adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/560a3ca1-e110-476e-b730-4765950d210b.json

363 lines
11 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2015-09-28",
"extends_uuid": "",
"info": "OSINT Infected Korean Website Installs Banking Malware by Cyphort",
"publish_timestamp": "1443511859",
"published": true,
"threat_level_id": "3",
"timestamp": "1443511856",
"uuid": "560a3ca1-e110-476e-b730-4765950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511482",
"to_ids": false,
"type": "link",
"uuid": "560a3cba-80f8-4552-b0f5-472e950d210b",
"value": "http://www.cyphort.com/koreatimes-installs-venik/"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511574",
"to_ids": false,
"type": "domain",
"uuid": "560a3d16-8174-4ec6-abb5-4817950d210b",
"value": "koreatimes.com"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511574",
"to_ids": false,
"type": "domain",
"uuid": "560a3d16-f058-4646-a321-4dc8950d210b",
"value": "filehon.com"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511575",
"to_ids": false,
"type": "domain",
"uuid": "560a3d17-2eb0-4f10-bc30-41d9950d210b",
"value": "joara.com"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511575",
"to_ids": false,
"type": "domain",
"uuid": "560a3d17-1c24-4311-a351-408c950d210b",
"value": "hometax.go.kr"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511575",
"to_ids": false,
"type": "domain",
"uuid": "560a3d17-6eec-43e5-bd7a-412f950d210b",
"value": "soriaudio.co.kr"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511576",
"to_ids": false,
"type": "domain",
"uuid": "560a3d18-1a88-4db3-81c8-450f950d210b",
"value": "gomsee.com"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511576",
"to_ids": false,
"type": "domain",
"uuid": "560a3d18-980c-4c66-ac01-4881950d210b",
"value": "lottoplay.co.kr"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511576",
"to_ids": false,
"type": "domain",
"uuid": "560a3d18-6774-46fe-acf1-4c60950d210b",
"value": "insight.co.kr"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511577",
"to_ids": false,
"type": "domain",
"uuid": "560a3d19-787c-4cd7-89da-4390950d210b",
"value": "filecity.co.kr"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511577",
"to_ids": false,
"type": "domain",
"uuid": "560a3d19-ed44-4225-96ce-48b6950d210b",
"value": "nggol.com"
},
{
"category": "Network activity",
"comment": "Past infected sites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511577",
"to_ids": false,
"type": "domain",
"uuid": "560a3d19-4b38-45d6-95c6-438b950d210b",
"value": "koreamanse.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511599",
"to_ids": false,
"type": "vulnerability",
"uuid": "560a3d2f-80d4-4082-b16c-4c4c950d210b",
"value": "CVE-2014-6332"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511599",
"to_ids": false,
"type": "vulnerability",
"uuid": "560a3d2f-7b1c-40e9-9a93-4d5f950d210b",
"value": "CVE-2011-3544"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511599",
"to_ids": false,
"type": "vulnerability",
"uuid": "560a3d2f-f99c-4d63-a726-4e2d950d210b",
"value": "CVE-2015-0336"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511705",
"to_ids": true,
"type": "ip-dst",
"uuid": "560a3d99-cd74-481b-9861-e475950d210b",
"value": "99.188.106.161"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511705",
"to_ids": true,
"type": "url",
"uuid": "560a3d99-c840-4f69-ae51-e475950d210b",
"value": "http://142.0.137.68"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511706",
"to_ids": true,
"type": "url",
"uuid": "560a3d9a-8d6c-4f79-b327-e475950d210b",
"value": "http://142.0.137.67:805/index.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511706",
"to_ids": true,
"type": "ip-dst",
"uuid": "560a3d9a-b6a0-4cbc-924b-e475950d210b",
"value": "142.0.137.199"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511719",
"to_ids": true,
"type": "ip-dst",
"uuid": "560a3da7-2510-4ae0-a6bb-417f950d210b",
"value": "142.0.137.68"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511719",
"to_ids": true,
"type": "ip-dst",
"uuid": "560a3da7-f748-49bc-982b-47b9950d210b",
"value": "142.0.137.67"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511755",
"to_ids": true,
"type": "md5",
"uuid": "560a3dcb-a60c-46f7-a05d-470d950d210b",
"value": "c242d641d9432f611360db36f2075f67"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511755",
"to_ids": true,
"type": "md5",
"uuid": "560a3dcb-7e10-4595-a21f-4913950d210b",
"value": "a6ec0fbe1ad821a3fb527f39e180e378"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511755",
"to_ids": true,
"type": "md5",
"uuid": "560a3dcb-7e90-4d72-883c-4add950d210b",
"value": "b9a5a00e134fe0df217c01145319b1cb"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511841",
"to_ids": true,
"type": "sha256",
"uuid": "560a3e21-0638-4bcd-8d62-4319950d210b",
"value": "04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511841",
"to_ids": true,
"type": "sha1",
"uuid": "560a3e21-4654-4a55-b8c2-428d950d210b",
"value": "0cb0f491de8ba2761de899d8cbc136e2747145ee"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511842",
"to_ids": false,
"type": "link",
"uuid": "560a3e22-2db0-4a39-b37f-4ef5950d210b",
"value": "https://www.virustotal.com/file/04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49/analysis/1443347085/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511842",
"to_ids": true,
"type": "sha256",
"uuid": "560a3e22-027c-4e2d-b613-40cb950d210b",
"value": "3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511842",
"to_ids": true,
"type": "sha1",
"uuid": "560a3e22-73bc-488e-81ec-42d5950d210b",
"value": "be8e700fb54019f06e3c816473d9141cc7d75630"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443511843",
"to_ids": false,
"type": "link",
"uuid": "560a3e23-008c-4560-9c3a-40a7950d210b",
"value": "https://www.virustotal.com/file/3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383/analysis/1443415018/"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink