misp-circl-feed/feeds/circl/stix-2.1/b6084bdd-5570-4e1e-965c-c587c9ae1c77.json

310 lines
No EOL
14 KiB
JSON

{
"type": "bundle",
"id": "bundle--b6084bdd-5570-4e1e-965c-c587c9ae1c77",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-06T13:27:45.000Z",
"modified": "2023-12-06T13:27:45.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--b6084bdd-5570-4e1e-965c-c587c9ae1c77",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-06T13:27:45.000Z",
"modified": "2023-12-06T13:27:45.000Z",
"name": "PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin",
"published": "2023-12-06T13:28:14Z",
"object_refs": [
"indicator--1009168e-83c3-48f1-99ca-1dd9aaead647",
"indicator--43af36d1-b96b-4c0b-aa55-0da337eb3f8a",
"x-misp-object--89be2f54-b5a4-4099-8c4a-138ea688675f",
"x-misp-object--add42f59-32d7-44e1-8606-afd42b50d090",
"x-misp-object--2f9c6547-4254-41ff-9728-c7134cd2f3d8",
"relationship--76cb8122-58d5-400b-ba44-56791bb43465",
"relationship--136627ab-eb92-4d4c-aed6-c34a81d84a46"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"tlp:clear"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1009168e-83c3-48f1-99ca-1dd9aaead647",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T14:30:07.000Z",
"modified": "2023-12-05T14:30:07.000Z",
"pattern": "[file:hashes.SHA256 = 'ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T14:30:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--43af36d1-b96b-4c0b-aa55-0da337eb3f8a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T14:30:53.000Z",
"modified": "2023-12-05T14:30:53.000Z",
"pattern": "[domain-name:value = 'en-gb-wordpress.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T14:30:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--89be2f54-b5a4-4099-8c4a-138ea688675f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T14:29:41.000Z",
"modified": "2023-12-05T14:29:41.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/",
"category": "External analysis",
"uuid": "aa454770-7e5f-4a36-9aec-3027b4d7ee1b"
},
{
"type": "text",
"object_relation": "summary",
"value": "The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user\u2019s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a \u201cPatch\u201d plugin and install it.",
"category": "Other",
"uuid": "ff3ea0ed-ad25-47f0-8ffb-52d62c983873"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "b90a4e7c-04e6-4f87-99ed-482bf917a2e7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--add42f59-32d7-44e1-8606-afd42b50d090",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T14:46:38.000Z",
"modified": "2023-12-05T14:46:38.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rdata",
"value": "104.21.91.135",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "0c32b096-3bad-4861-b7e1-a83d722b8543"
},
{
"type": "text",
"object_relation": "rdata",
"value": "172.67.220.234",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "e6fd76fd-52e6-4faa-bcb9-258a13125e93"
},
{
"type": "counter",
"object_relation": "count",
"value": "18",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "285eb4da-db3a-48be-a269-a944db746bac"
},
{
"type": "datetime",
"object_relation": "time_first",
"value": "2023-11-16T00:46:40+00:00",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "60ba032c-6e3a-4abe-bb00-531655568bf0"
},
{
"type": "datetime",
"object_relation": "time_last",
"value": "2023-12-05T03:32:16+00:00",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "ec150c17-317d-44ba-a076-890a2b67c962"
},
{
"type": "text",
"object_relation": "rrname",
"value": "en-gb-wordpress.org.",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"to_ids": true,
"uuid": "9baed676-7223-4efe-9df0-ee976f53d7f5"
},
{
"type": "text",
"object_relation": "rrtype",
"value": "A",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "dce25f21-886c-4a8d-b3f4-a38835c4e46e"
},
{
"type": "domain",
"object_relation": "bailiwick",
"value": "en-gb-wordpress.org",
"category": "Network activity",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"to_ids": true,
"uuid": "2998baa2-3b2d-4299-b92c-6391d5b2aafe"
}
],
"x_misp_comment": "en-gb-wordpress.org: Enriched via the farsight_passivedns module",
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2f9c6547-4254-41ff-9728-c7134cd2f3d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T14:34:09.000Z",
"modified": "2023-12-05T14:34:09.000Z",
"labels": [
"misp:name=\"passive-dns\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "rdata",
"value": "188.114.96.0",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "738e42dc-8049-41fe-af5c-e659ecb5e0c0"
},
{
"type": "text",
"object_relation": "rdata",
"value": "188.114.97.0",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "208cdce7-319c-4e72-ad5c-189b62414839"
},
{
"type": "counter",
"object_relation": "count",
"value": "1",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "f27406e2-7452-4dab-9722-c85444a6945c"
},
{
"type": "datetime",
"object_relation": "time_first",
"value": "2023-12-05T02:34:39+00:00",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "6870c368-4f7a-4331-83c8-293a00c6ca46"
},
{
"type": "datetime",
"object_relation": "time_last",
"value": "2023-12-05T03:32:16+00:00",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "5b2dd88a-ecf6-49c1-936e-b06eb6295f21"
},
{
"type": "text",
"object_relation": "rrname",
"value": "en-gb-wordpress.org.",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "44d3034e-f246-4dfb-ad92-5976f98b9be7"
},
{
"type": "text",
"object_relation": "rrtype",
"value": "A",
"category": "Other",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"uuid": "81f85ced-8848-436b-869d-a6e4c9617492"
},
{
"type": "domain",
"object_relation": "bailiwick",
"value": "en-gb-wordpress.org",
"category": "Network activity",
"comment": "Result from a rrset lookup on DNSDB about the domain name: en-gb-wordpress.org",
"to_ids": true,
"uuid": "b45dbb11-e105-49dc-9e02-eb8487c127d1"
}
],
"x_misp_comment": "en-gb-wordpress.org: Enriched via the farsight_passivedns module",
"x_misp_meta_category": "network",
"x_misp_name": "passive-dns"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--76cb8122-58d5-400b-ba44-56791bb43465",
"created": "2023-12-05T14:34:09.000Z",
"modified": "2023-12-05T14:34:09.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--add42f59-32d7-44e1-8606-afd42b50d090",
"target_ref": "indicator--43af36d1-b96b-4c0b-aa55-0da337eb3f8a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--136627ab-eb92-4d4c-aed6-c34a81d84a46",
"created": "2023-12-05T14:34:09.000Z",
"modified": "2023-12-05T14:34:09.000Z",
"relationship_type": "related-to",
"source_ref": "x-misp-object--2f9c6547-4254-41ff-9728-c7134cd2f3d8",
"target_ref": "indicator--43af36d1-b96b-4c0b-aa55-0da337eb3f8a"
}
]
}