849",
            "uuid": "0f5e5185-8176-4365-9aaa-9b13221375c7"
          }
        ],
        "Attribute": [
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rdata",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "738e42dc-8049-41fe-af5c-e659ecb5e0c0",
            "value": "188.114.96.0"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rdata",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "208cdce7-319c-4e72-ad5c-189b62414839",
            "value": "188.114.97.0"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "count",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "counter",
            "uuid": "f27406e2-7452-4dab-9722-c85444a6945c",
            "value": "1"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "time_first",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "datetime",
            "uuid": "6870c368-4f7a-4331-83c8-293a00c6ca46",
            "value": "2023-12-05T02:34:39+00:00"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "time_last",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5b2dd88a-ecf6-49c1-936e-b06eb6295f21",
            "value": "2023-12-05T03:32:16+00:00"
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "rrname",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "44d3034e-f246-4dfb-ad92-5976f98b9be7",
            "value": "en-gb-wordpress.org."
          },
          {
            "category": "Other",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "rrtype",
            "timestamp": "1701786849",
            "to_ids": false,
            "type": "text",
            "uuid": "81f85ced-8848-436b-869d-a6e4c9617492",
            "value": "A"
          },
          {
            "category": "Network activity",
            "comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "bailiwick",
            "timestamp": "1701786849",
            "to_ids": true,
            "type": "domain",
            "uuid": "b45dbb11-e105-49dc-9e02-eb8487c127d1",
            "value": "en-gb-wordpress.org"
          }
        ]
      }
    ]
  }
}