adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/559e36b0-e924-4c3d-b7a0-4a74950d210b.json

770 lines
22 KiB
JSON
Raw Permalink Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2015-07-09",
"extends_uuid": "",
"info": "OSINT expansion on OSINT - Ding! Your RAT has been delivered by Cisco Talos",
"publish_timestamp": "1436452977",
"published": true,
"threat_level_id": "4",
"timestamp": "1436432248",
"uuid": "559e36b0-e924-4c3d-b7a0-4a74950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432080",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d0-4e44-480d-b103-43f5950d210b",
"value": "41.58.219.175"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432080",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d0-d8c8-4139-9dbe-482b950d210b",
"value": "174.127.99.235"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432080",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d0-0394-4074-a0c7-40e3950d210b",
"value": "216.38.2.195"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432080",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d0-d970-4ec2-b387-44cb950d210b",
"value": "216.38.2.212"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432080",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d0-69c4-45ed-9457-4b25950d210b",
"value": "41.58.102.142"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432081",
"to_ids": true,
"type": "ip-dst",
"uuid": "559e36d1-d09c-4320-8d10-42e2950d210b",
"value": "41.58.104.23"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432097",
"to_ids": false,
"type": "link",
"uuid": "559e36e1-9fac-48ed-9f37-4d5e950d210b",
"value": "http://blogs.cisco.com/security/talos/darkkomet-rat-spam"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432171",
"to_ids": true,
"type": "hostname",
"uuid": "559e372b-85bc-41eb-9c6c-4edb950d210b",
"value": "paulcoe.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-716c-4d6b-9bff-4675950d210b",
"value": "fiveword.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-9bb0-4a12-b34d-453f950d210b",
"value": "whynot68.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-b6f4-4e93-ba47-4d17950d210b",
"value": "anon66.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-736c-4546-922d-4985950d210b",
"value": "u718901.nvpn.so"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-f01c-4e02-8b66-4c62950d210b",
"value": "toolbox.net-freaks.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432172",
"to_ids": true,
"type": "hostname",
"uuid": "559e372c-7e4c-4412-a742-44bc950d210b",
"value": "ns2.pokerinvestment.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-9a2c-4845-a92e-410e950d210b",
"value": "anon99.dyndns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-00fc-432c-a217-4136950d210b",
"value": "c29b36f623.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-a1d8-46c9-b4f0-4635950d210b",
"value": "billabong0911.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-03dc-4e28-9d92-456e950d210b",
"value": "jazzynexuso.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-064c-4d67-9dc2-4865950d210b",
"value": "coupon.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432173",
"to_ids": true,
"type": "hostname",
"uuid": "559e372d-93b4-4749-89f4-49a5950d210b",
"value": "dataprotector.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-39b0-4967-a42c-441c950d210b",
"value": "coolsam.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-0ad8-4b71-ac8a-48ca950d210b",
"value": "finders.hopto.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-2664-468d-8520-41e3950d210b",
"value": "briach202.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-deac-464f-a905-4984950d210b",
"value": "vxx22.mine.nu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-20f8-425b-9b16-4446950d210b",
"value": "hunter52.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432174",
"to_ids": true,
"type": "hostname",
"uuid": "559e372e-6400-4b28-920a-486f950d210b",
"value": "trueartworkcollectiveonline.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-fae4-42b8-95dd-48fb950d210b",
"value": "qpst.loginto.me"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-fefc-4c59-8140-433f950d210b",
"value": "spamblocker.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-bba4-4757-9143-4221950d210b",
"value": "u688681.nvpn.so"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-09a8-4921-a5ad-49fd950d210b",
"value": "u744015.nvpn.so"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-6450-4f82-be92-4af3950d210b",
"value": "coolsampcf.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432175",
"to_ids": true,
"type": "hostname",
"uuid": "559e372f-6c84-472e-b2d2-404c950d210b",
"value": "xvidmaster97x.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-49f8-46bd-aeef-418f950d210b",
"value": "itsdillon.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-9610-4602-80de-4fda950d210b",
"value": "tltkemissary.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-1458-417c-89a4-47e5950d210b",
"value": "anon66.dyndns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-3bb4-4dc4-b5e3-4412950d210b",
"value": "tltkbshades.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-5a90-4091-afb0-4a6a950d210b",
"value": "eternal.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432176",
"to_ids": true,
"type": "hostname",
"uuid": "559e3730-bf20-4cd5-b5e3-4709950d210b",
"value": "server.dedistreamservers.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-6354-4916-b6a8-43fb950d210b",
"value": "qpst.hopto.me"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-b1a0-4d5d-bc7d-432c950d210b",
"value": "fazbar2013.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-c794-4e5e-98ce-4a21950d210b",
"value": "anon72.dyndns.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-afdc-4010-88b4-4d4b950d210b",
"value": "hustleville.dyndns-ip.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-554c-4222-99b1-43fa950d210b",
"value": "bjjrat.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432177",
"to_ids": true,
"type": "hostname",
"uuid": "559e3731-c568-42ab-bfae-4b65950d210b",
"value": "bigtitays.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-f434-4ae8-9b5a-4470950d210b",
"value": "hackinchawk.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-dfb0-4548-b57d-4573950d210b",
"value": "brianthorsal.zapto.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-c044-4121-b260-4e10950d210b",
"value": "m96.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-8548-4a37-9ff2-4ce2950d210b",
"value": "billabong4102.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-35a0-46d9-a7bb-424d950d210b",
"value": "u768325.nvpn.so"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432178",
"to_ids": true,
"type": "hostname",
"uuid": "559e3732-6118-4fbb-9d95-42aa950d210b",
"value": "host.trueartworkcollectiveonline.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-8018-490f-8335-4be4950d210b",
"value": "gwmtp.tcp.trueartworkcollectiveonline.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-558c-46da-b01d-49bb950d210b",
"value": "gready45trust.ddns.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-c418-4ad0-af1e-4b81950d210b",
"value": "dubbiewubbie.redirectme.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-95d0-400c-8480-4568950d210b",
"value": "usa2-pool-1194.nvpn.so"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-1270-4b80-b2fc-4cb2950d210b",
"value": "myalibaba.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432179",
"to_ids": true,
"type": "hostname",
"uuid": "559e3733-0958-46b0-8892-4156950d210b",
"value": "dedistreamservers.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-6adc-48f0-9a7a-4fa8950d210b",
"value": "n1chols.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-b82c-4c30-89f4-43a8950d210b",
"value": "dfs.loginto.me"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-f1ec-4032-bc74-40f3950d210b",
"value": "maddencoins1.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-f210-4fab-b5b0-46fe950d210b",
"value": "ynx312.no-ip.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-89bc-484b-97de-4b29950d210b",
"value": "thorsal.zapto.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432180",
"to_ids": true,
"type": "hostname",
"uuid": "559e3734-59a8-443f-8e1c-477a950d210b",
"value": "ownslyvvv.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432181",
"to_ids": true,
"type": "hostname",
"uuid": "559e3735-994c-45f6-bab3-445d950d210b",
"value": "hunter53.no-ip.biz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432181",
"to_ids": true,
"type": "hostname",
"uuid": "559e3735-5cb8-49fa-8687-4f6b950d210b",
"value": "dfs1.loginto.me"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432181",
"to_ids": true,
"type": "hostname",
"uuid": "559e3735-0260-47d5-b9b5-4260950d210b",
"value": "iuy.no-ip.info"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432181",
"to_ids": true,
"type": "hostname",
"uuid": "559e3735-c334-4b7b-a54c-4eaa950d210b",
"value": "themainsqueeze.no-ip.org"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1436432248",
"to_ids": false,
"type": "comment",
"uuid": "559e3778-7ad0-4df5-a865-4ec5950d210b",
"value": "Extracted all hostnames resolving to the IPs mentioned in the Cisco blog post"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink