2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2013-02-08",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT Adobe Zero-day Used in LadyBoyle Attack blog post by Symantec",
|
|
|
|
"publish_timestamp": "1415890076",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "2",
|
|
|
|
"timestamp": "1415874584",
|
|
|
|
"uuid": "546481a0-fc90-4aa4-8508-4a68950d210b",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#33FF00",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:green",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415872940",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "546481ac-fbc4-43b5-b8a1-4e92950d210b",
|
|
|
|
"value": "http://www.symantec.com/connect/blogs/adobe-zero-day-used-ladyboyle-attack"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415872952",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "546481b8-b910-42cc-8be7-4761950d210b",
|
|
|
|
"value": "LadyBoyle"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415872965",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "comment",
|
|
|
|
"uuid": "546481c5-f1dc-4fcf-93f1-e5f1950d210b",
|
|
|
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415872995",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "vulnerability",
|
|
|
|
"uuid": "546481e3-0f90-46c1-91c1-4ce9950d210b",
|
|
|
|
"value": "CVE-2013-0634"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Link in original Symantec page. Not working anymore.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415873198",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "54648248-0040-4104-9f56-44f2950d210b",
|
|
|
|
"value": "http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415873096",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "54648248-cc04-414e-a1ee-4249950d210b",
|
|
|
|
"value": "http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874340",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "54648724-036c-4c89-97b0-46cc950d210b",
|
|
|
|
"value": "Bloodhound.Flash.19"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874340",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "54648724-a2a8-4413-b22e-4df4950d210b",
|
|
|
|
"value": "Bloodhound.Flash.20"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874394",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5464875b-de3c-4891-954d-45bd950d210b",
|
|
|
|
"value": "Trojan.Mdropper"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874395",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5464875b-068c-4a32-bb0d-4d0d950d210b",
|
|
|
|
"value": "Trojan.Swifi"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874395",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "5464875b-e3f4-4e22-9461-48f2950d210b",
|
|
|
|
"value": "Backdoor.Boda"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874444",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "5464878c-a8c4-4e30-8aac-4c56950d210b",
|
|
|
|
"value": "ieee.boeing-job.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-82ac-4d61-ab31-43f6950d210b",
|
|
|
|
"value": "369p.mail-signin.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-cbdc-47ef-8691-41c3950d210b",
|
|
|
|
"value": "bm1k8.4pu.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-14cc-4247-9b47-4710950d210b",
|
|
|
|
"value": "cti.moobesring.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-d68c-4f45-8b69-4031950d210b",
|
|
|
|
"value": "domcon.microtrendsoft.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-04ac-4b46-b669-4182950d210b",
|
|
|
|
"value": "engage.intelfox.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-8728-4f29-b861-457f950d210b",
|
|
|
|
"value": "funny.greenitenergy.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-6178-49e4-953e-4dc7950d210b",
|
|
|
|
"value": "i0i0i.3322.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874487",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b7-7904-4f08-a38c-4ade950d210b",
|
|
|
|
"value": "krjregh.sacreeflame.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-17f0-48e2-b367-4fe7950d210b",
|
|
|
|
"value": "lol.dns-lookup.us"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-c8a0-45ad-a428-401e950d210b",
|
|
|
|
"value": "lywja.healthsvsolu.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-36fc-4db2-b188-460c950d210b",
|
|
|
|
"value": "matrix.linkerservices.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-df14-48e7-a97a-4a8a950d210b",
|
|
|
|
"value": "mx.dns221.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-09d4-49a6-a7e2-49f6950d210b",
|
|
|
|
"value": "piping.no-ip.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-fb70-4b90-b13d-419b950d210b",
|
|
|
|
"value": "ru.pad62.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-e7b8-46b6-b030-45d9950d210b",
|
|
|
|
"value": "stmp.allshell.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-6ef8-45be-b149-4e34950d210b",
|
|
|
|
"value": "support.icoredb.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-d0f8-44a0-925e-4d49950d210b",
|
|
|
|
"value": "svr01.passport.serveuser.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-0610-4df9-9689-4642950d210b",
|
|
|
|
"value": "ukupdate.masteradvz.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-ef30-441a-977c-4ea0950d210b",
|
|
|
|
"value": "update.mysq1.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-1ec4-444a-a8f0-4dbd950d210b",
|
|
|
|
"value": "update.updates.mefound.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-3e3c-4ee9-9018-429e950d210b",
|
|
|
|
"value": "update1.mysq1.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-fdf4-481e-87b9-493b950d210b",
|
|
|
|
"value": "update3.effers.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-6d34-4a88-aac3-4c71950d210b",
|
|
|
|
"value": "updatedns.itemdb.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874488",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "546487b8-f194-40b8-80d6-420d950d210b",
|
|
|
|
"value": "updatedns.serveuser.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874546",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "546487f2-9190-488f-9642-468d950d210b",
|
|
|
|
"value": "3de314089db35af9baaeefc598f09b23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874546",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "546487f2-ddec-465b-b0ad-46cc950d210b",
|
|
|
|
"value": "2568615875525003688839cb8950aeae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415874584",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "user-agent",
|
|
|
|
"uuid": "54648818-d770-495e-9995-4be9950d210b",
|
|
|
|
"value": "lynx"
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|