2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2014-12-12",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT Fidelis Threat Advisory #1014 \"Bots, Machines, and the Matrix\"",
|
|
|
|
"publish_timestamp": "1418718598",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1418718520",
|
|
|
|
"uuid": "548e96bd-d008-44bb-aa77-b792950d210b",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#33FF00",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:green",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630861",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "comment",
|
|
|
|
"uuid": "548e96cd-4e3c-41ec-bf12-4e47950d210b",
|
|
|
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630889",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "548e96e9-dd7c-4bed-8c54-4cfe950d210b",
|
|
|
|
"value": "http://www.threatgeek.com/2014/12/threat-advisory-1014-bots-machines-and-the-matrix.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630889",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "548e96e9-eba0-49de-b1d7-4687950d210b",
|
|
|
|
"value": "http://www.fidelissecurity.com/resources/threat-advisory"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630889",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "548e96e9-6934-4fe9-8225-4049950d210b",
|
|
|
|
"value": "http://www.fidelissecurity.com/sites/default/files/FTA_1014_Bots_Machines_and_the_Matrix.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630940",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971c-9ff4-4c3b-ae28-b74f950d210b",
|
|
|
|
"value": "Andromeda"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630940",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971c-ddf0-4a78-9ac6-b74f950d210b",
|
|
|
|
"value": "BetaBot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630940",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971c-8c80-4990-b6f8-b74f950d210b",
|
|
|
|
"value": "Beta Bot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630941",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971d-73f8-4658-a273-b74f950d210b",
|
|
|
|
"value": "Neutrino Bot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630941",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971d-2d4c-4f6d-b039-b74f950d210b",
|
|
|
|
"value": "NgrBot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418630941",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e971d-ece0-40ad-b780-b74f950d210b",
|
|
|
|
"value": "DorkBot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Attribution",
|
|
|
|
"comment": "Contact information for Neutrino",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631106",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e97c2-e054-445c-9ea6-455f950d210b",
|
|
|
|
"value": "3utrino@kaddafi.me"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Attribution",
|
|
|
|
"comment": "Contact information for Neutrino",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631106",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e97c2-6444-44e6-806a-4bdf950d210b",
|
|
|
|
"value": "n3utrino@xmpp.jp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631281",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9871-6938-4830-826d-4f5d950d210b",
|
|
|
|
"value": "117.21.191.47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631281",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9871-dde8-46f2-b055-424b950d210b",
|
|
|
|
"value": "121.11.83.7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631281",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9871-a3dc-4f39-9f79-46d1950d210b",
|
|
|
|
"value": "121.14.212.184"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631281",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9871-a1bc-44f5-8dff-4e96950d210b",
|
|
|
|
"value": "155.133.18.44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631281",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9871-86b4-4f3a-a3e5-466e950d210b",
|
|
|
|
"value": "155.133.18.45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Amazon (might end-up reassigned to something innocuous)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418718489",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9889-8da8-4eb8-91c9-b79b950d210b",
|
|
|
|
"value": "54.69.90.62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631426",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9902-2f30-415e-a8a1-4387950d210b",
|
|
|
|
"value": "119.1.109.44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631426",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9902-94a4-4a32-b21f-495b950d210b",
|
|
|
|
"value": "158.255.1.241"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Amazon (might end-up reassigned to something innocuous)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418718499",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9915-a158-481a-84d5-4668950d210b",
|
|
|
|
"value": "54.191.142.124"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Amazon (might end-up reassigned to something innocuous)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418718509",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9915-df34-45ed-8d97-475e950d210b",
|
|
|
|
"value": "54.68.121.73"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Amazon (might end-up reassigned to something innocuous)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418718520",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9915-a154-4f14-bbb9-4647950d210b",
|
|
|
|
"value": "54.68.194.154"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-d254-42c6-b3d6-4760950d210b",
|
|
|
|
"value": "Trojan.Win32.Sysn"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-f22c-45de-83b5-4d9b950d210b",
|
|
|
|
"value": "Backdoor.Win32.Androm"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-abf4-42e2-8742-453c950d210b",
|
|
|
|
"value": "Backdoor.Win32.Azbreg"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-66e8-4b67-807d-4ab4950d210b",
|
|
|
|
"value": "Backdoor.Win32.Ruskill"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-4f2c-485c-ab23-4c30950d210b",
|
|
|
|
"value": "Downloader.Win32.Agent"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-cd54-4707-9972-418c950d210b",
|
|
|
|
"value": "Dropper.Win32.Injector"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-45a0-4dba-97da-4335950d210b",
|
|
|
|
"value": "Proxy.Win32.Lethic"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-d8e0-4540-acb0-4687950d210b",
|
|
|
|
"value": "Spy.Win32.SpyEyes"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-3d40-4f2d-b2df-45fb950d210b",
|
|
|
|
"value": "Spy.Win32.Zbot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-7838-4947-9769-4c93950d210b",
|
|
|
|
"value": "Trojan.Win32.Badur"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a5-32ac-44d0-ae60-458a950d210b",
|
|
|
|
"value": "Trojan.Win32.Inject"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-11fc-4568-b5dc-45c7950d210b",
|
|
|
|
"value": "Trojan.Win32.Lethic"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-73a0-46da-af4a-4c5e950d210b",
|
|
|
|
"value": "Trojan.Win32.Munchies"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-9e30-4b75-81b3-459b950d210b",
|
|
|
|
"value": "Trojan.Win32.Neurevt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-d66c-4785-b6c9-4b59950d210b",
|
|
|
|
"value": "Trojan.Win32.Sharik"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-8cd4-4239-80ea-4148950d210b",
|
|
|
|
"value": "Trojan.Win32.Yakes"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-3dc4-4f3e-872d-4a49950d210b",
|
|
|
|
"value": "Worm.Win32.Dorkbot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631631",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e99a6-34a0-443e-9dac-4831950d210b",
|
|
|
|
"value": "Worm.Win32.Ngrbot"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631739",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "548e9a3b-8d8c-497f-9082-4e99950d210b",
|
|
|
|
"value": "Worm.Win32.Hamweq"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-5a7c-4843-ae18-4332950d210b",
|
|
|
|
"value": "http://121.11.83.7/and40a70.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-191c-463e-bd42-4574950d210b",
|
|
|
|
"value": "http://121.11.83.7/bet40a71.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-c74c-40cc-a303-42a8950d210b",
|
|
|
|
"value": "http://121.11.83.7/ng40a71.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-0e94-424b-b6c2-4dd1950d210b",
|
|
|
|
"value": "http://155.133.18.45/37a1.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-bf18-42ab-9144-41e9950d210b",
|
|
|
|
"value": "http://54.69.90.62/330740a71.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-250c-4087-a453-405f950d210b",
|
|
|
|
"value": "http://54.69.90.62/bnew40a71.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-4310-4eb5-b137-4cc0950d210b",
|
|
|
|
"value": "http://155.133.18.45/109a7.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-9588-4ecc-af78-4364950d210b",
|
|
|
|
"value": "http://155.133.18.45/51a5.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-0fb8-4806-b890-48ae950d210b",
|
|
|
|
"value": "http://155.133.18.45/62.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-6500-47f9-9b6a-42e3950d210b",
|
|
|
|
"value": "http://121.14.212.184/ng33.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-10fc-4c0c-8cfc-4fd8950d210b",
|
|
|
|
"value": "http://121.14.212.184/zpm39a.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631841",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa1-a8e8-4455-b071-47ca950d210b",
|
|
|
|
"value": "http://155.133.18.45/141a1.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-f530-403c-963d-4c38950d210b",
|
|
|
|
"value": "http://217.23.6.112/98.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-3ca4-4948-923f-4b59950d210b",
|
|
|
|
"value": "http://54.191.142.124/zpm37.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-e488-48f4-b9a9-4de8950d210b",
|
|
|
|
"value": "http://54.69.90.62/bnew40a85.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-46e0-4fb2-a5ee-46ce950d210b",
|
|
|
|
"value": "http://121.11.83.7/nut40a71.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-7764-4e05-80c2-417d950d210b",
|
|
|
|
"value": "http://54.69.90.62/dqnew40a81.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-d488-47d2-a406-464b950d210b",
|
|
|
|
"value": "http://119.1.109.44/and33.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-78ac-4cd3-8d2b-48de950d210b",
|
|
|
|
"value": "http://217.23.6.112/330740x.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-bb60-4c5d-9680-4d4e950d210b",
|
|
|
|
"value": "http://77.87.79.128/37extra.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Not added as to IDS, since IPs are already covering that and exe names are generated dynamically",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631842",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "548e9aa2-5a78-4a29-8171-4c68950d210b",
|
|
|
|
"value": "http://158.255.1.241/ng38a.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631867",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9abb-a4c0-4a7d-9d22-4aa1950d210b",
|
|
|
|
"value": "036eb11a5751c77bc65006769921c8e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631881",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "548e9ac9-df30-496d-88f8-4b9b950d210b",
|
|
|
|
"value": "c6966d9557a9d5ffbbcd7866d45eddff30a9fd99"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631931",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9afb-e1ac-4300-ab18-4069950d210b",
|
|
|
|
"value": "121.14.212.248"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631953",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "548e9b11-c25c-4fba-a184-47fc950d210b",
|
|
|
|
"value": "a2kiaymoster14902.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418631974",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9b26-3474-485f-bb91-4760950d210b",
|
|
|
|
"value": "b62391f3f7cbdea02763614f60f3930f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632003",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "filename",
|
|
|
|
"uuid": "548e9b43-d4b4-4fd7-8d39-4950950d210b",
|
|
|
|
"value": "%ALLUSERSPROFILE%\\msitygyd.exe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Beta Bot",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632028",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9b5c-8784-4477-b878-4db1950d210b",
|
|
|
|
"value": "9e8b203f487dfa85dd47e32b3d24e24e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Beta Bot",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632046",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "548e9b6e-c3d0-4c58-a494-4138950d210b",
|
|
|
|
"value": "de6a4d53b5265f8cddf08271d17d845f58107e82"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632073",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9b89-ab00-455a-8636-b2a7950d210b",
|
|
|
|
"value": "116.255.202.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Neutrino Bot",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632124",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9bbc-3494-4dd1-8505-45f1950d210b",
|
|
|
|
"value": "463f7191363d0391add327c1270d7fe6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Neutrino Bot",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632145",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "548e9bd1-0db8-4d9d-b931-447c950d210b",
|
|
|
|
"value": "a87c5b6a588ef4b351ce1a3a0fe2b035e685e96c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632165",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "548e9be5-17dc-4d23-956e-4c44950d210b",
|
|
|
|
"value": "121.61.118.140"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632217",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9c19-98f8-493b-9430-4930950d210b",
|
|
|
|
"value": "b21e4c8f73151d7b0294a3974fe44421"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632330",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9c8a-d458-4fa2-ab62-486f950d210b",
|
|
|
|
"value": "463f7191363d0391add327c1270d7fe6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632330",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9c8a-3858-48cb-9ad6-41b0950d210b",
|
|
|
|
"value": "9cf7d079713fdf715131e16b144d3f52"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632330",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9c8a-9c68-44dc-b73e-4222950d210b",
|
|
|
|
"value": "2983d957d4cdd9293682cfaf21147d07"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632330",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9c8a-1cc4-42c5-b71b-494b950d210b",
|
|
|
|
"value": "72380a9fcf7486bb731606d4f4c13f27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632367",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "548e9caf-3a30-4a92-9be5-4467950d210b",
|
|
|
|
"value": "13475d0fdba8dc7a648b57b10e8296d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1418632389",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "548e9cc5-1954-49c6-8dab-4fbb950d210b",
|
|
|
|
"value": "feed5337c0a3b1fd55c78a976fbd5388512a22e1"
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|