{ "Event": { "analysis": "2", "date": "2013-02-08", "extends_uuid": "", "info": "OSINT Adobe Zero-day Used in LadyBoyle Attack blog post by Symantec", "publish_timestamp": "1415890076", "published": true, "threat_level_id": "2", "timestamp": "1415874584", "uuid": "546481a0-fc90-4aa4-8508-4a68950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#33FF00", "local": "0", "name": "tlp:green", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415872940", "to_ids": false, "type": "link", "uuid": "546481ac-fbc4-43b5-b8a1-4e92950d210b", "value": "http://www.symantec.com/connect/blogs/adobe-zero-day-used-ladyboyle-attack" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415872952", "to_ids": false, "type": "text", "uuid": "546481b8-b910-42cc-8be7-4761950d210b", "value": "LadyBoyle" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415872965", "to_ids": false, "type": "comment", "uuid": "546481c5-f1dc-4fcf-93f1-e5f1950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415872995", "to_ids": false, "type": "vulnerability", "uuid": "546481e3-0f90-46c1-91c1-4ce9950d210b", "value": "CVE-2013-0634" }, { "category": "External analysis", "comment": "Link in original Symantec page. Not working anymore.", "deleted": false, "disable_correlation": false, "timestamp": "1415873198", "to_ids": false, "type": "link", "uuid": "54648248-0040-4104-9f56-44f2950d210b", "value": "http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415873096", "to_ids": false, "type": "link", "uuid": "54648248-cc04-414e-a1ee-4249950d210b", "value": "http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874340", "to_ids": false, "type": "text", "uuid": "54648724-036c-4c89-97b0-46cc950d210b", "value": "Bloodhound.Flash.19" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874340", "to_ids": false, "type": "text", "uuid": "54648724-a2a8-4413-b22e-4df4950d210b", "value": "Bloodhound.Flash.20" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874394", "to_ids": false, "type": "text", "uuid": "5464875b-de3c-4891-954d-45bd950d210b", "value": "Trojan.Mdropper" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874395", "to_ids": false, "type": "text", "uuid": "5464875b-068c-4a32-bb0d-4d0d950d210b", "value": "Trojan.Swifi" }, { "category": "Antivirus detection", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874395", "to_ids": false, "type": "text", "uuid": "5464875b-e3f4-4e22-9461-48f2950d210b", "value": "Backdoor.Boda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874444", "to_ids": true, "type": "hostname", "uuid": "5464878c-a8c4-4e30-8aac-4c56950d210b", "value": "ieee.boeing-job.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-82ac-4d61-ab31-43f6950d210b", "value": "369p.mail-signin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-cbdc-47ef-8691-41c3950d210b", "value": "bm1k8.4pu.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-14cc-4247-9b47-4710950d210b", "value": "cti.moobesring.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-d68c-4f45-8b69-4031950d210b", "value": "domcon.microtrendsoft.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-04ac-4b46-b669-4182950d210b", "value": "engage.intelfox.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-8728-4f29-b861-457f950d210b", "value": "funny.greenitenergy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-6178-49e4-953e-4dc7950d210b", "value": "i0i0i.3322.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874487", "to_ids": true, "type": "hostname", "uuid": "546487b7-7904-4f08-a38c-4ade950d210b", "value": "krjregh.sacreeflame.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-17f0-48e2-b367-4fe7950d210b", "value": "lol.dns-lookup.us" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-c8a0-45ad-a428-401e950d210b", "value": "lywja.healthsvsolu.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-36fc-4db2-b188-460c950d210b", "value": "matrix.linkerservices.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-df14-48e7-a97a-4a8a950d210b", "value": "mx.dns221.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-09d4-49a6-a7e2-49f6950d210b", "value": "piping.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-fb70-4b90-b13d-419b950d210b", "value": "ru.pad62.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-e7b8-46b6-b030-45d9950d210b", "value": "stmp.allshell.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-6ef8-45be-b149-4e34950d210b", "value": "support.icoredb.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-d0f8-44a0-925e-4d49950d210b", "value": "svr01.passport.serveuser.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-0610-4df9-9689-4642950d210b", "value": "ukupdate.masteradvz.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-ef30-441a-977c-4ea0950d210b", "value": "update.mysq1.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-1ec4-444a-a8f0-4dbd950d210b", "value": "update.updates.mefound.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-3e3c-4ee9-9018-429e950d210b", "value": "update1.mysq1.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-fdf4-481e-87b9-493b950d210b", "value": "update3.effers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-6d34-4a88-aac3-4c71950d210b", "value": "updatedns.itemdb.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874488", "to_ids": true, "type": "hostname", "uuid": "546487b8-f194-40b8-80d6-420d950d210b", "value": "updatedns.serveuser.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874546", "to_ids": true, "type": "md5", "uuid": "546487f2-9190-488f-9642-468d950d210b", "value": "3de314089db35af9baaeefc598f09b23" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874546", "to_ids": true, "type": "md5", "uuid": "546487f2-ddec-465b-b0ad-46cc950d210b", "value": "2568615875525003688839cb8950aeae" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415874584", "to_ids": true, "type": "user-agent", "uuid": "54648818-d770-495e-9995-4be9950d210b", "value": "lynx" } ] } }