{ "Event": { "analysis": "2", "date": "2015-08-21", "extends_uuid": "", "info": "OSINT Tinted CVE decoy spearphising attempt on Central Bank of Armenia employees by BlueCoat", "publish_timestamp": "1440491259", "published": true, "threat_level_id": "4", "timestamp": "1440491173", "uuid": "55dc126c-1580-44c0-a6bd-44ba950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486020", "to_ids": false, "type": "link", "uuid": "55dc1284-0214-4e92-b432-4aa0950d210b", "value": "https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-attempt-central-bank-armenia-employees" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486020", "to_ids": false, "type": "link", "uuid": "55dc1284-4178-42eb-b4ff-4fb8950d210b", "value": "https://otx.alienvault.com/pulse/55d775fd67db8c7bb9cb63fb/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486065", "to_ids": true, "type": "ip-dst", "uuid": "55dc12b1-ef28-4244-a9c4-4b22950d210b", "value": "192.52.166.66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486065", "to_ids": true, "type": "md5", "uuid": "55dc12b1-6b18-4f37-bc47-412e950d210b", "value": "2d2840b305c944c882ce5e37cd74cfbc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486065", "to_ids": true, "type": "md5", "uuid": "55dc12b1-a2bc-4bfc-825c-441a950d210b", "value": "339b61c3ca3596ab6da4c2a605247fbb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486066", "to_ids": true, "type": "md5", "uuid": "55dc12b2-2374-4443-941f-4680950d210b", "value": "5322b34cb2db39d19f870b3dd17b796b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486066", "to_ids": true, "type": "md5", "uuid": "55dc12b2-477c-4867-b2e6-48ec950d210b", "value": "554c74582f38dfe21640b3ce125238c4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486066", "to_ids": true, "type": "md5", "uuid": "55dc12b2-1170-4086-8dca-4d57950d210b", "value": "63a5aea388e454f6186fabab8cd96ff7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486066", "to_ids": true, "type": "ip-dst", "uuid": "55dc12b2-df8c-465d-9a2a-4f28950d210b", "value": "78.128.92.112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": true, "type": "md5", "uuid": "55dc12b3-e9a4-4762-88d8-4f67950d210b", "value": "7f31e18efad384ed1b6f14be1860dc33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": true, "type": "ip-dst", "uuid": "55dc12b3-c9a4-4558-8504-4eb0950d210b", "value": "84.200.4.226" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": true, "type": "md5", "uuid": "55dc12b3-4638-4f10-92e9-43cc950d210b", "value": "8c1922960c1dd9290931079e1f56f08b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": true, "type": "md5", "uuid": "55dc12b3-5aa0-47d9-b839-4907950d210b", "value": "95e200169e95b73c885c032796246cfb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": false, "type": "vulnerability", "uuid": "55dc12b3-b42c-4196-8282-477f950d210b", "value": "CVE-2012-0158" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486067", "to_ids": true, "type": "md5", "uuid": "55dc12b3-0b58-4338-837d-4c68950d210b", "value": "a680ffb948da8d801eeb4f1a2a275665" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486068", "to_ids": true, "type": "domain", "uuid": "55dc12b4-d1e4-4c30-bdd5-42df950d210b", "value": "adobe-dns-3-adobe.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486068", "to_ids": true, "type": "md5", "uuid": "55dc12b4-0f28-4fa9-96a4-4550950d210b", "value": "c16f6825fd1dc4795761c211adf4616a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486068", "to_ids": true, "type": "md5", "uuid": "55dc12b4-b46c-4980-9b10-4bf3950d210b", "value": "c9b105ec2412ac0e2ace20bfa71e1450" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486068", "to_ids": true, "type": "md5", "uuid": "55dc12b4-f614-44e2-b795-4694950d210b", "value": "f2e407846e0937ab9184c0a9bb77aa95" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440486068", "to_ids": true, "type": "md5", "uuid": "55dc12b4-d9b4-456f-8801-40ca950d210b", "value": "f5db00b0fd7a9593ed6a773a5f63b105" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f5db00b0fd7a9593ed6a773a5f63b105", "deleted": false, "disable_correlation": false, "timestamp": "1440491174", "to_ids": true, "type": "sha256", "uuid": "55dc26a6-06a4-4164-aa04-46da950d210b", "value": "83a423acb1de3676befeaf745cc3dbc975743fe64c944dbe4a609e0bb3287730" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f5db00b0fd7a9593ed6a773a5f63b105", "deleted": false, "disable_correlation": false, "timestamp": "1440491174", "to_ids": true, "type": "sha1", "uuid": "55dc26a6-d7d0-4ed4-9ab6-4d19950d210b", "value": "850e9a10e6d20d33c8d2c765e22771e8919fc3ee" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491174", "to_ids": false, "type": "link", "uuid": "55dc26a6-6830-4074-84b1-42fc950d210b", "value": "https://www.virustotal.com/file/83a423acb1de3676befeaf745cc3dbc975743fe64c944dbe4a609e0bb3287730/analysis/1440427821/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f2e407846e0937ab9184c0a9bb77aa95", "deleted": false, "disable_correlation": false, "timestamp": "1440491174", "to_ids": true, "type": "sha256", "uuid": "55dc26a6-4f88-42e9-a03d-41fb950d210b", "value": "69e414e970482d627fe5b808df5c719bef27bbb6276c3abb78233d21fdab1a83" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: f2e407846e0937ab9184c0a9bb77aa95", "deleted": false, "disable_correlation": false, "timestamp": "1440491174", "to_ids": true, "type": "sha1", "uuid": "55dc26a6-f378-4f5e-a873-41ed950d210b", "value": "905d0842cc246a772c595b8cf4a4e9e517683eb7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491175", "to_ids": false, "type": "link", "uuid": "55dc26a7-b5d0-49cb-a04e-4907950d210b", "value": "https://www.virustotal.com/file/69e414e970482d627fe5b808df5c719bef27bbb6276c3abb78233d21fdab1a83/analysis/1438876521/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c9b105ec2412ac0e2ace20bfa71e1450", "deleted": false, "disable_correlation": false, "timestamp": "1440491175", "to_ids": true, "type": "sha256", "uuid": "55dc26a7-6e70-4c1f-bd2e-4f6c950d210b", "value": "9a00f0edc87a44d10369fdb9f35ebe1b1df57e01719a5b48ac3eddc068f77f87" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c9b105ec2412ac0e2ace20bfa71e1450", "deleted": false, "disable_correlation": false, "timestamp": "1440491175", "to_ids": true, "type": "sha1", "uuid": "55dc26a7-876c-4530-893c-4b7c950d210b", "value": "3cef1ca36a78cba308fb29a46b20e5ca22d03289" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491175", "to_ids": false, "type": "link", "uuid": "55dc26a7-6cd8-4124-8389-418e950d210b", "value": "https://www.virustotal.com/file/9a00f0edc87a44d10369fdb9f35ebe1b1df57e01719a5b48ac3eddc068f77f87/analysis/1440427821/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c16f6825fd1dc4795761c211adf4616a", "deleted": false, "disable_correlation": false, "timestamp": "1440491175", "to_ids": true, "type": "sha256", "uuid": "55dc26a7-97e8-4090-a8e8-4fd6950d210b", "value": "df0839dfaa115f8cc6dc67bde7b3ecadd31a5e0c03b500e667aa72a1f1d138ab" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: c16f6825fd1dc4795761c211adf4616a", "deleted": false, "disable_correlation": false, "timestamp": "1440491176", "to_ids": true, "type": "sha1", "uuid": "55dc26a8-f4ec-40dc-9dd0-403c950d210b", "value": "36093a6004a9502079b054041badc43c69a0bdeb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491176", "to_ids": false, "type": "link", "uuid": "55dc26a8-e98c-4225-92fe-43a8950d210b", "value": "https://www.virustotal.com/file/df0839dfaa115f8cc6dc67bde7b3ecadd31a5e0c03b500e667aa72a1f1d138ab/analysis/1439335705/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: a680ffb948da8d801eeb4f1a2a275665", "deleted": false, "disable_correlation": false, "timestamp": "1440491176", "to_ids": true, "type": "sha256", "uuid": "55dc26a8-9130-4142-8f5d-4a23950d210b", "value": "1642dde3699c9c939b8ee34a88c722ce67083ddea16ecf0376e588c35cf32177" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: a680ffb948da8d801eeb4f1a2a275665", "deleted": false, "disable_correlation": false, "timestamp": "1440491176", "to_ids": true, "type": "sha1", "uuid": "55dc26a8-b198-4d73-a47e-4edc950d210b", "value": "a77336620df96642691c1e5b6c91511bfa76a5be" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491176", "to_ids": false, "type": "link", "uuid": "55dc26a8-e41c-41d3-a50a-4cc6950d210b", "value": "https://www.virustotal.com/file/1642dde3699c9c939b8ee34a88c722ce67083ddea16ecf0376e588c35cf32177/analysis/1440065579/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 95e200169e95b73c885c032796246cfb", "deleted": false, "disable_correlation": false, "timestamp": "1440491177", "to_ids": true, "type": "sha256", "uuid": "55dc26a9-92a8-4331-91e3-4584950d210b", "value": "9df339e10668e549c00c84515cfbf3f943a6adfcc57883e15cec617fb24c3d8c" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 95e200169e95b73c885c032796246cfb", "deleted": false, "disable_correlation": false, "timestamp": "1440491177", "to_ids": true, "type": "sha1", "uuid": "55dc26a9-5ea4-491e-9784-4833950d210b", "value": "237784574afb8868213c900c18a114d3fa528b95" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491177", "to_ids": false, "type": "link", "uuid": "55dc26a9-e828-42cb-85ac-41f3950d210b", "value": "https://www.virustotal.com/file/9df339e10668e549c00c84515cfbf3f943a6adfcc57883e15cec617fb24c3d8c/analysis/1440184658/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 8c1922960c1dd9290931079e1f56f08b", "deleted": false, "disable_correlation": false, "timestamp": "1440491177", "to_ids": true, "type": "sha256", "uuid": "55dc26a9-8728-4e47-bd1d-4f1a950d210b", "value": "c5c5045b04714af7d9ee51b654951e4b05bbae1c4074a00c9a1d4d5008de1fbe" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 8c1922960c1dd9290931079e1f56f08b", "deleted": false, "disable_correlation": false, "timestamp": "1440491177", "to_ids": true, "type": "sha1", "uuid": "55dc26a9-5564-4b7b-877b-4d8d950d210b", "value": "ec5dadaacae763d0e55ce6a78c9a5f57b01a5135" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491178", "to_ids": false, "type": "link", "uuid": "55dc26aa-0b64-42e3-8e41-4622950d210b", "value": "https://www.virustotal.com/file/c5c5045b04714af7d9ee51b654951e4b05bbae1c4074a00c9a1d4d5008de1fbe/analysis/1439806800/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7f31e18efad384ed1b6f14be1860dc33", "deleted": false, "disable_correlation": false, "timestamp": "1440491178", "to_ids": true, "type": "sha256", "uuid": "55dc26aa-ec74-426c-a6c4-42cc950d210b", "value": "75c230b4e0f3630d36643606d83ed7490cf6bd6a77abd9c49d09ac60bb3f59db" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 7f31e18efad384ed1b6f14be1860dc33", "deleted": false, "disable_correlation": false, "timestamp": "1440491178", "to_ids": true, "type": "sha1", "uuid": "55dc26aa-917c-4bc8-8086-44e8950d210b", "value": "efc0555418a6ed641047d29178d0da3aefa7adeb" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491178", "to_ids": false, "type": "link", "uuid": "55dc26aa-a814-44f5-9b0d-4e81950d210b", "value": "https://www.virustotal.com/file/75c230b4e0f3630d36643606d83ed7490cf6bd6a77abd9c49d09ac60bb3f59db/analysis/1440065567/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 63a5aea388e454f6186fabab8cd96ff7", "deleted": false, "disable_correlation": false, "timestamp": "1440491178", "to_ids": true, "type": "sha256", "uuid": "55dc26aa-1bbc-40b4-90ba-4bc0950d210b", "value": "bf7a6ecbf7939743563e82342b2c1a8cb9e0412c974fd6e78f936d6140961c14" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 63a5aea388e454f6186fabab8cd96ff7", "deleted": false, "disable_correlation": false, "timestamp": "1440491179", "to_ids": true, "type": "sha1", "uuid": "55dc26ab-a638-4c01-8672-405a950d210b", "value": "4e8ee08ff4f8dc06aff8de2e476afafba58bdc11" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491179", "to_ids": false, "type": "link", "uuid": "55dc26ab-0e64-4d60-beba-4869950d210b", "value": "https://www.virustotal.com/file/bf7a6ecbf7939743563e82342b2c1a8cb9e0412c974fd6e78f936d6140961c14/analysis/1440184641/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 554c74582f38dfe21640b3ce125238c4", "deleted": false, "disable_correlation": false, "timestamp": "1440491179", "to_ids": true, "type": "sha256", "uuid": "55dc26ab-8974-4131-851d-45d3950d210b", "value": "741440aa42b9926fad1134382316992b7a1f783e29115ef787debbb5655ed7e6" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 554c74582f38dfe21640b3ce125238c4", "deleted": false, "disable_correlation": false, "timestamp": "1440491179", "to_ids": true, "type": "sha1", "uuid": "55dc26ab-cc44-4546-b6b8-4c4b950d210b", "value": "a09f520dded0d5292a5fa48e80de02f9af718d06" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491180", "to_ids": false, "type": "link", "uuid": "55dc26ac-7270-49cf-b1f2-4f77950d210b", "value": "https://www.virustotal.com/file/741440aa42b9926fad1134382316992b7a1f783e29115ef787debbb5655ed7e6/analysis/1440480192/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 5322b34cb2db39d19f870b3dd17b796b", "deleted": false, "disable_correlation": false, "timestamp": "1440491180", "to_ids": true, "type": "sha256", "uuid": "55dc26ac-6f28-4fda-a10b-4579950d210b", "value": "5aa9c81afe8cdebae554e858c2aab25e207a65a103071f25c3564b08046e43fc" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 5322b34cb2db39d19f870b3dd17b796b", "deleted": false, "disable_correlation": false, "timestamp": "1440491180", "to_ids": true, "type": "sha1", "uuid": "55dc26ac-03d0-442d-ae2f-4d88950d210b", "value": "a734193f550dda5c1ffd9fec3a0186a0a793449c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491180", "to_ids": false, "type": "link", "uuid": "55dc26ac-2144-4579-8b14-41f5950d210b", "value": "https://www.virustotal.com/file/5aa9c81afe8cdebae554e858c2aab25e207a65a103071f25c3564b08046e43fc/analysis/1438340654/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 339b61c3ca3596ab6da4c2a605247fbb", "deleted": false, "disable_correlation": false, "timestamp": "1440491180", "to_ids": true, "type": "sha256", "uuid": "55dc26ac-cac8-4c3b-bad3-467d950d210b", "value": "515019bb74bed64686e43995e826ea77811d7700745350c1b24d58d88697525e" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 339b61c3ca3596ab6da4c2a605247fbb", "deleted": false, "disable_correlation": false, "timestamp": "1440491181", "to_ids": true, "type": "sha1", "uuid": "55dc26ad-6c68-47e1-8556-4b6c950d210b", "value": "6090853934833d0814f9239e6746161491cccb44" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491181", "to_ids": false, "type": "link", "uuid": "55dc26ad-0fac-4d01-a88d-4d47950d210b", "value": "https://www.virustotal.com/file/515019bb74bed64686e43995e826ea77811d7700745350c1b24d58d88697525e/analysis/1439556561/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 2d2840b305c944c882ce5e37cd74cfbc", "deleted": false, "disable_correlation": false, "timestamp": "1440491181", "to_ids": true, "type": "sha256", "uuid": "55dc26ad-787c-49be-83fc-4f05950d210b", "value": "a262dc9e5855447ebd3052b06d714c76fc0656a5b426944e3b27b4a8a2eb2a7c" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 2d2840b305c944c882ce5e37cd74cfbc", "deleted": false, "disable_correlation": false, "timestamp": "1440491181", "to_ids": true, "type": "sha1", "uuid": "55dc26ad-5284-4bf2-bd8c-4d1a950d210b", "value": "b79e6a21d8c2813ec2279727746bdb685180751a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440491181", "to_ids": false, "type": "link", "uuid": "55dc26ad-6d6c-48d3-a8cf-4a70950d210b", "value": "https://www.virustotal.com/file/a262dc9e5855447ebd3052b06d714c76fc0656a5b426944e3b27b4a8a2eb2a7c/analysis/1440427820/" } ] } }