adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/b6a0d910-69ae-463d-80a8-1f84839a2514.json

747 lines
No EOL
25 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2021-08-17",
"extends_uuid": "",
"info": "Nanocore 20210816",
"publish_timestamp": "1629204289",
"published": true,
"threat_level_id": "3",
"timestamp": "1629204277",
"uuid": "b6a0d910-69ae-463d-80a8-1f84839a2514",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:malpedia=\"Nanocore RAT\"",
"relationship_type": ""
},
{
"colour": "#054100",
"local": false,
"name": "misp-galaxy:tool=\"NanoCoreRAT\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203718",
"to_ids": true,
"type": "hostname",
"uuid": "5fe0a2c9-529a-463d-bdf1-ce9810a326a1",
"value": "coc88.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203718",
"to_ids": true,
"type": "hostname",
"uuid": "f664f99d-7c72-43f8-978e-b37728009b2e",
"value": "torok1111112.ddns.net"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "1d6fc8a1-543c-4e88-bdb1-cc881073ef5a",
"value": "2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "b7a87190-e31c-49f4-a48a-17a28d9e387e",
"value": "060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "0204068e-f994-45b0-9ee1-82075c844cfe",
"value": "ec958c2d48c6719238780878d1621b8af18c4b65"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "bceb056d-02a2-4d20-8805-274c2176302e",
"value": "716c942e237ebe40e5e0bf443bf2128e5a883197"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "41496714-768e-4cec-8863-ed1478fc5ba6",
"value": "d915f9f8421aa34dfd88d1595249f954"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "98127c27-a87e-4d7d-97ce-86933ccbe785",
"value": "cab3529dc19b4c630163a24759125fd7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "7b6fbd55-6968-4d0a-97c6-cf59b2793d09",
"value": "afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "2c6ff02d-d040-4b06-906f-9a12052e1e0e",
"value": "67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "4",
"timestamp": "1629203805",
"uuid": "691b9653-eeb4-4e37-813c-615d479136f2",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1629203805",
"to_ids": false,
"type": "link",
"uuid": "65d659ce-c79b-486f-ac9e-aad1da028ee6",
"value": "https://otx.alienvault.com/pulse/611ba6128fe8c7c18b06861f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1629203805",
"to_ids": false,
"type": "text",
"uuid": "4873e17e-8594-4331-94c8-69f04a44bc90",
"value": "Report"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629203900",
"uuid": "952d82ff-7ba8-4518-84fb-ca5532b2bf11",
"ObjectReference": [
{
"comment": "",
"object_uuid": "952d82ff-7ba8-4518-84fb-ca5532b2bf11",
"referenced_uuid": "be08969d-fac1-4f76-b6bc-a1c79350a375",
"relationship_type": "analysed-with",
"timestamp": "1629203904",
"uuid": "c2dc1d33-5b7b-4aa7-8d85-d51808c36121"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "c8a957d2-cfc4-4b93-b355-283b4ce3ce35",
"value": "d915f9f8421aa34dfd88d1595249f954"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "e442a7c8-57af-4536-85f2-01c54f9d7905",
"value": "ec958c2d48c6719238780878d1621b8af18c4b65"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "2f6b87ea-237b-48e7-bfc5-ba0177bf2c52",
"value": "060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1629203900",
"uuid": "be08969d-fac1-4f76-b6bc-a1c79350a375",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-submission",
"timestamp": "1629203773",
"to_ids": false,
"type": "datetime",
"uuid": "d5778aa6-c074-44ec-9ca7-e1a05a3fd2c7",
"value": "2021-08-14T23:15:37+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1629203773",
"to_ids": false,
"type": "link",
"uuid": "873c9e6f-b87d-4f6c-b4fb-b382279e7869",
"value": "https://www.virustotal.com/gui/file/060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73/detection/f-060dc5124e4d0f8869856b52016cbed32339b8ac456b8cb5fea50f628961fc73-1628982937"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1629203773",
"to_ids": false,
"type": "text",
"uuid": "c817e8d0-2681-4626-b8a5-26034b3083fe",
"value": "56/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629203900",
"uuid": "6f98c9e8-8a06-417f-af9e-c5e33fda7f1f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "6f98c9e8-8a06-417f-af9e-c5e33fda7f1f",
"referenced_uuid": "d05559b0-7b96-4f69-804d-1d31b20faafa",
"relationship_type": "analysed-with",
"timestamp": "1629203904",
"uuid": "254390a1-afe8-497f-b142-3b569766bcea"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "57e54783-e496-4931-a9bf-96197d5df12f",
"value": "cab3529dc19b4c630163a24759125fd7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "03af482c-7521-44e4-a9db-5efa3a055c94",
"value": "716c942e237ebe40e5e0bf443bf2128e5a883197"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "4946ac19-f9ec-45f7-b774-7e328dea3cc1",
"value": "2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1629203900",
"uuid": "d05559b0-7b96-4f69-804d-1d31b20faafa",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-submission",
"timestamp": "1629203773",
"to_ids": false,
"type": "datetime",
"uuid": "d8b8fa9c-d29b-43cf-814d-cb35cc093819",
"value": "2021-08-15T19:04:24+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1629203773",
"to_ids": false,
"type": "link",
"uuid": "5d2d3405-9efa-4ddb-93b3-185b2119ffe4",
"value": "https://www.virustotal.com/gui/file/2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f/detection/f-2a2c0a635beba215a9e3f21c398d684dc1d2ad487356e29140247b14f2c6838f-1629054264"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1629203773",
"to_ids": false,
"type": "text",
"uuid": "75c51767-eda2-48ae-9839-0899f7dd20ab",
"value": "55/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629203901",
"uuid": "7774835c-4f7f-49bd-8bc4-d45323247df8",
"ObjectReference": [
{
"comment": "",
"object_uuid": "7774835c-4f7f-49bd-8bc4-d45323247df8",
"referenced_uuid": "ecaaa472-1599-4a58-b1ef-f5f6b318fb20",
"relationship_type": "analysed-with",
"timestamp": "1629203905",
"uuid": "1d16b4d0-f0e2-4c9e-ab16-11a29d874acf"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "c4cc9c6e-565e-463c-8ad3-ad6dab49ca6c",
"value": "0ff932908a4201a1c0a27db317321e1c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "ed35a6fc-dc0e-4dcf-b545-d19a79c18ed0",
"value": "511e815032cfeec9706117436c6bfdc9e974e4df"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "9f2929b3-fa6f-4957-a80f-c74fa7a0d16a",
"value": "67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1629203902",
"uuid": "ecaaa472-1599-4a58-b1ef-f5f6b318fb20",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-submission",
"timestamp": "1629203773",
"to_ids": false,
"type": "datetime",
"uuid": "50179a94-1afe-4b10-94b2-17d4e048a618",
"value": "2021-08-17T01:10:57+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1629203773",
"to_ids": false,
"type": "link",
"uuid": "7c2c183a-dcaa-4590-9bdb-28d540697bb0",
"value": "https://www.virustotal.com/gui/file/67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73/detection/f-67b695b139106a73c333aa2fdd0f08ae160ff5ee38d843cb9999146ad605da73-1629162657"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1629203773",
"to_ids": false,
"type": "text",
"uuid": "fc3d84a1-1144-4e3d-bc89-25bd85f87d88",
"value": "35/70"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629203902",
"uuid": "491b2ed4-78ea-4b29-afad-103e9f3ebf07",
"ObjectReference": [
{
"comment": "",
"object_uuid": "491b2ed4-78ea-4b29-afad-103e9f3ebf07",
"referenced_uuid": "4af9b009-2178-4c95-aaa7-56f231e4052d",
"relationship_type": "analysed-with",
"timestamp": "1629203905",
"uuid": "0d0d623c-32cd-43a2-9a96-3ed06f739477"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629203773",
"to_ids": true,
"type": "md5",
"uuid": "2f7b1687-2c5e-43cf-8729-adfc6bf4909e",
"value": "9bdfa3add2456a5efccabdad1343fa70"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha1",
"uuid": "666b367a-456a-48ee-b7db-30e24f5d5424",
"value": "02a34db66b361e9cb326f32d6e8f71f1cd284b68"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629203773",
"to_ids": true,
"type": "sha256",
"uuid": "f5edb02c-1ac0-4e08-ab9d-b13dd08d0bf0",
"value": "afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "4",
"timestamp": "1629203903",
"uuid": "4af9b009-2178-4c95-aaa7-56f231e4052d",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-submission",
"timestamp": "1629203773",
"to_ids": false,
"type": "datetime",
"uuid": "0c1866c0-8a38-4065-9cbd-6d1911176ce1",
"value": "2021-08-16T14:55:59+00:00"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "permalink",
"timestamp": "1629203773",
"to_ids": false,
"type": "link",
"uuid": "b641bd56-f3f7-437d-825e-0130676151a8",
"value": "https://www.virustotal.com/gui/file/afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05/detection/f-afdcfeac16d321fef57c2aae9b001952544a53fc785ba78a6ad794a81bef0c05-1629125759"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1629203773",
"to_ids": false,
"type": "text",
"uuid": "17fd4f40-6ac2-416d-91a8-2b10001962da",
"value": "34/69"
}
]
},
{
"comment": "torok1111112.ddns.net: Enriched via the farsight_passivedns module",
"deleted": false,
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
"first_seen": "2021-08-17T04:15:12+00:00",
"last_seen": "2021-08-17T04:15:12+00:00",
"meta-category": "network",
"name": "passive-dns",
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
"template_version": "3",
"timestamp": "1629204035",
"uuid": "2735f53e-0789-4e37-aba1-ec69432d5be7",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2735f53e-0789-4e37-aba1-ec69432d5be7",
"referenced_uuid": "f664f99d-7c72-43f8-978e-b37728009b2e",
"relationship_type": "related-to",
"timestamp": "1629204004",
"uuid": "724e140e-327e-468d-882e-4259cd6516aa"
}
],
"Attribute": [
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": false,
"object_relation": "rdata",
"timestamp": "1629204035",
"to_ids": true,
"type": "text",
"uuid": "ce780277-1f91-474f-925d-46ce6d9e5324",
"value": "86.125.138.162"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": true,
"object_relation": "count",
"timestamp": "1629204003",
"to_ids": false,
"type": "counter",
"uuid": "3592cfeb-a2d7-409e-9fdc-fe43d259edb7",
"value": "1"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_first",
"timestamp": "1629204003",
"to_ids": false,
"type": "datetime",
"uuid": "a6c8bc85-7c31-4323-8d3c-dc334af7d25a",
"value": "2021-08-17T04:15:12+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": true,
"object_relation": "time_last",
"timestamp": "1629204003",
"to_ids": false,
"type": "datetime",
"uuid": "2ad3f979-e163-4ac7-be91-df63246ffdfa",
"value": "2021-08-17T04:15:12+00:00"
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": false,
"object_relation": "rrname",
"timestamp": "1629204003",
"to_ids": false,
"type": "text",
"uuid": "929f0a46-9f0a-43f5-9eed-80309941123c",
"value": "torok1111112.ddns.net."
},
{
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": true,
"object_relation": "rrtype",
"timestamp": "1629204003",
"to_ids": false,
"type": "text",
"uuid": "b239a327-5646-485a-a586-06fc86a3b49d",
"value": "A"
},
{
"category": "Network activity",
"comment": "Result from a rrset lookup on DNSDB about the hostname: torok1111112.ddns.net",
"deleted": false,
"disable_correlation": true,
"object_relation": "bailiwick",
"timestamp": "1629204029",
"to_ids": false,
"type": "domain",
"uuid": "cb30f6bb-1a01-4bf4-bee7-fda9eab45ac9",
"value": "ddns.net"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink