70 lines
1.8 KiB
JSON
70 lines
1.8 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-05-13",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT DarkHotel samples at WooYun",
|
||
|
"publish_timestamp": "1498162438",
|
||
|
"published": true,
|
||
|
"threat_level_id": "2",
|
||
|
"timestamp": "1498162340",
|
||
|
"uuid": "5778026d-9670-44e0-9c25-4751950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0fbf00",
|
||
|
"name": "misp-galaxy:threat-actor=\"darkhotel\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482777",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57780299-9398-4139-afe8-4947950d210f",
|
||
|
"value": "all-microsoft-control.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482777",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57780299-31a4-4f64-81f1-45b3950d210f",
|
||
|
"value": "view-drama-online.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1467482936",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57780338-88bc-4f71-abbd-4afa950d210f",
|
||
|
"value": "http://drops.wooyun.org/papers/15755"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|