183 lines
6 KiB
JSON
183 lines
6 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2014-03-11",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Botnet bruteforcing Point Of Sale terminals via Remote Desktop",
|
||
|
"publish_timestamp": "1448637822",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1448637781",
|
||
|
"uuid": "56587437-7f08-4381-85bc-a829950d210b",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637516",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5658744c-ef14-47e7-9e75-d063950d210b",
|
||
|
"value": "https://www.alienvault.com/open-threat-exchange/blog/botnet-bruteforcing-point-of-sale-via-remote-desktop"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637579",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5658748b-05c4-4f39-aa39-d062950d210b",
|
||
|
"value": "c1fab4a0b7f4404baf8eab4d58b1f821"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637579",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5658748b-d880-4c69-b339-d062950d210b",
|
||
|
"value": "c0c1f1a69a1b59c6f2dab18135a73919"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637580",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5658748c-65ec-4a2f-b54a-d062950d210b",
|
||
|
"value": "08863d484b1ebe6359144c9a8d8027c0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637613",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "565874ad-f07c-4566-ac03-d063950d210b",
|
||
|
"value": "78.154.54.42"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637782",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56587556-015c-403f-b13d-d8c7950d210b",
|
||
|
"value": "7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637782",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56587556-2aec-4136-a47c-d8c7950d210b",
|
||
|
"value": "fb357bb5d9c2de75afa69bfec8c22041b02e03df"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637782",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56587556-f56c-4a2e-a8a9-d8c7950d210b",
|
||
|
"value": "https://www.virustotal.com/file/7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713/analysis/1445904969/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637783",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56587557-ade0-4c81-9d2c-d8c7950d210b",
|
||
|
"value": "4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637783",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56587557-e36c-4e34-95a4-d8c7950d210b",
|
||
|
"value": "e284b886851623a944e6f3d8507314b3217935ce"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637784",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56587558-6980-4313-b36d-d8c7950d210b",
|
||
|
"value": "https://www.virustotal.com/file/4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a/analysis/1445913257/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637784",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "56587558-7c28-496f-acc2-d8c7950d210b",
|
||
|
"value": "47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637784",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "56587558-87ec-4a37-8c00-d8c7950d210b",
|
||
|
"value": "f63479cd40b56652721a95f059dedfb96478bbaa"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1448637785",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "56587559-32b0-46d1-9223-d8c7950d210b",
|
||
|
"value": "https://www.virustotal.com/file/47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0/analysis/1408612721/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|