misp-circl-feed/feeds/circl/misp/f66e0cfa-40d1-438c-aa2f-4c95fe4318c5.json

504 lines
No EOL
61 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2021-04-29",
"extends_uuid": "",
"info": "AA21-110A Exploitation of Pulse Connect Secure Vulnerabilities",
"publish_timestamp": "1629872396",
"published": true,
"threat_level_id": "3",
"timestamp": "1629872383",
"uuid": "f66e0cfa-40d1-438c-aa2f-4c95fe4318c5",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Other",
"comment": "Imported from STIX header description",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": false,
"type": "comment",
"uuid": "96882b5d-1d78-45e2-a6a3-c09c09bf38c0",
"value": "This STIX file provides indicators of compromise (IOCs) associated with malicious activity reported in CISA Analysis Report, AA21-110A Exploitation of Pulse Connect Secure Vulnerabilities."
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "f144b7db-d6e3-48d4-a65f-b0c7c084d7a6",
"value": "c12f54a3f91dc7bafd92cb59fe009a35"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "7fdd5ed8-5cfa-47e7-8722-bd97234b0003",
"value": "b592adaa596bb72a5c1ccdbecae52e3f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "83791d2b-bec6-4013-b273-83fa0375cb8f",
"value": "af26ba5e85475b634275141e6ed3dc54"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "b0ac5c18-3c6c-4cd7-bb79-557051e4fd64",
"value": "a29d0d294a6236b5bf0ec2573dd4f02f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "29282a4c-fabd-4a29-88dd-5282a31ac36c",
"value": "916e458922ae9a1bab6b1154689c7de7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "b48f43e8-d2ad-48a2-b7fd-47f4147fece5",
"value": "8f6747b71d1003df1b7e3e8232b1a7e3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "49924195-b902-4115-b622-ee8eb7cb8f48",
"value": "86cb13d6bbb3ac96b78b408bcfc18794"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "e702bccd-7ed3-4371-af93-cf5ae0d93201",
"value": "714cdf6e462870e2b85d251a3b22064b"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "c4141a8d-0b9b-4b86-bc13-3ae15da35afb",
"value": "53829d58e2631a372bb4de1be2cbecca"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "02475125-7b46-46bd-b6f4-5816c6a6d00c",
"value": "3cbc88eabdac9af71445f9040a6cf46c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "47547f5e-6db7-4e51-8a5a-337044d0f46a",
"value": "30017f6f809155387cbcf95be6e7225d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "29ad8b01-b581-4d86-b1a1-b3524a89d71a",
"value": "227ab2ae6ed6abcc249e8a873a033144"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "filename|md5",
"uuid": "0ddaba82-7a7c-4dae-a1c2-2023698c9392",
"value": "Secid_canceltoken.cgi|f2beca612db26d771fe6ed7a87f48a5a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "filename|md5",
"uuid": "1349097a-11e1-49ea-89b1-d1768796b153",
"value": "Licenseserverproto.cgi|9b526db005ee8075912ca6572d69a5d6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1629872356",
"to_ids": true,
"type": "filename|md5",
"uuid": "3db1352e-26f4-4e84-888c-153780e0c04d",
"value": "DSUpgrade.pm|4d5b410e1756072a701dfd3722951907"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629872356",
"uuid": "bf65bca7-9f39-4b5f-a33c-0a38d3b3103f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "a4cf2832-d159-4a84-8dcc-2ebf7e190574",
"value": "8c291ad2d50f3845788bc11b2f603b4a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha1",
"uuid": "f553cd8f-079f-4f56-8903-cf997d3b5b61",
"value": "12f6cce33a618b32f4d5a74a93b54176d436ded9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha256",
"uuid": "ee145c47-e91e-4dc1-9e6d-f499ac2af4cc",
"value": "c445cab266549820d54168cb8e5078811d574682edce7edb973b3d833128f4e3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1629872356",
"to_ids": true,
"type": "ssdeep",
"uuid": "9dbd1066-a88d-4155-ac33-3ffdf34cfda8",
"value": "192:5zwJNuIYj7rcCOk1QrhMeWyOUV9AWojcZiOQiQsfinnoK9Cih1pa+7yiwChm:5zwJwrXWOUV9AWojoiOucCQ"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1629872356",
"to_ids": true,
"type": "filename",
"uuid": "2fa79fd4-052f-4369-a018-ca6be2de50cf",
"value": "healthcheck.cgi"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1629872356",
"to_ids": true,
"type": "size-in-bytes",
"uuid": "85ff5a3e-2758-47c1-88c8-b9abc4b2a694",
"value": "9272"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629872356",
"uuid": "f8b489b6-a7e6-4f27-99d6-6acc60aa0d97",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "47f5c252-b7cc-4b87-a0e2-6a3cd5cb424f",
"value": "ca0175d86049fa7c796ea06b413857a3"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha1",
"uuid": "f32fd4df-e473-44a1-9e78-abf5b182c590",
"value": "9c4c9d951aa235ed640ce711fbf1810eeb160191"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha256",
"uuid": "4d1c3603-6acd-4429-b086-938f6c1dcf96",
"value": "f2b1bd703c3eb05541ff84ec375573cbdc70309ccb82aac04b72db205d718e90"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1629872356",
"to_ids": true,
"type": "ssdeep",
"uuid": "c2d4dd7d-4e26-4b3a-b9e6-ce55084c0c3b",
"value": "192:iAamVz3fzvBk5oFblLPBN1iXf2bCRErwyN4aEbwyiNwyiQwNeDAi4XMG:iAamVzfzvBTFblLpN1iXOYpyuapyiWym"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1629872356",
"to_ids": true,
"type": "filename",
"uuid": "bd2e1e3e-511b-40c7-b995-eb6a514c8b8d",
"value": "compcheckresult.cgi"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1629872356",
"to_ids": true,
"type": "size-in-bytes",
"uuid": "a0e3136c-bb11-49c3-99af-15e4bb8f4a57",
"value": "6515"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1629872356",
"uuid": "0b41896c-371b-4531-8259-3af57cac4902",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1629872356",
"to_ids": true,
"type": "md5",
"uuid": "3258e5ed-61b6-48c8-8444-f490e245cdb9",
"value": "56e2a1566c7989612320f4ef1669e7d5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha1",
"uuid": "8323ae38-c6a9-43d3-8170-117fbff87f57",
"value": "161ba1ddb8069cf1f0f0a31c81113ca264fae49a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1629872356",
"to_ids": true,
"type": "sha256",
"uuid": "0d022953-29d1-4ce0-8659-3d94cf279ada",
"value": "e9df4e13131c95c75ca41a95e08599b3d480e5e7a7922ff0a3fa00bef3bd6561"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1629872356",
"to_ids": true,
"type": "ssdeep",
"uuid": "985e0c50-6706-4f90-acfe-1ea8e9f75fca",
"value": "768:ifTsQR8rYZ8HPGK9P9pHfHq/RgktsBOBxrce/6ZRc7egTxR7zx/yQ8AVHj9KqTcE:nzDc6x6/J7/TPhaQ8AVHj9vTcGGP0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1629872356",
"to_ids": true,
"type": "filename",
"uuid": "77925949-3704-4fc0-bbd1-755972f8e14e",
"value": "login.cgi"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Object describing the original file used to import data in MISP.",
"meta-category": "file",
"name": "original-imported-file",
"template_uuid": "4cd560e9-2cfe-40a1-9964-7b2e797ecac5",
"template_version": "2",
"timestamp": "1629872356",
"uuid": "f42c374b-5837-412e-9531-dcc44fad39b1",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"data": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "imported-sample",
"timestamp": "1629872356",
"to_ids": false,
"type": "attachment",
"uuid": "4c047f8e-a0f5-4a35-a47f-ac2695e257f2",
"value": "AA21-110A.xml"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "format",
"timestamp": "1629872356",
"to_ids": false,
"type": "text",
"uuid": "1ef6d70d-922e-472d-b045-bc12e04a1911",
"value": "STIX 1.1"
}
]
}
]
}
}