{ "Event": { "analysis": "2", "date": "2014-10-30", "extends_uuid": "", "info": "OSINT Black Energy 2 malware analysis blog post by Joseph Mlodzianowski", "publish_timestamp": "1444059774", "published": true, "threat_level_id": "2", "timestamp": "1444059767", "uuid": "5464a711-55dc-4416-aad2-4aba950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#33FF00", "name": "tlp:green" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882527", "to_ids": false, "type": "link", "uuid": "5464a71f-6484-4c06-be36-49d4950d210b", "value": "http://sub0day.com/2014/10/black-energy-ii-ii/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882536", "to_ids": false, "type": "comment", "uuid": "5464a728-9560-4fa9-b497-4daf950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882639", "to_ids": true, "type": "ip-dst", "uuid": "5464a78f-c6e4-4074-92d5-4d5f950d210b", "value": "5.79.80.166" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882639", "to_ids": true, "type": "ip-dst", "uuid": "5464a78f-3430-4010-9490-4f4e950d210b", "value": "5.61.38.31" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882639", "to_ids": true, "type": "ip-dst", "uuid": "5464a78f-43e8-4a60-857f-47c8950d210b", "value": "5.255.87.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882639", "to_ids": true, "type": "ip-dst", "uuid": "5464a78f-ec18-4bca-89c6-4b7a950d210b", "value": "37.220.34.56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-85b4-460e-b87f-49a9950d210b", "value": "46.165.222.6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-8d88-499d-99bf-408c950d210b", "value": "46.165.222.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-abdc-4659-af76-41d6950d210b", "value": "46.4.28.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-0038-4117-b2c4-452b950d210b", "value": "4.65.222.28" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-a3e8-4914-8375-43d2950d210b", "value": "78.46.40.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-0c8c-4def-9609-4b8d950d210b", "value": "84.19.161.123" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-a85c-4beb-94cd-43f3950d210b", "value": "85.17.94.134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-180c-4281-a965-492b950d210b", "value": "89.149.223.205" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-f2a8-4332-8318-48a9950d210b", "value": "95.143.193.182" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-0f34-44b7-b699-4b00950d210b", "value": "95.211.122.36" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-355c-484d-91db-445b950d210b", "value": "109.236.88.12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-e3ec-4ae5-b50b-45ca950d210b", "value": "124.217.253.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-dd60-4fb1-918a-4a2f950d210b", "value": "184.22.205.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882640", "to_ids": true, "type": "ip-dst", "uuid": "5464a790-d79c-4070-8085-4050950d210b", "value": "188.227.176.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882641", "to_ids": true, "type": "ip-dst", "uuid": "5464a791-6cac-4bd9-8f22-47d9950d210b", "value": "194.28.172.58" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882641", "to_ids": true, "type": "ip-dst", "uuid": "5464a791-5748-4632-82c8-4b1b950d210b", "value": "212.124.110.62" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882698", "to_ids": true, "type": "regkey|value", "uuid": "5464a7ca-a034-44c3-ba38-43d9950d210b", "value": "HKLM\\SYSTEM\\ControlSet001\\Services\\xliigeobghmg\\ImagePath|%TEMP%\\ristialm.sys" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882733", "to_ids": true, "type": "filename", "uuid": "5464a7ed-9588-4885-be90-4c22950d210b", "value": "%TEMP%\\ristialm.sys" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415882907", "to_ids": true, "type": "domain", "uuid": "5464a89b-8480-4502-bdaa-4ea8950d210b", "value": "agxxgle.in" }, { "category": "Network activity", "comment": "POST", "deleted": false, "disable_correlation": false, "timestamp": "1415882921", "to_ids": true, "type": "url", "uuid": "5464a8a9-9704-47f3-9d30-445a950d210b", "value": "http://agxxgle.in/good/getcfg.php" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1444059767", "to_ids": false, "type": "text", "uuid": "56129a77-a6c4-4e25-a213-42d0950d210b", "value": "BlackEnergy" } ] } }