{ "Event": { "analysis": "2", "date": "2014-10-11", "extends_uuid": "", "info": "OSINT Shellshock exploitation from Red Sky Weekly blog post", "publish_timestamp": "1413374133", "published": true, "threat_level_id": "3", "timestamp": "1413280400", "uuid": "543cf0a2-e1d8-4c20-bb05-9177950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#33FF00", "name": "tlp:green" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413279919", "to_ids": false, "type": "comment", "uuid": "543cf0af-1304-42f8-9cf7-42b4950d210b", "value": "Data encoded by David Andr\u00c3\u00a9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413279928", "to_ids": false, "type": "link", "uuid": "543cf0b9-c5c0-42e6-b945-46bb950d210b", "value": "http://henrybasset.blogspot.be/2014/10/red-sky-weekly-faq-and-shellshock.html" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280142", "to_ids": true, "type": "ip-dst", "uuid": "543cf18e-6100-428f-864a-4de7950d210b", "value": "14.163.12.119" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280142", "to_ids": true, "type": "ip-dst", "uuid": "543cf18e-f66c-40da-98ad-4de7950d210b", "value": "77.29.189.34" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-8fac-4e40-9326-4de7950d210b", "value": "78.15.20.81" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-b118-4936-9543-4de7950d210b", "value": "78.161.195.166" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-0728-4008-9466-4de7950d210b", "value": "79.136.130.110" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-5528-4b05-bdf2-4de7950d210b", "value": "88.253.229.151" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-3d48-4092-a4bc-4de7950d210b", "value": "93.139.212.67" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-6e78-49f0-8b5e-4de7950d210b", "value": "109.227.100.189" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-dca4-47c7-842a-4de7950d210b", "value": "112.156.18.40" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-e554-4f24-854c-4de7950d210b", "value": "113.171.116.163" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-bff0-41bd-8694-4de7950d210b", "value": "117.218.186.16" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-c6ac-47f7-b5ca-4de7950d210b", "value": "118.172.123.111" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-3230-4742-a4a7-4de7950d210b", "value": "119.130.114.154" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-f10c-4936-953b-4de7950d210b", "value": "124.123.75.68" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-645c-4977-ab04-4de7950d210b", "value": "178.120.175.81" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-242c-42d9-9cac-4de7950d210b", "value": "178.121.79.68" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-d94c-45cd-af72-4de7950d210b", "value": "190.49.241.220" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-c1d0-4f85-83d4-4de7950d210b", "value": "190.82.114.190" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280143", "to_ids": true, "type": "ip-dst", "uuid": "543cf18f-cc10-4c57-ace5-4de7950d210b", "value": "223.206.54.26" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280273", "to_ids": false, "type": "text", "uuid": "543cf211-4a54-4093-8a47-4de7950d210b", "value": "Goga Gastoyan" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280273", "to_ids": false, "type": "text", "uuid": "543cf211-65bc-49c8-8e04-4de7950d210b", "value": "bash@blogbuddy.ru" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280273", "to_ids": false, "type": "text", "uuid": "543cf211-fb30-4c8c-ba0f-4de7950d210b", "value": "+7.4957452002" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280318", "to_ids": true, "type": "domain", "uuid": "543cf23e-5c20-4500-b707-d188950d210b", "value": "google-traffic-analytics.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280340", "to_ids": true, "type": "hostname", "uuid": "543cf254-72d4-49fa-9efc-451b950d210b", "value": "stats.google-traffic-analytics.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280348", "to_ids": true, "type": "url", "uuid": "543cf25c-bbb4-4960-ae47-4d43950d210b", "value": "http://google-traffic-analytics.com/cl.py" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280381", "to_ids": false, "type": "link", "uuid": "543cf27d-4270-4d4e-8c62-4246950d210b", "value": "https://www.virustotal.com/en/file/052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d/analysis/" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1413280400", "to_ids": true, "type": "md5", "uuid": "543cf290-1650-4d10-9448-4eaf950d210b", "value": "7847e83ad52b8b32ae14522e1a960370" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280442", "to_ids": true, "type": "sha1", "uuid": "543cf2ba-5b48-4477-a48b-9177950d210b", "value": "24b24379c3a6e554d77428faa22b4176d78499b7" }, { "category": "Artifacts dropped", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1413280442", "to_ids": true, "type": "sha256", "uuid": "543cf2ba-5774-4371-ae45-9177950d210b", "value": "052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d" } ] } }