{ "Event": { "analysis": "2", "date": "2015-01-17", "extends_uuid": "", "info": "OSINT Potential CNC base on CCNE activities described in NSA document leak", "publish_timestamp": "1471512100", "published": true, "threat_level_id": "4", "timestamp": "1471511981", "uuid": "57b57c2f-9218-4138-bd36-48e4950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#ffffff", "name": "OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471511629", "to_ids": false, "type": "link", "uuid": "57b57c4d-2b1c-4b31-a6e2-4acc950d210f", "value": "http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409-2.html" }, { "category": "External analysis", "comment": "page 22", "deleted": false, "disable_correlation": false, "timestamp": "1471511647", "to_ids": false, "type": "link", "uuid": "57b57c5f-427c-47f8-91fb-4ca8950d210f", "value": "http://www.spiegel.de/media/media-35684.pdf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471511739", "to_ids": true, "type": "domain", "uuid": "57b57cbb-57d8-48a6-a9c5-4355950d210f", "value": "mcee.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471511739", "to_ids": true, "type": "domain", "uuid": "57b57cbb-e2cc-4184-9628-4437950d210f", "value": "sandrogolinelli.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471511739", "to_ids": true, "type": "domain", "uuid": "57b57cbb-b380-46eb-b811-4d13950d210f", "value": "transpersia.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471511783", "to_ids": false, "type": "comment", "uuid": "57b57ce7-a878-4cbe-b248-4f65950d210f", "value": "The document is about 4th party collection by NSA (NSA collecting data that other 3rd parties obtain via hacking)." }, { "category": "Artifacts dropped", "comment": "Hash mentioned on PassiveTotal as linked to mcee.org according to data from ProofPoint", "deleted": false, "disable_correlation": false, "timestamp": "1471511937", "to_ids": true, "type": "md5", "uuid": "57b57d81-eab8-4bb3-9396-49ea950d210f", "value": "610695802715595c52cafa0c19ff5a20" }, { "category": "Network activity", "comment": "sandrogolinelli.net resolved to that IP between 2014-01-23 03:04:41 & 2014-02-05 00:00:00", "deleted": false, "disable_correlation": false, "timestamp": "1471511981", "to_ids": true, "type": "ip-dst", "uuid": "57b57dad-d18c-43aa-8e4c-4701950d210f", "value": "208.73.210.155" } ] } }