{ "Event": { "analysis": "2", "date": "2015-05-18", "extends_uuid": "", "info": "OSINT Trojanized PuTTY Software by Cisco CSIRT", "publish_timestamp": "1432230558", "published": true, "threat_level_id": "3", "timestamp": "1432215514", "uuid": "555ddeca-3ecc-40e3-9ebd-177c950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215259", "to_ids": false, "type": "link", "uuid": "555ddedb-d3b0-4064-9927-f221950d210b", "value": "http://blogs.cisco.com/security/trojanized-putty-software" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1432215326", "to_ids": true, "type": "md5", "uuid": "555ddf1e-9e64-41cf-bde3-4c7b950d210b", "value": "b5c88d5af37afd13f89957150f9311ca" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1432215326", "to_ids": true, "type": "sha1", "uuid": "555ddf1e-2d64-465a-8e92-4901950d210b", "value": "51c409b7f0c641ce3670b169b9a7515ac38cdb82" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1432215327", "to_ids": true, "type": "sha256", "uuid": "555ddf1f-46a4-42d5-b9fa-4d64950d210b", "value": "d3e866e5bf18f2d9c667563de9150b705813e03377312b6974923f6af2e56291" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215354", "to_ids": false, "type": "text", "uuid": "555ddf3a-bc50-4045-9947-ab11950d210b", "value": "MalZilla" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215355", "to_ids": false, "type": "text", "uuid": "555ddf3b-fbb0-43f0-bbe3-ab11950d210b", "value": "MalPutty" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215368", "to_ids": true, "type": "domain", "uuid": "555ddf48-ee64-4898-a8fb-d8ba950d210b", "value": "ngusto-uro.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215368", "to_ids": true, "type": "domain", "uuid": "555ddf48-68b8-42a8-b9e4-d8ba950d210b", "value": "go-upload.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215368", "to_ids": true, "type": "domain", "uuid": "555ddf48-7240-488a-a033-d8ba950d210b", "value": "aliserv2013.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215391", "to_ids": true, "type": "ip-dst", "uuid": "555ddf5f-6aec-4e2f-a1a0-4eff950d210b", "value": "144.76.120.243" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215391", "to_ids": true, "type": "ip-dst", "uuid": "555ddf5f-5414-454b-afe8-492f950d210b", "value": "193.227.240.131" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215392", "to_ids": true, "type": "ip-dst", "uuid": "555ddf60-6fc4-4c78-bccc-4c07950d210b", "value": "146.185.239.3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432215417", "to_ids": true, "type": "user-agent", "uuid": "555ddf79-21c4-4c68-ae65-f221950d210b", "value": "Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.9.168 Version/11.51" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-d3a0-42ed-a9ed-f87b950d210b", "value": "http://stc-castelnaudary.fr/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-8af8-4619-b846-f87b950d210b", "value": "http://holidaystennisclub.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-b92c-4cbf-bd20-f87b950d210b", "value": "http://stonarov.wz.cz/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-9a08-4486-bbc7-f87b950d210b", "value": "http://stabryl.home.pl/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-2578-4c24-ac26-f87b950d210b", "value": "http://mohsenfeshari.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215514", "to_ids": true, "type": "url", "uuid": "555ddfda-27b8-4027-92a3-f87b950d210b", "value": "http://nwedigital.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-a4f4-4517-a9d2-f87b950d210b", "value": "http://kangasquads.com.au/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-b29c-4b92-8fb1-f87b950d210b", "value": "http://sistemaysoporte.es/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-2810-4ecc-b53d-f87b950d210b", "value": "http://straydogwinter.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-062c-45d6-a96f-f87b950d210b", "value": "http://snailmailrecall.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-c870-4e57-a9ab-f87b950d210b", "value": "http://steveacker.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-bcfc-4363-a611-f87b950d210b", "value": "http://starsretail.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-2398-4da3-9638-f87b950d210b", "value": "http://podspeak.net/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215515", "to_ids": true, "type": "url", "uuid": "555ddfdb-11f8-4890-b7c6-f87b950d210b", "value": "http://stephensimmer.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-8cc8-4bca-a421-f87b950d210b", "value": "http://biznetbrokers.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-3560-4a94-8cdb-f87b950d210b", "value": "http://ofbcorporation.com/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-7010-4aea-8de6-f87b950d210b", "value": "http://spriebel.de/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-0d44-45cc-bcca-f87b950d210b", "value": "http://siteweb.olympe.in/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-4164-453e-be2b-f87b950d210b", "value": "http://yumyums.comcastbiz.net/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-0da4-40f9-ae9c-f87b950d210b", "value": "http://prfc.com.au/putty/" }, { "category": "Network activity", "comment": "Compromised hosts", "deleted": false, "disable_correlation": false, "timestamp": "1432215516", "to_ids": true, "type": "url", "uuid": "555ddfdc-8f08-4a9f-87ba-f87b950d210b", "value": "http://helpmydiabetes.info/wp-includes/" } ] } }