misp-circl-feed/feeds/circl/misp/55a76999-52e4-45c0-ac44-2ce2950d210b.json

436 lines
14 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2015-07-14",
"extends_uuid": "",
"info": "OSINT An In-Depth Look at How Pawn Storm\u00e2\u20ac\u2122s Java Zero-Day Was Used by Trend Micro",
"publish_timestamp": "1437650831",
"published": true,
"threat_level_id": "2",
"timestamp": "1454273686",
"uuid": "55a76999-52e4-45c0-ac44-2ce2950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437034929",
"to_ids": false,
"type": "link",
"uuid": "55a769b1-faf0-4553-b131-e4fd950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437034949",
"to_ids": false,
"type": "text",
"uuid": "55a769c5-83c8-41f9-a020-266f950d210b",
"value": "APT28"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437034949",
"to_ids": false,
"type": "text",
"uuid": "55a769c5-904c-44d3-a10e-266f950d210b",
"value": "Pawn Storm"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437034949",
"to_ids": false,
"type": "text",
"uuid": "55a769c5-3b70-40c6-8030-266f950d210b",
"value": "Sednit"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437034950",
"to_ids": false,
"type": "text",
"uuid": "55a769c6-70cc-469e-bae4-266f950d210b",
"value": "Sofacy"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126452",
"to_ids": true,
"type": "sha1",
"uuid": "55a8cf34-5c94-40bf-9cfc-4301950d210b",
"value": "95dc765700f5af406883d07f165011d2ff8dd0fb"
},
{
"category": "Network activity",
"comment": "Marked as not for IDS since it includes a regexp",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126493",
"to_ids": false,
"type": "url",
"uuid": "55a8cf34-29cc-480a-8bfd-43b9950d210b",
"value": "http://ausameetings.com/url?=[a-za-z0-9]{7}/2015annualmeeting/"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126452",
"to_ids": true,
"type": "sha1",
"uuid": "55a8cf34-0550-4b1f-b183-42ae950d210b",
"value": "b4a515ef9de037f18d96b9b0e48271180f5725b7"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126453",
"to_ids": true,
"type": "url",
"uuid": "55a8cf35-add8-4854-b6c3-443b950d210b",
"value": "vhgg5hkvn25.exe"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126453",
"to_ids": true,
"type": "sha1",
"uuid": "55a8cf35-3b68-473a-8347-49c9950d210b",
"value": "21835aafe6d46840bb697e8b0d4aac06dec44f5b"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126453",
"to_ids": true,
"type": "url",
"uuid": "55a8cf35-e610-4d0b-b99a-44a5950d210b",
"value": "api-ms-win-downlevel-profile-l1-1-0.dll"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126700",
"to_ids": true,
"type": "domain",
"uuid": "55a8d02c-f300-4479-a2e9-1e08950d210b",
"value": "ausameetings.com"
},
{
"category": "Network activity",
"comment": "Low precision",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126700",
"to_ids": true,
"type": "ip-dst",
"uuid": "55a8d02c-8f64-4dd0-a81e-1e08950d210b",
"value": "95.215.45.189"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126700",
"to_ids": true,
"type": "ip-dst",
"uuid": "55a8d02c-4300-4109-9e0d-1e08950d210b",
"value": "87.236.215.132"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "url",
"uuid": "55a8d02d-3cb4-424d-980f-1e08950d210b",
"value": "arrayreplace.class"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "filename",
"uuid": "55a8d02d-e680-47d6-ada7-1e08950d210b",
"value": "App$PassHandleController.class"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "url",
"uuid": "55a8d02d-5a2c-49e1-bd33-1e08950d210b",
"value": "converter.class"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "url",
"uuid": "55a8d02d-30f4-48a7-9ae8-1e08950d210b",
"value": "mybytearrayinputstream.class"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "url",
"uuid": "55a8d02d-9718-48ec-8566-1e08950d210b",
"value": "none2.class"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126701",
"to_ids": true,
"type": "url",
"uuid": "55a8d02d-b774-4483-bf97-1e08950d210b",
"value": "none.class"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126702",
"to_ids": true,
"type": "url",
"uuid": "55a8d02e-384c-4a0e-b776-1e08950d210b",
"value": "cormac.mcr"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126702",
"to_ids": true,
"type": "ip-dst",
"uuid": "55a8d02e-fa20-43d0-9a16-1e08950d210b",
"value": "192.111.146.185"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126702",
"to_ids": true,
"type": "ip-dst",
"uuid": "55a8d02e-71e4-484a-b446-1e08950d210b",
"value": "37.187.116.240"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126722",
"to_ids": true,
"type": "domain",
"uuid": "55a8d02e-c688-4242-b2b6-1e08950d210b",
"value": "acledit.com"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126730",
"to_ids": true,
"type": "domain",
"uuid": "55a8d02e-d3c4-41d0-adfe-1e08950d210b",
"value": "biocpl.org"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126787",
"to_ids": false,
"type": "text",
"uuid": "55a8d083-0df0-41d5-aaff-0a95950d210b",
"value": "JAVA_DLOADR.EFD"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126787",
"to_ids": false,
"type": "text",
"uuid": "55a8d083-889c-4378-8a87-0a95950d210b",
"value": "TROJ_DROPPR.CXC"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1437126787",
"to_ids": false,
"type": "text",
"uuid": "55a8d083-b298-4191-b334-0a95950d210b",
"value": "TSPY_SEDNIT.C"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 21835aafe6d46840bb697e8b0d4aac06dec44f5b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273686",
"to_ids": true,
"type": "sha256",
"uuid": "56ae7496-ac98-437d-ba17-4bfa02de0b81",
"value": "3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 21835aafe6d46840bb697e8b0d4aac06dec44f5b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273686",
"to_ids": true,
"type": "md5",
"uuid": "56ae7496-ab14-4ad0-a447-44be02de0b81",
"value": "211b7100fd799e9eaabeb13cfa446231"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273687",
"to_ids": false,
"type": "link",
"uuid": "56ae7497-80f0-4165-be41-49d402de0b81",
"value": "https://www.virustotal.com/file/3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8/analysis/1451306949/"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: b4a515ef9de037f18d96b9b0e48271180f5725b7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273687",
"to_ids": true,
"type": "sha256",
"uuid": "56ae7497-8098-4ffc-b65e-47d302de0b81",
"value": "d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: b4a515ef9de037f18d96b9b0e48271180f5725b7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273687",
"to_ids": true,
"type": "md5",
"uuid": "56ae7497-5968-4028-ac90-4fb202de0b81",
"value": "afe09fb5a2b97f9e119f70292092604e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273688",
"to_ids": false,
"type": "link",
"uuid": "56ae7498-0774-4bcb-ae08-492402de0b81",
"value": "https://www.virustotal.com/file/d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5/analysis/1449817909/"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 95dc765700f5af406883d07f165011d2ff8dd0fb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273688",
"to_ids": true,
"type": "sha256",
"uuid": "56ae7498-5770-4232-9152-4a3102de0b81",
"value": "3f2d8744205b59f7bee5a8f13e6a15201f04663ce2c6f33b1684968778e44349"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 95dc765700f5af406883d07f165011d2ff8dd0fb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273688",
"to_ids": true,
"type": "md5",
"uuid": "56ae7498-cf28-4e29-81fb-47be02de0b81",
"value": "0c345969a5974e8b1ec6a5e23b2cf777"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1454273688",
"to_ids": false,
"type": "link",
"uuid": "56ae7498-af00-40a5-9683-420102de0b81",
"value": "https://www.virustotal.com/file/3f2d8744205b59f7bee5a8f13e6a15201f04663ce2c6f33b1684968778e44349/analysis/1443100024/"
}
]
}
}