{ "Event": { "analysis": "2", "date": "2020-02-26", "extends_uuid": "", "info": "Interesting Recon Script", "publish_timestamp": "1582912045", "published": true, "threat_level_id": "3", "timestamp": "1582912038", "uuid": "5e55be1a-3a30-48ae-9934-4199950d210f", "Orgc": { "name": "wilbursecurity.com", "uuid": "5e16d2bc-5c68-4ef1-bc80-47f5950d210f" }, "Tag": [ { "colour": "#50003a", "local": "0", "name": "kill-chain:Reconnaissance", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "Recon Script from zhacker.net", "deleted": false, "disable_correlation": false, "timestamp": "1582857122", "to_ids": false, "type": "link", "uuid": "5e587ba2-f51c-4069-9303-b66e950d210f", "value": "https://pastebin.com/8QmnA7eE" }, { "category": "External analysis", "comment": "Commands ran by recon script", "deleted": false, "disable_correlation": false, "timestamp": "1582912038", "to_ids": false, "type": "link", "uuid": "5e587bd2-af38-44b4-83ed-b0a0950d210f", "value": "https://pastebin.com/TixDfqZK" }, { "category": "External analysis", "comment": "Blog post", "deleted": false, "disable_correlation": false, "timestamp": "1582857541", "to_ids": false, "type": "link", "uuid": "5e587d45-2be4-4c22-b28c-6a86950d210f", "value": "https://www.wilbursecurity.com/2020/02/interesting-recon-script/" } ] } }