adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/d4766c50-0269-4cda-acea-850ea4fdb198.json

356 lines
No EOL
15 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--d4766c50-0269-4cda-acea-850ea4fdb198",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-24T09:46:38.000Z",
"modified": "2022-10-24T09:46:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--d4766c50-0269-4cda-acea-850ea4fdb198",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-24T09:46:38.000Z",
"modified": "2022-10-24T09:46:38.000Z",
"name": "Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134",
"published": "2022-10-24T09:46:56Z",
"object_refs": [
"indicator--4cbe3026-379e-43e7-89ce-ba08ed0bcf76",
"indicator--a5b7f457-b85c-4ceb-a8ce-1f3b653a3a66",
"indicator--646bcbe5-10a3-4bd5-b52e-6608be4ced00",
"indicator--caf56edd-20b9-4fae-ada7-43e979f55650",
"indicator--6d726652-bae4-4c18-a2d6-b9193ec6172d",
"indicator--7d8e361a-5752-4f4b-ab62-da4d626e8113",
"x-misp-object--68ea0702-5482-4dc6-bb9b-c7ee42e24f88",
"vulnerability--94ad2c57-e806-4bc4-8d35-82656f7c879e",
"indicator--e660021e-01d4-42b5-b46c-77e4fa89c50d",
"indicator--1b1f9efe-f9ef-435a-8877-d87132ce36a5",
"indicator--104829a9-42bc-4f65-a0cb-1a0ad5cc8729",
"indicator--f02dc5ba-1544-42ca-9a5a-291927cca971"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:malpedia=\"Kinsing\"",
"misp-galaxy:mitre-malware=\"Kinsing - S0599\"",
"misp-galaxy:threat-actor=\"Kinsing\"",
"misp-galaxy:cryptominers=\"Hezb\"",
"misp-galaxy:threat-actor=\"Hezb\"",
"misp-galaxy:botnet=\"Dark.IoT\"",
"misp-galaxy:malpedia=\"Dark\"",
"\tmalware_classification:malware-category=\"Botnet\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4cbe3026-379e-43e7-89ce-ba08ed0bcf76",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:44:05.000Z",
"modified": "2022-09-13T13:44:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.247.43.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a5b7f457-b85c-4ceb-a8ce-1f3b653a3a66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:44:05.000Z",
"modified": "2022-09-13T13:44:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.217.229.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--646bcbe5-10a3-4bd5-b52e-6608be4ced00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:44:05.000Z",
"modified": "2022-09-13T13:44:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.243.19.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--caf56edd-20b9-4fae-ada7-43e979f55650",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:44:05.000Z",
"modified": "2022-09-13T13:44:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.16.114.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d726652-bae4-4c18-a2d6-b9193ec6172d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:44:05.000Z",
"modified": "2022-09-13T13:44:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.36.144.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d8e361a-5752-4f4b-ab62-da4d626e8113",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:47:30.000Z",
"modified": "2022-09-13T13:47:30.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.76.157.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:47:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--68ea0702-5482-4dc6-bb9b-c7ee42e24f88",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T11:46:36.000Z",
"modified": "2022-09-13T11:46:36.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/",
"category": "External analysis",
"uuid": "2a6e251d-8098-4c55-b905-1a78c839dfd1"
},
{
"type": "text",
"object_relation": "summary",
"value": "Details regarding the recent Confluence OGNL (CVE-2022-26134) exploit were released to the public on June 3rd 2022. Shortly following this, Lacework Labs began seeing multiple attacks in the wild from both uncategorized and named threats. While this was expected, there appears to be more widespread exploitation of CVE-2022-26134 compared to previous Confluence vulnerabilities.",
"category": "Other",
"uuid": "cf625c35-4682-4b13-b077-3323a0a3544c"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "2dad185a-880c-47a2-beb4-bdf4503dd0d7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--94ad2c57-e806-4bc4-8d35-82656f7c879e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:00:56.000Z",
"modified": "2022-09-13T13:00:56.000Z",
"name": "CVE-2022-26134",
"labels": [
"misp:name=\"vulnerability\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2022-26134"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e660021e-01d4-42b5-b46c-77e4fa89c50d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:41:52.000Z",
"modified": "2022-09-13T13:41:52.000Z",
"pattern": "[domain-name:value = 'tempest.lib' AND domain-name:resolves_to_refs[*].value = '62.4.23.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:41:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1b1f9efe-f9ef-435a-8877-d87132ce36a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:52:00.000Z",
"modified": "2022-09-13T13:52:00.000Z",
"pattern": "[domain-name:value = 'dragon.lib' AND domain-name:resolves_to_refs[*].value = '193.70.30.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:52:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--104829a9-42bc-4f65-a0cb-1a0ad5cc8729",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:55:05.000Z",
"modified": "2022-09-13T13:55:05.000Z",
"pattern": "[domain-name:value = 'blacknurse.lib' AND domain-name:resolves_to_refs[*].value = '5.206.227.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:55:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f02dc5ba-1544-42ca-9a5a-291927cca971",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-09-13T13:58:04.000Z",
"modified": "2022-09-13T13:58:04.000Z",
"pattern": "[domain-name:value = 'babaroga.lib' AND domain-name:resolves_to_refs[*].value = '203.0.113.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-09-13T13:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink