{ "Event": { "analysis": "2", "date": "2015-07-09", "extends_uuid": "", "info": "OSINT expansion on OSINT - Ding! Your RAT has been delivered by Cisco Talos", "publish_timestamp": "1436452977", "published": true, "threat_level_id": "4", "timestamp": "1436432248", "uuid": "559e36b0-e924-4c3d-b7a0-4a74950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432080", "to_ids": true, "type": "ip-dst", "uuid": "559e36d0-4e44-480d-b103-43f5950d210b", "value": "41.58.219.175" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432080", "to_ids": true, "type": "ip-dst", "uuid": "559e36d0-d8c8-4139-9dbe-482b950d210b", "value": "174.127.99.235" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432080", "to_ids": true, "type": "ip-dst", "uuid": "559e36d0-0394-4074-a0c7-40e3950d210b", "value": "216.38.2.195" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432080", "to_ids": true, "type": "ip-dst", "uuid": "559e36d0-d970-4ec2-b387-44cb950d210b", "value": "216.38.2.212" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432080", "to_ids": true, "type": "ip-dst", "uuid": "559e36d0-69c4-45ed-9457-4b25950d210b", "value": "41.58.102.142" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1436432081", "to_ids": true, "type": "ip-dst", "uuid": "559e36d1-d09c-4320-8d10-42e2950d210b", "value": "41.58.104.23" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432097", "to_ids": false, "type": "link", "uuid": "559e36e1-9fac-48ed-9f37-4d5e950d210b", "value": "http://blogs.cisco.com/security/talos/darkkomet-rat-spam" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432171", "to_ids": true, "type": "hostname", "uuid": "559e372b-85bc-41eb-9c6c-4edb950d210b", "value": "paulcoe.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-716c-4d6b-9bff-4675950d210b", "value": "fiveword.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-9bb0-4a12-b34d-453f950d210b", "value": "whynot68.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-b6f4-4e93-ba47-4d17950d210b", "value": "anon66.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-736c-4546-922d-4985950d210b", "value": "u718901.nvpn.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-f01c-4e02-8b66-4c62950d210b", "value": "toolbox.net-freaks.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432172", "to_ids": true, "type": "hostname", "uuid": "559e372c-7e4c-4412-a742-44bc950d210b", "value": "ns2.pokerinvestment.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-9a2c-4845-a92e-410e950d210b", "value": "anon99.dyndns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-00fc-432c-a217-4136950d210b", "value": "c29b36f623.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-a1d8-46c9-b4f0-4635950d210b", "value": "billabong0911.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-03dc-4e28-9d92-456e950d210b", "value": "jazzynexuso.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-064c-4d67-9dc2-4865950d210b", "value": "coupon.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432173", "to_ids": true, "type": "hostname", "uuid": "559e372d-93b4-4749-89f4-49a5950d210b", "value": "dataprotector.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-39b0-4967-a42c-441c950d210b", "value": "coolsam.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-0ad8-4b71-ac8a-48ca950d210b", "value": "finders.hopto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-2664-468d-8520-41e3950d210b", "value": "briach202.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-deac-464f-a905-4984950d210b", "value": "vxx22.mine.nu" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-20f8-425b-9b16-4446950d210b", "value": "hunter52.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432174", "to_ids": true, "type": "hostname", "uuid": "559e372e-6400-4b28-920a-486f950d210b", "value": "trueartworkcollectiveonline.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-fae4-42b8-95dd-48fb950d210b", "value": "qpst.loginto.me" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-fefc-4c59-8140-433f950d210b", "value": "spamblocker.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-bba4-4757-9143-4221950d210b", "value": "u688681.nvpn.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-09a8-4921-a5ad-49fd950d210b", "value": "u744015.nvpn.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-6450-4f82-be92-4af3950d210b", "value": "coolsampcf.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432175", "to_ids": true, "type": "hostname", "uuid": "559e372f-6c84-472e-b2d2-404c950d210b", "value": "xvidmaster97x.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-49f8-46bd-aeef-418f950d210b", "value": "itsdillon.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-9610-4602-80de-4fda950d210b", "value": "tltkemissary.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-1458-417c-89a4-47e5950d210b", "value": "anon66.dyndns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-3bb4-4dc4-b5e3-4412950d210b", "value": "tltkbshades.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-5a90-4091-afb0-4a6a950d210b", "value": "eternal.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432176", "to_ids": true, "type": "hostname", "uuid": "559e3730-bf20-4cd5-b5e3-4709950d210b", "value": "server.dedistreamservers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-6354-4916-b6a8-43fb950d210b", "value": "qpst.hopto.me" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-b1a0-4d5d-bc7d-432c950d210b", "value": "fazbar2013.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-c794-4e5e-98ce-4a21950d210b", "value": "anon72.dyndns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-afdc-4010-88b4-4d4b950d210b", "value": "hustleville.dyndns-ip.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-554c-4222-99b1-43fa950d210b", "value": "bjjrat.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432177", "to_ids": true, "type": "hostname", "uuid": "559e3731-c568-42ab-bfae-4b65950d210b", "value": "bigtitays.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-f434-4ae8-9b5a-4470950d210b", "value": "hackinchawk.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-dfb0-4548-b57d-4573950d210b", "value": "brianthorsal.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-c044-4121-b260-4e10950d210b", "value": "m96.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-8548-4a37-9ff2-4ce2950d210b", "value": "billabong4102.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-35a0-46d9-a7bb-424d950d210b", "value": "u768325.nvpn.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432178", "to_ids": true, "type": "hostname", "uuid": "559e3732-6118-4fbb-9d95-42aa950d210b", "value": "host.trueartworkcollectiveonline.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-8018-490f-8335-4be4950d210b", "value": "gwmtp.tcp.trueartworkcollectiveonline.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-558c-46da-b01d-49bb950d210b", "value": "gready45trust.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-c418-4ad0-af1e-4b81950d210b", "value": "dubbiewubbie.redirectme.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-95d0-400c-8480-4568950d210b", "value": "usa2-pool-1194.nvpn.so" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-1270-4b80-b2fc-4cb2950d210b", "value": "myalibaba.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432179", "to_ids": true, "type": "hostname", "uuid": "559e3733-0958-46b0-8892-4156950d210b", "value": "dedistreamservers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-6adc-48f0-9a7a-4fa8950d210b", "value": "n1chols.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-b82c-4c30-89f4-43a8950d210b", "value": "dfs.loginto.me" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-f1ec-4032-bc74-40f3950d210b", "value": "maddencoins1.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-f210-4fab-b5b0-46fe950d210b", "value": "ynx312.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-89bc-484b-97de-4b29950d210b", "value": "thorsal.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432180", "to_ids": true, "type": "hostname", "uuid": "559e3734-59a8-443f-8e1c-477a950d210b", "value": "ownslyvvv.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432181", "to_ids": true, "type": "hostname", "uuid": "559e3735-994c-45f6-bab3-445d950d210b", "value": "hunter53.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432181", "to_ids": true, "type": "hostname", "uuid": "559e3735-5cb8-49fa-8687-4f6b950d210b", "value": "dfs1.loginto.me" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432181", "to_ids": true, "type": "hostname", "uuid": "559e3735-0260-47d5-b9b5-4260950d210b", "value": "iuy.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432181", "to_ids": true, "type": "hostname", "uuid": "559e3735-c334-4b7b-a54c-4eaa950d210b", "value": "themainsqueeze.no-ip.org" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1436432248", "to_ids": false, "type": "comment", "uuid": "559e3778-7ad0-4df5-a865-4ec5950d210b", "value": "Extracted all hostnames resolving to the IPs mentioned in the Cisco blog post" } ] } }