{ "Event": { "analysis": "2", "date": "2014-03-11", "extends_uuid": "", "info": "OSINT - Botnet bruteforcing Point Of Sale terminals via Remote Desktop", "publish_timestamp": "1448637822", "published": true, "threat_level_id": "3", "timestamp": "1448637781", "uuid": "56587437-7f08-4381-85bc-a829950d210b", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637516", "to_ids": false, "type": "link", "uuid": "5658744c-ef14-47e7-9e75-d063950d210b", "value": "https://www.alienvault.com/open-threat-exchange/blog/botnet-bruteforcing-point-of-sale-via-remote-desktop" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637579", "to_ids": true, "type": "md5", "uuid": "5658748b-05c4-4f39-aa39-d062950d210b", "value": "c1fab4a0b7f4404baf8eab4d58b1f821" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637579", "to_ids": true, "type": "md5", "uuid": "5658748b-d880-4c69-b339-d062950d210b", "value": "c0c1f1a69a1b59c6f2dab18135a73919" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637580", "to_ids": true, "type": "md5", "uuid": "5658748c-65ec-4a2f-b54a-d062950d210b", "value": "08863d484b1ebe6359144c9a8d8027c0" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637613", "to_ids": true, "type": "ip-dst", "uuid": "565874ad-f07c-4566-ac03-d063950d210b", "value": "78.154.54.42" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0", "deleted": false, "disable_correlation": false, "timestamp": "1448637782", "to_ids": true, "type": "sha256", "uuid": "56587556-015c-403f-b13d-d8c7950d210b", "value": "7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713" }, { "category": "Payload installation", "comment": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0", "deleted": false, "disable_correlation": false, "timestamp": "1448637782", "to_ids": true, "type": "sha1", "uuid": "56587556-2aec-4136-a47c-d8c7950d210b", "value": "fb357bb5d9c2de75afa69bfec8c22041b02e03df" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637782", "to_ids": false, "type": "link", "uuid": "56587556-f56c-4a2e-a8a9-d8c7950d210b", "value": "https://www.virustotal.com/file/7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713/analysis/1445904969/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919", "deleted": false, "disable_correlation": false, "timestamp": "1448637783", "to_ids": true, "type": "sha256", "uuid": "56587557-ade0-4c81-9d2c-d8c7950d210b", "value": "4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919", "deleted": false, "disable_correlation": false, "timestamp": "1448637783", "to_ids": true, "type": "sha1", "uuid": "56587557-e36c-4e34-95a4-d8c7950d210b", "value": "e284b886851623a944e6f3d8507314b3217935ce" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637784", "to_ids": false, "type": "link", "uuid": "56587558-6980-4313-b36d-d8c7950d210b", "value": "https://www.virustotal.com/file/4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a/analysis/1445913257/" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821", "deleted": false, "disable_correlation": false, "timestamp": "1448637784", "to_ids": true, "type": "sha256", "uuid": "56587558-7c28-496f-acc2-d8c7950d210b", "value": "47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0" }, { "category": "Payload installation", "comment": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821", "deleted": false, "disable_correlation": false, "timestamp": "1448637784", "to_ids": true, "type": "sha1", "uuid": "56587558-87ec-4a37-8c00-d8c7950d210b", "value": "f63479cd40b56652721a95f059dedfb96478bbaa" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1448637785", "to_ids": false, "type": "link", "uuid": "56587559-32b0-46d1-9223-d8c7950d210b", "value": "https://www.virustotal.com/file/47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0/analysis/1408612721/" } ] } }