misp-circl-feed/feeds/circl/misp/a52a070a-6925-41ea-94d8-56f0d85dc268.json

472 lines
No EOL
14 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2022-07-12",
"extends_uuid": "",
"info": "An Analysis of Infrastructure linked to the Hagga Threat Actor",
"publish_timestamp": "1683880713",
"published": true,
"threat_level_id": "2",
"timestamp": "1683880646",
"uuid": "a52a070a-6925-41ea-94d8-56f0d85dc268",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"",
"relationship_type": ""
},
{
"colour": "#542f20",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "cbead78b-f2b6-4279-9f9b-760420d366ab",
"value": "103.151.122.110"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "df26f1d2-1e2d-480c-946c-69f4e3f0d617",
"value": "72.11.157.208"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "158e7dbc-fd60-4031-a302-26097b8e5d8c",
"value": "192.154.226.47"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "46c1065d-66f2-4ccb-bbf3-1459eec881cf",
"value": "64.188.21.227"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "324ce2c6-7e04-44ec-9325-82b5225a8101",
"value": "72.11.143.125"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "4e6dc86f-c996-4c8f-a550-ee15bac5f7f3",
"value": "72.11.143.47"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "72216c98-e591-4d6b-8d48-82762ddb0627",
"value": "207.32.217.137"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "22e8ab53-be66-4b46-9c57-294a65ba2fb2",
"value": "194.31.98.108"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "aa88e877-b1ba-4ec1-947b-c2d206dd9080",
"value": "103.133.105.61"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "cba90e06-b842-4ab4-88a7-79367207d0a5",
"value": "78.138.105.142"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "1f35f404-9f60-47dc-81ea-45edcef1e5ef",
"value": "103.153.77.98"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "314039bb-5998-48e4-9fda-366c65db0b22",
"value": "69.174.99.181"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "64aa2a2d-e351-4b48-9672-3a8e75bcb275",
"value": "161.129.64.49"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "73dd3d56-9652-4d7b-b5f9-8ad6d153731a",
"value": "155.94.209.50"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "fddf65bc-c9d4-4ee6-b05d-09ba4fb80dec",
"value": "64.188.27.104"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879655",
"to_ids": true,
"type": "ip-dst",
"uuid": "3129cd28-319d-4dc2-9463-1d31a8765ea4",
"value": "64.188.20.198"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "1820bf2f-6410-4830-8672-ed85eb2532d1",
"value": "mobibagugu.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "6d25aa36-58a8-4777-81bb-bfe23b687d20",
"value": "mobibanewdan.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "96ee6d7b-1203-4ae0-a32c-a434d9d27adb",
"value": "mohbeebnew.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "1c51ef63-4dfb-4cda-a671-07e4a69ad04a",
"value": "mubbibun.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "14363f7a-3cb3-4a28-906d-f6b23fe733a4",
"value": "cdec22.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "c6b8a7a9-6bd0-471f-9041-acb3d06dd018",
"value": "vncgoga.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "fc0bf391-fa33-44be-8ea5-6be15d45e663",
"value": "bakuzamokala.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "20cbb332-3782-46b6-877c-70d333be8b7d",
"value": "warnonmobina.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "766f6112-f59c-476b-b1f4-d48fa6239f0d",
"value": "abotherrdpajq.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "e06a5dc4-7e23-4a7c-bed7-8c5df6f2cce8",
"value": "mobinomomuam.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "domain",
"uuid": "8cb4bf09-5189-40bd-922e-f8751d0fe54b",
"value": "workflowstatus.live"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "domain",
"uuid": "b0e5b109-770c-42f6-9dfe-7fe1f369ffc4",
"value": "heavy-dutyindustry.shop"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "6e1db3ae-4cbf-46fa-94ce-5ee82155a3aa",
"value": "microsoftiswear.duckdns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "dfdd3cf2-4e94-4cdf-8a70-2e54e31ebc43",
"value": "update.newbotv4.monster"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "domain",
"uuid": "ed8cbf47-92ea-45bf-a96d-7c11023c7818",
"value": "newbotv4.monster"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1683879731",
"to_ids": true,
"type": "hostname",
"uuid": "a43ec7e2-60be-4549-a138-b844baaa16eb",
"value": "bot.statusupdate.one"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "7",
"timestamp": "1683879634",
"uuid": "56e527ae-8733-430e-8a6d-ec5f5b0c7cc8",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1683879634",
"to_ids": false,
"type": "link",
"uuid": "e2725b60-e687-4516-991a-9bb20e24b0c3",
"value": "https://www.team-cymru.com/post/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1683879634",
"to_ids": false,
"type": "text",
"uuid": "88556307-b345-4a83-b55a-091ad1bed69c",
"value": "An Analysis of Infrastructure linked to the Hagga Threat Actor\r\nSummary\r\n\r\nAs this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future threats. A well resourced team with access to the right tools can monitor changes to adversary infrastructure in real time, discoveries can become strategic advantages when fully exploited. This blog is geared towards the practitioner threat hunters and threat researchers, anyone reading this with the bottomline in mind should take a look at our economic study here first."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1683879634",
"to_ids": false,
"type": "text",
"uuid": "89b0ee8b-f0ac-448b-8c3a-ca38b78b9af3",
"value": "Blog"
}
]
}
]
}
}