204 lines
4.6 MiB
JSON
204 lines
4.6 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2018-12-07",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Flash CVE-2018-15982 IOCs",
|
||
|
"publish_timestamp": "1544209374",
|
||
|
"published": true,
|
||
|
"threat_level_id": "1",
|
||
|
"timestamp": "1544209363",
|
||
|
"uuid": "5c0abf20-a720-47f4-ae29-5eb60acd0835",
|
||
|
"Orgc": {
|
||
|
"name": "Synovus Financial",
|
||
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"User Execution - T1204\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Third-party Software - T1072\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#160940",
|
||
|
"name": " Flash"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#008960",
|
||
|
"name": "cyber-threat-framework:Engagement=\"exploit-vulnerabilities\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00b2d9",
|
||
|
"name": "veris:action:social:variety=\"Phishing\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00add3",
|
||
|
"name": "veris:action:social:vector=\"Documents\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0042a5",
|
||
|
"name": "ms-caro-malware-full:malware-family=\"ShellCode\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "On port 80",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "5c0abf5f-bcb4-4926-98a7-632df9de0052",
|
||
|
"value": "188.241.58.68|80"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "On port 80",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "5c0abf5f-e584-4659-bfd7-632df9de0052",
|
||
|
"value": "188.166.92.212|80"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "On port 80",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst|port",
|
||
|
"uuid": "5c0abf5f-ec9c-4b97-b9eb-632df9de0052",
|
||
|
"value": "80.211.217.149|80"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Hacking Team",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abf87-622c-4dce-bcb8-6330f9de0052",
|
||
|
"value": "1cbc626abbe10a4fae6abf0f405c35e2",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#540b39",
|
||
|
"name": "RAT"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Hacking Team",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abf87-b8c0-4808-a79c-6330f9de0052",
|
||
|
"value": "7d92dd6e2bff590437dad2cfa221d976",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#540b39",
|
||
|
"name": "RAT"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "Hacking Team",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abf87-ec40-4006-9451-6330f9de0052",
|
||
|
"value": "f49da7c983fe65ba301695188006d979",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#540b39",
|
||
|
"name": "RAT"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Zero day Flash File",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abfaa-48ec-4e64-aeab-6333f9de0052",
|
||
|
"value": "8a64017953d0840323318bc224bab9c7",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#cb58ae",
|
||
|
"name": "Zero Day"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#160940",
|
||
|
"name": " Flash"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Word doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abfcd-3ef4-4503-a65c-6336f9de0052",
|
||
|
"value": "9c65fa48d29e8a0eb1ad80b10b3d9603"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Word doc",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5c0abfcd-e550-4743-8eb1-6336f9de0052",
|
||
|
"value": "92b1c50c3ddf8289e85cbb7f8eead077"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"data": "JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQgMCBvYmoKPDwgL0xlbmd0aCA1IDAgUiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAHFWVtz3DQUfvevUErYC028lmz5AmULTS8DT5TZGR5aHnY3GwiTUJoUfj/fdyTZ0l5KknaGyTi2dTnnO9+5SNa+V6/Ve1XWqqvzrm3rWtmqULVt88aUlbrZqF/Un2p2dqvV+lZp+btdc0Jjbd5oo9W1ss3wml3Jay/uKhF+pX5XF0GlNTbvTNWKSmO6vGkb06v8aXOz3vz14e/lVXZzCYzExb9+IDD0EtbXavbDtVbP30H4xyzKtiwqcmNKa7pK4alpq1LzqUSD1q2Cpe/x2tS2sw068Hc6vEYkZADwbKF07cbIvWo7tQCuM7K2uFBPisLYoqgqXDWuDa5lUVi0WYOrxaXR1syzxR/qxULsGLQdVq68cg8QFhirLDAsrrPZmXHa31B/ST3QUZRzddrovJJGNAiADsoJAv0VgfKZL2FwBgkaDXqNxouog1Kko8Qd5unVvgGwWUOFxiCIzAb9DXRhBnVRJwmyaOv1CnPQSeTskEHQX/FCO1kUsGSPzEJIosH4xlhAYhk1kAKabcNgPntKKgdnwEwYls7DpBQnwJewsNw2IFglBkQhQHUJWMFAhgPtBCfmkSOIptkClpSQDk8NaUgkiVPJSTtXv6rFj/ePqYzZwKCXuy19QMchZUgRHUGvkTr6PoZOf5M/GeDsinjEbAa+2CRQ8c44IEO8Y0Jws3DuBAzBSydQpQwc1A8ahB3H8TBL6ATOEOaCjxgJZcdznt+EWwZx0EnAwjXUiGNo1LYUpJ5uCZQgtwO09KEkpm/PJCARS/GYCW0uHnw6kHWN5xQfJgkvTlVkOv1EiRywG4dbA+mCbbDBH1LA0Cm+W98/xELNTEKsNq5mxiEWoAo79DdJIHzvmJ3AL4kK5bWPpDDQmRLZSEmeRpFGYjD4MJ2UBL6TCN8bYgKQ/nY6h4CUJCFAutPX452Y683zvk709aIHMJF4NFKnpBtDJc7FfqYPgrTTU4vGQVzFWCZKz9QOUgNR9yp4qXiKJRgipjnIK6lxfIczdgFyEH3vyswAlGWGScBZrtR8pohs7Z6IfEDZOhxTsDWxU+AzEr0p/W6BZMUu5YIcwolhTNt3ojOw5QMxCn6KJ88hEEFt4pxPqkqJJKnSqecGHP/3CkLS3DI+RFOgfrvkeCcO4MOOypX1PuQy7kEftnfD7rto45DLZOt20I2fz0v76xiTn0s4g48JhrU+idYtYBGHD0iSRLJwyuJAtUlRIhZfWyV6+e6jOZHQ11cMSDpKpJFULsxKRaODK0Ay+sAmY4iCO2TswMuWWZEUFmDYK35wNked7ECmykV7mbW4EvQkwZo+Cj/hCwJRWOpMPl/ipVjYZkRAsdRq0uXfQ/hITXG8RvBDkQkTI5cxyXar47AaDVJkraY6OnuNDRVCbK86+laqIQaHTV7CVPBY6meKHdbsXq/oIUoh3Zk2+NOD6fdliUjxJxOBomkzmYuX5J5R7cwRNRgTgmBncyOS9oCUj5X77qV3aN8l7v7RtG9jV9sqrmlKapp8uHFZ8G7cWbuEPQY9N3PICAk1BgY/OMCmLPY+UEisMMxx+3zki3zvVbencSk0NAbeUyeFD5zgRUbzjg4CJSh2eleLNAzcLSnBGkoEBSGtoTaKLNgkEoO5LIZBi1M/ACcemjhsgJhV82z48psNRypKjlSqusttqTv5xittjhOfolIdzj9a07U4BepyfLVUPF/A6YrJ5HTlP09MZq9wWPTbrZr9vLlafrj8Z3P27urdzeX15sPN5dopvsvK6KOo5vcnvkBxb4rcKhwhJIGELZAUcxBeghqDuxR2UMfPfrOaq8UfmZym3AW5IfK7Ld0eoPHfL7jrrgRCU5YJQob6+Rquk5DSOANigz6PGrInepM0YER9DvjxlKVGFsQNdfWAUr+LulA4rHCI/UmVJOfBbVml84ZnEns/7ENnEbCGBsOSFdYwdIY88/VNnYaBPDmRoGeww2DJiL6TbkUHB/WEhU6pXSBNKmQoK7xTInOMSelIzXp1kjKoP0JsL4kjAVg2Pkg+GRRJYi2qlq4yuti6W8j4k7ooZEA+Ms0dE2ZyTOjIP1xwBqY+6iE5rOO+jcaTSsBPbCy5KsFO+XynPbSZBYdO4p2MEYa32wsYmBOpnAgNiWTmHRmTpYySvBaZ4H0h/ZiceJcOFGoJgbRTNYQJhDpeiD6ayhmObVGEyruncjhBNa7WaN4rw9MuHKDGSbF9ykkL5MQTZsozv0JhrvDRlnnJROGpb89eaNSwyx+Hdqta17Up1pi5XrUwfVOsupBAYYIFIbFYa5Yg50KvqkovVzYu9GDHti3OtfEJAsFNZTWeOlu3eOGhNti5f6GLzgLrosvrtmGt2y51emXWRbsMMdEfMqMBHc7fvtEWtT5fnsd+5WcTfmww/LGB1T5cchAPI/Cn+YOCLfKibNvKVzO+4cx7sVaNjHH/mVWLRb99nRw9muIkU0387Qv3duxuX45Gj6YZu8dvJ1MF50/eTr96PEV+4mly4kadJhJGuXudFdo9jEyJB84NsqqZn+LVjOzM+Mej+nHjphnoK9SknSqNW31kqm7sFYrgbFK7EUDeqImXaL6uS4MWrN+T2lQUhdneuPE0OfI9TF0gzJg2NxIo4tGet8k3Uyyg4eh4jxzkToafPugCBMPgAWwm8qJDm1tbeoFvgHF8omERuJ7BdOcR2nU8zaxYQDa8yTYed3wkb27u42aLN/Rh3pNvZyenpZmimk7y8Wz8KNAqU52+k8aJAGkYVch/eg5M4qYB4jQgGxci6cRN8NPdbUbJGHs8Pna9pyej/bRb/Ja0J2QTvhjb2xE7fzr6DhEIq0bz7/EAZc/O5s/p6lpNXgiyt9Ozl68OqC2NwpJWtxZucD8SwU0av+tFfnJ6syRTXsLAU8YVw4/OYMjxfubv8613UCjj4S3cs37cU98O8MM+9PW/+Vy9GAplbmRzdHJlYW0KZW5kb2JqCjUgMCBvYmoKMjIwMwplbmRvYmoKMiAwIG9iago8PCAvVHlwZSAvUGFnZSAvUGFyZW50IDMgMCBSIC9SZXNvdXJjZXMgNiAwIFIgL0NvbnRlbnRzIDQgMCBSID4+CmVuZG9iago2IDAgb2JqCjw8IC9Qcm9jU2V0IFsgL1BERiAvVGV4dCAvSW1hZ2VCIC9JbWFnZUMgL0ltYWdlSSBdIC9Db2xvclNwYWNlIDw8IC9DczEgNyAwIFIKL0NzMiAxNCAwIFIgPj4gL0V4dEdTdGF0ZSA8PCAvR3MyIDE3IDAgUiAvR3MxIDE4IDAgUiAvR3MzIDE5IDAgUiA+PiAvRm9udAo8PCAvVFQyIDE2IDAgUiAvQzEgMTAgMCBSIC9DMiAxMSAwIFIgPj4gL1hPYmplY3QgPDwgL0ltMSA4IDAgUiAvSW0yIDEyIDAgUgo+PiA+PgplbmRvYmoKOCAwIG9iago8PCAvTGVuZ3RoIDkgMCBSIC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggNzEwIC9IZWlnaHQgMzAyIC9JbnRlcnBvbGF0ZQp0cnVlIC9Db2xvclNwYWNlIDcgMCBSIC9JbnRlbnQgL1BlcmNlcHR1YWwgL1NNYXNrIDIwIDAgUiAvQml0c1BlckNvbXBvbmVudAo4IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlID4+CnN0cmVhbQp4Ae292XIlu45l+5D1kmb3/391n75qVOHmNBobOJzkUkgRkw+edDqIZgBspJOh/b//t5sJmIAJPBD4z/9r//73v6Oz8dTc3BJi/7rUUJXb+rKv//znP/92tUFo6jwhX7Xzt7/++usf//jH1Nb1oMLzadb+/ve/340rtI0YrwOU2+AaMcJWArc6U0OY/gRDdLIVjHF5xARMwARM4EMENi5gj1OmrjKLA4Vz6mIbj90w/WU3CoLitOVuc+vMlZ4xNN8oBKfS8Y1iugw9aAImYAIm8IrA45
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1544208949",
|
||
|
"to_ids": false,
|
||
|
"type": "attachment",
|
||
|
"uuid": "5c0ac22b-2a2c-4367-84f9-5eb60acd0835",
|
||
|
"value": "360security_blog.pdf"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|