117 lines
3.6 KiB
JSON
117 lines
3.6 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-08-12",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT New C2 \u00e2\u20ac\u201c Neutrino Exploit Kit via pseudoDarkleech HOPTO.ORG gate delivers CrypMic Ransomware by Broad Analysis",
|
||
|
"publish_timestamp": "1471000507",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1471000487",
|
||
|
"uuid": "57adad28-ac28-49f0-b8d5-7495950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "OSINT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000309",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57adaef5-bd68-4f9b-8a2e-6c4f950d210f",
|
||
|
"value": "http://www.broadanalysis.com/2016/08/08/new-c2-neutrino-exploit-kit-via-pseudodarkleech-hopto-org-gate-delivers-crypmic-ransomware/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Redirect GATE",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000365",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57adaf2d-c848-4a48-8ae0-7495950d210f",
|
||
|
"value": "83.217.27.178"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Redirect GATE",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000391",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57adaf47-646c-469a-a6c7-7495950d210f",
|
||
|
"value": "jkgbpsh.hopto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Neutrino EK",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000413",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57adaf5d-f3a8-46f6-8efc-3297950d210f",
|
||
|
"value": "51.254.30.225"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Neutrino EK",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000437",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57adaf75-8f48-4c71-9219-42f4950d210f",
|
||
|
"value": "saveoldclinicas.propertymanager.eu.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Port 443 Clear text \u00e2\u20ac\u201c C2 Check-In \u00e2\u20ac\u201c POST INFECTION TRAFFIC Germany, AS24961 myLoc managed IT AG,",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000460",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57adaf8c-8edc-4b48-8a0f-3299950d210f",
|
||
|
"value": "85.14.243.9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Domains for ransom payments",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000487",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57adafa7-cfe0-47f1-8c70-3299950d210f",
|
||
|
"value": "http://ccjlwb22w6c22p2k.onion.to"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Domains for ransom payments",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1471000487",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57adafa7-f574-46df-9e77-3299950d210f",
|
||
|
"value": "http://ccjlwb22w6c22p2k.onion.city"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|