{ "Event": { "analysis": "2", "date": "2023-03-29", "extends_uuid": "", "info": "[Threat Intel] Spyware vendors use 0-days and n-days against popular platforms", "protected": false, "publish_timestamp": "1780040128", "published": true, "threat_level_id": "2", "timestamp": "1772902024", "uuid": "d321cbcb-6d1a-4cc6-bb06-ba5e9e9437da", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": "" }, { "colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784673", "to_ids": false, "type": "link", "uuid": "2888c7cd-acf8-44d1-8796-144f2f383578", "value": "https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784684", "to_ids": false, "type": "vulnerability", "uuid": "c171b5a3-6846-413b-a448-713d10313b65", "value": "CVE-2022-42856" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784684", "to_ids": false, "type": "vulnerability", "uuid": "bfac17f8-449d-40f0-ac0f-6be16ee0bfa3", "value": "CVE-2022-4135" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784697", "to_ids": false, "type": "vulnerability", "uuid": "2e378a5c-7e6b-4150-bbb5-94ce30f23884", "value": "CVE-2021-30900" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784705", "to_ids": false, "type": "vulnerability", "uuid": "c290f8c8-e360-4ce9-b8e0-b949dc8c3038", "value": "CVE-2022-3723" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784705", "to_ids": false, "type": "vulnerability", "uuid": "c6e6504d-0d3f-4b28-aa97-6353811632ba", "value": "CVE-2022-38181" }, { "category": "Network activity", "comment": "landing page", "deleted": false, "disable_correlation": false, "timestamp": "1747023212", "to_ids": true, "type": "url", "uuid": "1c6fd615-ce2d-4896-97f4-12dfa24a9467", "value": "https://cdn.cutlink.site/p/uu6ekt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Android exploit chain", "deleted": false, "disable_correlation": false, "timestamp": "1747023233", "to_ids": true, "type": "url", "uuid": "aed7057b-2199-4864-b1c7-ded4387d5262", "value": "https://api.cutlink.site/api/s/N0NBL8/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "iOS exploit chain", "deleted": false, "disable_correlation": false, "timestamp": "1747023254", "to_ids": true, "type": "url", "uuid": "b596ca49-b928-49f9-883c-6ef18403e1a8", "value": "https://api.cutlink.site/api/s/3PU970/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "exploit delivery server", "deleted": false, "disable_correlation": false, "timestamp": "1747023274", "to_ids": true, "type": "url", "uuid": "0547e8f6-ea81-4553-8e2a-206bbf4c1667", "value": "https://imjustarandomsite.3utilities.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "10dd43b2-ad53-40ee-8997-5a19b33861e8", "value": "CVE-2022-4262" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "1cb95aa5-9a12-4b6c-bbd5-9798533499b8", "value": "CVE-2023-0266" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "09dc2545-7d1b-4fe3-b5eb-1e27add535ca", "value": "CVE-2022-1134" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "c7bf608c-21a2-4c16-9f14-280680f9e172", "value": "CVE-2022-3038" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "80b637ed-ef24-4edb-b722-33ea86521af8", "value": "CVE-2022-22706" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "b551e7b0-12c2-48b9-a8ee-efe7338662e2", "value": "CVE-2023-26083" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740784760", "to_ids": false, "type": "vulnerability", "uuid": "30840fa9-56fc-4b93-bfb9-01ae79eee781", "value": "CVE-2023-21492" }, { "category": "Network activity", "comment": "landing page and exploit delivery", "deleted": false, "disable_correlation": false, "timestamp": "1747023295", "to_ids": true, "type": "hostname", "uuid": "4a24ce4b-1432-4ceb-bbea-1652e104b334", "value": "www.sufficeconfigure.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "malware C2", "deleted": false, "disable_correlation": false, "timestamp": "1747023316", "to_ids": true, "type": "hostname", "uuid": "add6b934-f343-4bb3-8053-93645e44c40a", "value": "www.anglesyen.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }