{ "Event": { "analysis": "2", "date": "2020-12-15", "extends_uuid": "632aaf17-44db-4c3e-bf97-59820990491a", "info": "OSINT Threat Advisory: SolarWinds supply chain attack", "publish_timestamp": "1608022110", "published": true, "threat_level_id": "1", "timestamp": "1608022091", "uuid": "e6d2f7c9-c183-43c9-bd3c-3dcfbb34665c", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "c07901d2-ca25-4986-84c4-f45a3d4f9937", "value": "avsvmcloud.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "16bb46e1-e3ee-41a5-b1d4-b0adff96a433", "value": "zupertech.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "432b2d64-6a64-404c-adf6-4bba616cbc7b", "value": "panhardware.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "c2c90e65-9240-4223-92b1-5cdf29b413e6", "value": "databasegalore.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "b2f7c60c-95e0-41a0-94f6-a07b3aeb7ba3", "value": "incomeupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "c8dd6cd6-2013-4ca2-9662-bf47ec8fabe4", "value": "highdatabase.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "35eb0eb7-c945-41f5-85f2-ee28e4b088e6", "value": "websitetheme.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "a576de5e-3459-4748-abf7-e524283a2097", "value": "freescanonline.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "3889ee21-49be-459b-8c01-064532e02b75", "value": "virtualdataserver.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "00645cce-0a90-454f-bffa-42c82953f638", "value": "deftsecurity.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "ea49694a-96f1-430d-b809-e4026a06db8c", "value": "thedoccloud.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "ea94b805-134d-45b9-95e7-e35ac94579a7", "value": "digitalcollege.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "4494738b-8193-49b7-9765-f594448319fb", "value": "globalnetworkissues.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "b82f53a3-007d-44cc-ae1d-58b717e46126", "value": "seobundlekit.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020180", "to_ids": true, "type": "domain", "uuid": "70aa6792-60ef-41b3-972f-4d3ec5c3f717", "value": "virtualwebdata.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "cdff90cd-9e2e-4f54-929f-1836956a914c", "value": "019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "d760f240-4654-4bb3-8bf5-9d33763e7c0f", "value": "32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "ecd50b7b-338a-4e92-8531-6c99094f3de7", "value": "ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "aff00f43-175b-4c0f-b347-fc140c8a8e87", "value": "c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "64c1e9eb-0647-4333-9a10-f4bca1232aef", "value": "c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "d108c2c1-5063-43da-b244-13b578932877", "value": "ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "cbe65ce5-1942-493c-a528-d3a84ac0997f", "value": "d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "23fe01ed-a5b5-419b-add3-4c69d41e2a96", "value": "dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608020221", "to_ids": false, "type": "link", "uuid": "2d2d112b-d8d6-4402-b4e7-65e76744e1a1", "value": "https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1608020306", "uuid": "a20fef59-369c-49a0-8e44-90f88f0b4026", "ObjectReference": [ { "comment": "", "object_uuid": "a20fef59-369c-49a0-8e44-90f88f0b4026", "referenced_uuid": "f8629dcd-1aac-4818-a9ab-491c2344c795", "relationship_type": "analysed-with", "timestamp": "0", "uuid": "56a65a39-9a45-4b4d-b6c7-ba3aaeaba588" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1608020195", "to_ids": true, "type": "md5", "uuid": "ad4f510a-81a5-4481-a9ad-8a7e44d6b5db", "value": "02af7cec58b9a5da1c542b5a32151ba1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1608020195", "to_ids": true, "type": "sha1", "uuid": "c4064a2a-5b1d-4d02-81c2-e6e967bcfe16", "value": "1b476f58ca366b54f34d714ffce3fd73cc30db1a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "a7e47a3f-3e92-4cda-a249-e6ce74f0c163", "value": "d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1608020306", "uuid": "f8629dcd-1aac-4818-a9ab-491c2344c795", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1608020195", "to_ids": false, "type": "datetime", "uuid": "4b114d22-6e88-4edd-a380-447c957f6b00", "value": "2020-12-15T08:08:23+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1608020195", "to_ids": false, "type": "link", "uuid": "3cc15b9f-7b5d-4772-947e-21f2deab16d6", "value": "https://www.virustotal.com/gui/file/d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600/detection/f-d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600-1608019703" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1608020195", "to_ids": false, "type": "text", "uuid": "b0daaf8c-4ba1-464b-9dbe-e23adf6bbc9a", "value": "6/48" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1608020306", "uuid": "094b634a-771e-4086-a212-7d72fb6b3989", "ObjectReference": [ { "comment": "", "object_uuid": "094b634a-771e-4086-a212-7d72fb6b3989", "referenced_uuid": "3fc73855-0ef4-4a27-8fc5-83b812d489eb", "relationship_type": "analysed-with", "timestamp": "0", "uuid": "5770d26d-78c4-44ea-a7b2-383d214ab8dc" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1608020195", "to_ids": true, "type": "md5", "uuid": "4de1b3df-5a74-465e-a00a-67202e1c2c64", "value": "2c4a910a1299cdae2a4e55988a2f102e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1608020195", "to_ids": true, "type": "sha1", "uuid": "683d5788-f97d-483c-9bb7-9b3cf60cf41d", "value": "2f1a5a7411d015d01aaee4535835400191645023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "f5995db8-4562-4346-9def-e1cf94cdd9ce", "value": "019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1608020306", "uuid": "3fc73855-0ef4-4a27-8fc5-83b812d489eb", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1608020195", "to_ids": false, "type": "datetime", "uuid": "aabd4c40-51c2-44db-aff9-e22d42ff8073", "value": "2020-12-15T08:07:29+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1608020195", "to_ids": false, "type": "link", "uuid": "2bd19d5b-2579-46b2-83e2-802aeb053746", "value": "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1608019649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1608020195", "to_ids": false, "type": "text", "uuid": "49603f27-23c5-47da-8b0c-d467bfaec90d", "value": "38/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1608020306", "uuid": "37dbabfb-262e-4835-889e-2e5595f7c0e4", "ObjectReference": [ { "comment": "", "object_uuid": "37dbabfb-262e-4835-889e-2e5595f7c0e4", "referenced_uuid": "1b572e2c-d1ce-4cdf-a083-130a37e2db24", "relationship_type": "analysed-with", "timestamp": "0", "uuid": "fecc9df4-f9f1-491b-b560-5539f760532e" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1608020195", "to_ids": true, "type": "md5", "uuid": "b477bfcb-5d94-4cb6-ae77-3745e57ce8fb", "value": "56ceb6d0011d87b6e4d7023d7ef85676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1608020195", "to_ids": true, "type": "sha1", "uuid": "5472182e-2cc7-47f9-b922-f01bb9912d2d", "value": "75af292f34789a1c782ea36c7127bf6106f595e8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "0074cba1-1d85-45fd-8689-b42279adbebc", "value": "c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1608020306", "uuid": "1b572e2c-d1ce-4cdf-a083-130a37e2db24", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1608020195", "to_ids": false, "type": "datetime", "uuid": "6cc5b161-ca94-401a-ac7e-c88c80c83535", "value": "2020-12-15T08:02:48+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1608020195", "to_ids": false, "type": "link", "uuid": "9e33a77b-2ac6-4575-89ff-6a8b4267ed01", "value": "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1608019368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1608020195", "to_ids": false, "type": "text", "uuid": "8aa4bec2-67e3-4f3b-979e-6ddc36335eeb", "value": "39/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1608020306", "uuid": "15a9eca3-03a5-49b3-ba45-63f381932aad", "ObjectReference": [ { "comment": "", "object_uuid": "15a9eca3-03a5-49b3-ba45-63f381932aad", "referenced_uuid": "1f475208-7094-488e-805e-9c3fdc643171", "relationship_type": "analysed-with", "timestamp": "0", "uuid": "4e6ff508-c5d3-4c0b-be58-ad9a64fea2ab" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1608020195", "to_ids": true, "type": "md5", "uuid": "badc70a7-af3c-4e0b-8aba-c490f6cb2d7f", "value": "b91ce2fa41029f6955bff20079468448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1608020195", "to_ids": true, "type": "sha1", "uuid": "a9c748ef-de3b-4651-acf6-0d1a8a728ce8", "value": "76640508b1e7759e548771a5359eaed353bf1eec" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "a6d73582-dc77-4845-88fc-fbb14ae6345b", "value": "32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1608020306", "uuid": "1f475208-7094-488e-805e-9c3fdc643171", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1608020195", "to_ids": false, "type": "datetime", "uuid": "9f9f7467-bb1e-487e-a310-a356bbbba48c", "value": "2020-12-15T08:06:06+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1608020195", "to_ids": false, "type": "link", "uuid": "adaee742-60b7-4662-92b3-54c2ac7f0aa0", "value": "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1608019566" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1608020195", "to_ids": false, "type": "text", "uuid": "6ac308e3-251a-40b6-9cd9-b0611bdfa5ab", "value": "36/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "22", "timestamp": "1608020306", "uuid": "2daa2208-4a80-4d53-9e40-43714e196dc2", "ObjectReference": [ { "comment": "", "object_uuid": "2daa2208-4a80-4d53-9e40-43714e196dc2", "referenced_uuid": "3e830e40-5537-4262-8890-6662846770c8", "relationship_type": "analysed-with", "timestamp": "0", "uuid": "98eaba18-73b6-48e4-9620-dcb40c88c24a" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1608020195", "to_ids": true, "type": "md5", "uuid": "37a6d3b2-4717-4036-b1e9-b9c8d58300c6", "value": "846e27a652a5e1bfbd0ddd38a16dc865" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1608020195", "to_ids": true, "type": "sha1", "uuid": "5a80f110-783e-4def-a459-404fd6cf8d93", "value": "d130bd75645c2433f88ac03e73395fba172ef676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1608020195", "to_ids": true, "type": "sha256", "uuid": "d582a583-c37c-42f5-b6c6-60f3d3fdc74a", "value": "ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "3", "timestamp": "1608020306", "uuid": "3e830e40-5537-4262-8890-6662846770c8", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1608020195", "to_ids": false, "type": "datetime", "uuid": "21cb4f65-7f18-4e2e-b9b7-c504ccb796c4", "value": "2020-12-15T08:11:50+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1608020195", "to_ids": false, "type": "link", "uuid": "47343bb3-e08d-48d2-b02d-e505db8558d9", "value": "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1608019910" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1608020195", "to_ids": false, "type": "text", "uuid": "b9305874-956b-4547-b2e2-75b94c05d537", "value": "38/70" } ] } ] } }