{ "Event": { "analysis": "2", "date": "2015-09-04", "extends_uuid": "", "info": "OSINT Threat Research Team Goes \u00e2\u20ac\u0153Beyond the Exploit\u00e2\u20ac\u009d in Search of Payloads from MS15-093 by bit9", "publish_timestamp": "1456870676", "published": true, "threat_level_id": "4", "timestamp": "1441627379", "uuid": "55ed7c41-5a68-4307-8184-43bc950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627244", "to_ids": false, "type": "link", "uuid": "55ed7c6c-7e0c-4f13-8d69-4188950d210b", "value": "https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627244", "to_ids": false, "type": "link", "uuid": "55ed7c6c-af98-4484-98df-4698950d210b", "value": "https://otx.alienvault.com/pulse/55ed61d667db8c6fb3515d9a/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627367", "to_ids": true, "type": "md5", "uuid": "55ed7ce7-92f0-4be2-a287-42b7950d210b", "value": "076ae76dcd0946ff913a9ce033e0ca55" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627368", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce8-8f68-4f22-b46a-41a6950d210b", "value": "103.224.81.131" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627368", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce8-a9e0-4343-8874-4361950d210b", "value": "103.249.28.5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627368", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce8-e5b0-4c0d-ac93-4522950d210b", "value": "103.249.28.6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627369", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce9-e734-45c4-9ae6-4b82950d210b", "value": "104.151.10.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627369", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce9-21b8-4bbe-979f-4af4950d210b", "value": "106.185.34.29" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627369", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ce9-166c-45a2-a5a5-418b950d210b", "value": "107.183.149.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627370", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cea-b354-40c5-890d-41a6950d210b", "value": "146.71.100.211" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627370", "to_ids": true, "type": "md5", "uuid": "55ed7cea-cbb8-4527-86fe-492b950d210b", "value": "17a5621c765d9f2e3c117517b5ea0fd2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627370", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cea-1bec-4d76-9c28-4544950d210b", "value": "180.210.207.133" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627370", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cea-e670-4f7a-85fc-4ddc950d210b", "value": "184.164.70.96" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627371", "to_ids": true, "type": "md5", "uuid": "55ed7ceb-6d60-4ec7-8c94-4423950d210b", "value": "200cc5c2482fc7968964dfc7a71f8fbd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627371", "to_ids": true, "type": "ip-dst", "uuid": "55ed7ceb-730c-4811-a3d6-4b53950d210b", "value": "216.139.227.86" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627371", "to_ids": true, "type": "md5", "uuid": "55ed7ceb-5dec-4699-acaa-41b9950d210b", "value": "22eea74f771ff142163aa5ac02025f3a" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627372", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cec-4988-4aff-ae7e-4f8f950d210b", "value": "23.228.204.6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627372", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cec-faa4-4306-951d-48a4950d210b", "value": "23.27.192.115" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627372", "to_ids": true, "type": "ip-dst", "uuid": "55ed7cec-621c-48d9-b6fa-4370950d210b", "value": "27.255.94.74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627373", "to_ids": true, "type": "md5", "uuid": "55ed7ced-b4ac-4f91-a757-450f950d210b", "value": "3475d208c6a67e7ddb3c266b79789773" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627373", "to_ids": true, "type": "md5", "uuid": "55ed7ced-ea38-4ffb-bd3a-497c950d210b", "value": "43cda62a1b68d8978ca1357f4800cdf9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627373", "to_ids": true, "type": "md5", "uuid": "55ed7ced-9aac-4b4c-90bb-4acb950d210b", "value": "66a2f4470913020780853bb06ef44b2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627373", "to_ids": true, "type": "md5", "uuid": "55ed7ced-39e4-4be3-a008-4a34950d210b", "value": "6c260baa4367578778b1ecdaaab37ef9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627374", "to_ids": true, "type": "md5", "uuid": "55ed7cee-2484-49c9-a033-44af950d210b", "value": "7cba74017b8baf7df9f6f7a42914d217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627374", "to_ids": true, "type": "md5", "uuid": "55ed7cee-2394-43a2-a7e1-4fb6950d210b", "value": "7d3e927bf918ac40b9d4bee748a34fc7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627374", "to_ids": true, "type": "md5", "uuid": "55ed7cee-901c-43e0-9ec6-4999950d210b", "value": "828d0cafe4a88c2238cd3d29d8c29c1a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627375", "to_ids": true, "type": "md5", "uuid": "55ed7cef-36b0-4d88-b4fb-4115950d210b", "value": "84bb1c8c5957125029e4fbfa9ec63045" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627375", "to_ids": true, "type": "md5", "uuid": "55ed7cef-4e60-4b5b-9b31-4432950d210b", "value": "9e5f8d0d54c22bf09913d2f5399db352" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627375", "to_ids": true, "type": "hostname", "uuid": "55ed7cef-6a5c-44ba-b9d6-4151950d210b", "value": "app.theworldfun.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627376", "to_ids": true, "type": "hostname", "uuid": "55ed7cf0-0260-4a66-801e-44d0950d210b", "value": "baba.koumm.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627376", "to_ids": true, "type": "md5", "uuid": "55ed7cf0-7e94-4065-95c1-487f950d210b", "value": "bb5a0af2a95557cbb488e8ad33760b7f" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627376", "to_ids": true, "type": "hostname", "uuid": "55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b", "value": "cmc.apecscmc.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627376", "to_ids": false, "type": "vulnerability", "uuid": "55ed7cf0-fa88-4bdd-8349-4745950d210b", "value": "CVE-2015-2502" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627377", "to_ids": true, "type": "md5", "uuid": "55ed7cf1-041c-4017-a40f-4184950d210b", "value": "ff39a8946b7e9342f57167e5eee95912" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627377", "to_ids": true, "type": "domain", "uuid": "55ed7cf1-8428-448d-924e-4f4f950d210b", "value": "gotoiknowledge.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627377", "to_ids": true, "type": "hostname", "uuid": "55ed7cf1-039c-4753-a97a-4040950d210b", "value": "mail.theworldfun.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627377", "to_ids": true, "type": "hostname", "uuid": "55ed7cf1-3b7c-4e35-a7bf-48e6950d210b", "value": "ov.theworldfun.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627378", "to_ids": true, "type": "hostname", "uuid": "55ed7cf2-6714-4087-be3d-492d950d210b", "value": "update.avupdate.tk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627378", "to_ids": true, "type": "hostname", "uuid": "55ed7cf2-08e4-460d-b0df-4c9a950d210b", "value": "www.konsocn.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627378", "to_ids": true, "type": "hostname", "uuid": "55ed7cf2-4630-4695-8cc1-47e1950d210b", "value": "www.koumm.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1441627379", "to_ids": true, "type": "hostname", "uuid": "55ed7cf3-5154-42af-a802-413c950d210b", "value": "www.theworldfun.com" }, { "category": "Payload delivery", "comment": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)", "deleted": false, "disable_correlation": false, "timestamp": "1455860221", "to_ids": true, "type": "sha1", "uuid": "56c6a9fd-22b0-44ed-af02-c654950d210f", "value": "dd4a55571b94d24703ad06476cbce9413e2f9ecf" }, { "category": "Payload delivery", "comment": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)", "deleted": false, "disable_correlation": false, "timestamp": "1455860223", "to_ids": true, "type": "sha1", "uuid": "56c6a9ff-b050-4cb5-8a2b-59a0950d210f", "value": "c7b1a2bc996f4e3cc0b7211db82f12997cdacf6f" }, { "category": "Payload delivery", "comment": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)", "deleted": false, "disable_correlation": false, "timestamp": "1455860225", "to_ids": true, "type": "sha1", "uuid": "56c6aa01-fee0-436d-992b-5f51950d210f", "value": "67ede66874fe152d107f858acf906d7a70f1f709" }, { "category": "Payload delivery", "comment": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)", "deleted": false, "disable_correlation": false, "timestamp": "1455860227", "to_ids": true, "type": "sha1", "uuid": "56c6aa03-8e24-4f43-aa2a-5f51950d210f", "value": "2d99e88c30cd805f5e346388d312f7a3e3386798" }, { "category": "Payload delivery", "comment": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)", "deleted": false, "disable_correlation": false, "timestamp": "1455860222", "to_ids": true, "type": "sha256", "uuid": "56c6a9fe-fc5c-4ec6-a32b-5f51950d210f", "value": "c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371" }, { "category": "Payload delivery", "comment": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)", "deleted": false, "disable_correlation": false, "timestamp": "1455860224", "to_ids": true, "type": "sha256", "uuid": "56c6aa00-9f50-4683-969c-4715950d210f", "value": "61900fb9841a4d6d14e990163ea575694e684beaf912f50989b0013a9634196f" }, { "category": "Payload delivery", "comment": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)", "deleted": false, "disable_correlation": false, "timestamp": "1455860226", "to_ids": true, "type": "sha256", "uuid": "56c6aa02-dd88-450b-83cf-c653950d210f", "value": "71b201a5a7dfdbe91c0a7783f845b71d066c62014b944f488de5aec6272f907c" }, { "category": "Payload delivery", "comment": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)", "deleted": false, "disable_correlation": false, "timestamp": "1455860228", "to_ids": true, "type": "sha256", "uuid": "56c6aa04-f4c8-4910-afdd-599e950d210f", "value": "56ec1ccab98c1ed67a0095b7ec8e6b17b12da3e00d357274fa37ec63ec724c07" } ] } }