594 lines
17 KiB
JSON
594 lines
17 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-07-01",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT H-Worm IOCs from WooYun",
|
||
|
"publish_timestamp": "1467483577",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1467483572",
|
||
|
"uuid": "57780118-b304-434e-b78f-478d950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482440",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57780148-548c-41c9-b29e-483e950d210f",
|
||
|
"value": "http://drops.wooyun.org/papers/17374"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482466",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780162-a4fc-4810-987d-4f29950d210f",
|
||
|
"value": "zzzch.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482466",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780162-d6ec-4acf-b61f-4008950d210f",
|
||
|
"value": "ysf.no-ip.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482466",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780162-9cf8-4b76-a355-41ae950d210f",
|
||
|
"value": "ycemufkk6g.bounceme.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482466",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780162-9bd8-4e91-a01d-4551950d210f",
|
||
|
"value": "xxx-xxx.no-ip.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482466",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780162-20f4-4ca0-812a-409a950d210f",
|
||
|
"value": "xkiller.no-ip.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-3538-4714-9237-4484950d210f",
|
||
|
"value": "wach.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-5550-48fa-9c3b-49a6950d210f",
|
||
|
"value": "tariqalr.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-e160-42e3-81b6-4d85950d210f",
|
||
|
"value": "shagagy21.no-ip.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-2390-46a1-ae8c-4bea950d210f",
|
||
|
"value": "sexcam.3utilities.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-99fc-474e-b7a9-4893950d210f",
|
||
|
"value": "servecounterstrike.servecounterstrike.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482467",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780163-e838-4e2d-9319-410b950d210f",
|
||
|
"value": "playgame.servecounterstrike.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-6dd4-4d96-9a8c-417d950d210f",
|
||
|
"value": "p-dark.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-ac20-415d-9bbf-4af1950d210f",
|
||
|
"value": "nouna1985.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-e988-46ec-8b83-47d1950d210f",
|
||
|
"value": "n0it.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-6e90-42fe-8bd0-407e950d210f",
|
||
|
"value": "mzab47.myq-see.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-77f0-4f71-84c4-46fa950d210f",
|
||
|
"value": "modox.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482468",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780164-2700-424a-9a2e-4857950d210f",
|
||
|
"value": "mmoohhaammeedd.no-ip.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482469",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780165-f9dc-4b8b-a389-4710950d210f",
|
||
|
"value": "mlcrosoft.serveftp.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482469",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780165-b50c-48a7-8af4-4f9d950d210f",
|
||
|
"value": "microsoftupgrades.servehttp.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482469",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780165-e034-4ec0-a8e2-4537950d210f",
|
||
|
"value": "microsoftsystem.sytes.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482469",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780165-ca3c-4fd2-9594-49b3950d210f",
|
||
|
"value": "micr0s0ftsoft.myftp.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482469",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780165-0fc8-408f-b09e-40d7950d210f",
|
||
|
"value": "mda.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-35fc-4540-abc2-4535950d210f",
|
||
|
"value": "maroco.redirectme.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-2e48-47b4-9b74-4e2d950d210f",
|
||
|
"value": "maroco.myq-see.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-80b0-489a-9ccd-484b950d210f",
|
||
|
"value": "maroco.linkpc.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-47cc-4ff6-9e70-4f3e950d210f",
|
||
|
"value": "man2010.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-7178-4ca2-8d30-4559950d210f",
|
||
|
"value": "korom.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482470",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780166-9038-4536-933f-4353950d210f",
|
||
|
"value": "koko.myftp.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-8a4c-480e-bf4d-484e950d210f",
|
||
|
"value": "klonkino.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-a468-4e10-b8a1-49d0950d210f",
|
||
|
"value": "king.servemp3.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-038c-43c6-b141-4050950d210f",
|
||
|
"value": "herohero.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-271c-4e45-a979-4838950d210f",
|
||
|
"value": "hacker20133.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-552c-43a8-a437-4a51950d210f",
|
||
|
"value": "googlechrome.servequake.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482471",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780167-b560-475e-9c82-4af5950d210f",
|
||
|
"value": "g00gle.sytes.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-0e08-48ba-8b8e-42d0950d210f",
|
||
|
"value": "dzhacker15.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-fd9c-4eaf-93ae-4136950d210f",
|
||
|
"value": "dz47.servehttp.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-2778-40ec-ae28-44f8950d210f",
|
||
|
"value": "dz47.myq-see.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-cd38-40b4-98a5-4fb1950d210f",
|
||
|
"value": "dz47.linkpc.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-d4c4-4b5d-a257-428c950d210f",
|
||
|
"value": "dream7.no-ip.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482472",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780168-df7c-4ed7-bab8-43b7950d210f",
|
||
|
"value": "diiimaria.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482473",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780169-bf84-4677-a72f-4e32950d210f",
|
||
|
"value": "desha10.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482473",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780169-0664-45ee-b006-4e22950d210f",
|
||
|
"value": "dataday3.no-ip.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482473",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780169-4104-4d2d-814f-4fd8950d210f",
|
||
|
"value": "darkanony0501.no-ip.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482473",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780169-073c-444a-add2-4868950d210f",
|
||
|
"value": "cupidon.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482473",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57780169-612c-41dd-9a7a-4643950d210f",
|
||
|
"value": "chrom.no-ip.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482474",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5778016a-fbac-40b6-b2b2-4070950d210f",
|
||
|
"value": "bog5151.zapto.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482474",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5778016a-3700-41cf-acd6-49e0950d210f",
|
||
|
"value": "blackmind.redirectme.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482474",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5778016a-9fac-44fc-993b-4150950d210f",
|
||
|
"value": "albertino.no-ip.info"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482474",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5778016a-0c2c-4682-b7a3-4f2c950d210f",
|
||
|
"value": "adolf2013.sytes.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482474",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5778016a-b8b4-4b19-b761-487f950d210f",
|
||
|
"value": "adamdam.zapto.org"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|