{ "Event": { "analysis": "0", "date": "2015-08-20", "extends_uuid": "", "info": "OSINT Cheshire Cat", "publish_timestamp": "1440061755", "published": true, "threat_level_id": "1", "timestamp": "1440060835", "uuid": "55d58a12-3644-4378-8ca9-44a6950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440057994", "to_ids": false, "type": "link", "uuid": "55d58a8a-fa5c-4e2d-bac4-4768950d210b", "value": "http://kernelmode.info/forum/viewtopic.php?f=16&t=3981" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440057995", "to_ids": false, "type": "link", "uuid": "55d58a8b-e044-40ca-abf3-4c2c950d210b", "value": "https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Marquis-Boire" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440057995", "to_ids": false, "type": "link", "uuid": "55d58a8b-0d10-410d-9354-4554950d210b", "value": "https://otx.alienvault.com/pulse/55d3d4c74637f226f7391154/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058005", "to_ids": false, "type": "text", "uuid": "55d58a95-daa0-4309-9cb8-41a3950d210b", "value": "Cheshire Cat" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058069", "to_ids": true, "type": "sha256", "uuid": "55d58ad5-f798-4f29-9fde-49ef950d210b", "value": "63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058070", "to_ids": true, "type": "domain", "uuid": "55d58ad6-9b1c-4315-87e5-4b18950d210b", "value": "apartmentsin-paris.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058070", "to_ids": true, "type": "domain", "uuid": "55d58ad6-42a8-471d-bde8-4de6950d210b", "value": "au-skydivelessons.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058070", "to_ids": true, "type": "domain", "uuid": "55d58ad6-0800-43bb-a744-4b8d950d210b", "value": "beautifuldaisies.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058070", "to_ids": true, "type": "domain", "uuid": "55d58ad6-5ea8-44a8-9250-45c3950d210b", "value": "brazil-crazybungee.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058070", "to_ids": true, "type": "domain", "uuid": "55d58ad6-2c7c-46df-acfa-40e9950d210b", "value": "bungee4you-br.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058071", "to_ids": true, "type": "domain", "uuid": "55d58ad7-053c-4bf6-bc43-401c950d210b", "value": "bungee4you-uy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058071", "to_ids": true, "type": "domain", "uuid": "55d58ad7-9938-4cf5-9b42-4c22950d210b", "value": "bungeejumping-br.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058071", "to_ids": true, "type": "domain", "uuid": "55d58ad7-c2c0-48d1-93fa-4d39950d210b", "value": "bungeejumping-uy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058071", "to_ids": true, "type": "domain", "uuid": "55d58ad7-58b8-4e0a-887f-444b950d210b", "value": "china-flowershop.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058071", "to_ids": true, "type": "domain", "uuid": "55d58ad7-6040-425a-b2da-47c5950d210b", "value": "circlesofourlives-ir.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058072", "to_ids": true, "type": "domain", "uuid": "55d58ad8-90ec-476f-b0f8-4ec6950d210b", "value": "clickflowers-hk.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058072", "to_ids": true, "type": "domain", "uuid": "55d58ad8-8b1c-4daf-a8ae-4cd2950d210b", "value": "crazy-jump.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058072", "to_ids": true, "type": "domain", "uuid": "55d58ad8-4068-4766-8adf-422f950d210b", "value": "crazyjump-uy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058072", "to_ids": true, "type": "domain", "uuid": "55d58ad8-7af0-4255-bbb6-4017950d210b", "value": "cropcirclestours.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058072", "to_ids": true, "type": "domain", "uuid": "55d58ad8-8e64-4cd6-a90a-47e8950d210b", "value": "dive-extreme.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058073", "to_ids": true, "type": "domain", "uuid": "55d58ad9-332c-4204-9448-4867950d210b", "value": "divextreme-ar.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058073", "to_ids": true, "type": "domain", "uuid": "55d58ad9-bea4-466d-95cd-455e950d210b", "value": "divextreme-au.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058073", "to_ids": true, "type": "domain", "uuid": "55d58ad9-5a84-476f-9640-44b1950d210b", "value": "euro-rafting.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058073", "to_ids": true, "type": "domain", "uuid": "55d58ad9-7ed0-4b83-85e4-4802950d210b", "value": "eurorafting-tr.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058073", "to_ids": true, "type": "domain", "uuid": "55d58ad9-8710-41db-b093-4b44950d210b", "value": "franceholidayapartments.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058074", "to_ids": true, "type": "domain", "uuid": "55d58ada-5dac-4142-b813-420f950d210b", "value": "groupbungee-br.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058074", "to_ids": true, "type": "domain", "uuid": "55d58ada-f3e4-4142-8cfa-4a33950d210b", "value": "groupbungee-uy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058074", "to_ids": true, "type": "domain", "uuid": "55d58ada-4804-4b84-87e4-49c4950d210b", "value": "groupdive-au.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058074", "to_ids": true, "type": "domain", "uuid": "55d58ada-70f0-43dd-a0ed-4233950d210b", "value": "groupdive.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058074", "to_ids": true, "type": "domain", "uuid": "55d58ada-da7c-4abf-87df-4665950d210b", "value": "holidayapartments-paris.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058075", "to_ids": true, "type": "domain", "uuid": "55d58adb-dc78-4784-bf5e-4d60950d210b", "value": "holidayapartments4you.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058075", "to_ids": true, "type": "domain", "uuid": "55d58adb-2bf8-4d31-b3b8-4b11950d210b", "value": "hongkong-bouquets.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058075", "to_ids": true, "type": "domain", "uuid": "55d58adb-1538-47d7-a764-4a1c950d210b", "value": "ir-cool.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058075", "to_ids": true, "type": "domain", "uuid": "55d58adb-7cd8-48c1-90cc-4916950d210b", "value": "irelancropcircles.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058075", "to_ids": true, "type": "domain", "uuid": "55d58adb-5c20-4a4a-9e48-408b950d210b", "value": "magnificentcircles.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058076", "to_ids": true, "type": "domain", "uuid": "55d58adc-1efc-481d-ba4d-434e950d210b", "value": "paris-holidayapartments.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058076", "to_ids": true, "type": "domain", "uuid": "55d58adc-58fc-4c3e-b118-4fa6950d210b", "value": "raftingholiday.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058076", "to_ids": true, "type": "domain", "uuid": "55d58adc-94b4-439f-8245-40bd950d210b", "value": "raftingtours-turkey.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058076", "to_ids": true, "type": "domain", "uuid": "55d58adc-960c-4c90-af9d-4bcc950d210b", "value": "rosesinchina.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058076", "to_ids": true, "type": "domain", "uuid": "55d58adc-089c-41f5-8440-4d3c950d210b", "value": "skydivelessons.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058077", "to_ids": true, "type": "domain", "uuid": "55d58add-d078-45ba-aaa3-49cf950d210b", "value": "stuntjumps.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058077", "to_ids": true, "type": "domain", "uuid": "55d58add-9c94-4a8d-8ca1-4e07950d210b", "value": "tandemskydive-ar.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058077", "to_ids": true, "type": "domain", "uuid": "55d58add-828c-4c5d-8303-4865950d210b", "value": "tandemskydive-au.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058077", "to_ids": true, "type": "domain", "uuid": "55d58add-6274-46d9-8828-4e73950d210b", "value": "turkeyextremerafting.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058077", "to_ids": true, "type": "domain", "uuid": "55d58add-a2d4-490e-b924-4043950d210b", "value": "uruguay-crazybungee.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058142", "to_ids": true, "type": "md5", "uuid": "55d58b1e-8630-4ec2-ac16-4b94950d210b", "value": "e2ca6cca598d47dee311f06920c1efde" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058142", "to_ids": true, "type": "md5", "uuid": "55d58b1e-c448-4474-ba0a-496d950d210b", "value": "4e0a3498438adda8c50c3e101cfa86c5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058143", "to_ids": true, "type": "md5", "uuid": "55d58b1f-70a0-40c4-9bae-4d3a950d210b", "value": "3ba57784d7fd4302fe74beb648b28dc1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440058143", "to_ids": true, "type": "md5", "uuid": "55d58b1f-66bc-4770-b9de-4f5c950d210b", "value": "fa1e5eec39910a34ede1c4351ccecec8" }, { "category": "External analysis", "comment": "Unconfirmed group name used by Kaspersky, menioned in the kernelMode forum thread", "deleted": false, "disable_correlation": false, "timestamp": "1440058234", "to_ids": false, "type": "text", "uuid": "55d58b7a-a920-48ad-953c-44f3950d210b", "value": "Flowershop" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: e2ca6cca598d47dee311f06920c1efde", "deleted": false, "disable_correlation": false, "timestamp": "1440060835", "to_ids": true, "type": "sha1", "uuid": "55d595a3-cec4-476c-84b0-0ec5950d210b", "value": "7384156ef7282c4bb6a4d0d4e9498a6a40df2377" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: e2ca6cca598d47dee311f06920c1efde", "deleted": false, "disable_correlation": false, "timestamp": "1440060835", "to_ids": true, "type": "sha256", "uuid": "55d595a3-8e54-4af9-9a9d-0ec5950d210b", "value": "dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440060835", "to_ids": false, "type": "link", "uuid": "55d595a3-d218-4f01-a17f-0ec5950d210b", "value": "https://www.virustotal.com/file/dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8/analysis/1439822856/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4e0a3498438adda8c50c3e101cfa86c5", "deleted": false, "disable_correlation": false, "timestamp": "1440060836", "to_ids": true, "type": "sha1", "uuid": "55d595a4-a3f8-4bee-8eba-0ec5950d210b", "value": "0655670f1cb40e84ba12adb9711f001269712054" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4e0a3498438adda8c50c3e101cfa86c5", "deleted": false, "disable_correlation": false, "timestamp": "1440060836", "to_ids": true, "type": "sha256", "uuid": "55d595a4-7768-4726-b67f-0ec5950d210b", "value": "ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440060836", "to_ids": false, "type": "link", "uuid": "55d595a4-32b0-4d21-98e5-0ec5950d210b", "value": "https://www.virustotal.com/file/ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300/analysis/1439558789/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: fa1e5eec39910a34ede1c4351ccecec8", "deleted": false, "disable_correlation": false, "timestamp": "1440060836", "to_ids": true, "type": "sha1", "uuid": "55d595a4-c2f0-434c-8c47-0ec5950d210b", "value": "ca3c5872080ec86a041b2b887caec9f28ba7b884" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: fa1e5eec39910a34ede1c4351ccecec8", "deleted": false, "disable_correlation": false, "timestamp": "1440060836", "to_ids": true, "type": "sha256", "uuid": "55d595a4-eaa0-4fe5-ad8b-0ec5950d210b", "value": "c074aeef97ce81e8c68b7376b124546cabf40e2cd3aff1719d9daa6c3f780532" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440060837", "to_ids": false, "type": "link", "uuid": "55d595a5-782c-46d7-a9bf-0ec5950d210b", "value": "https://www.virustotal.com/file/c074aeef97ce81e8c68b7376b124546cabf40e2cd3aff1719d9daa6c3f780532/analysis/1440038879/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3ba57784d7fd4302fe74beb648b28dc1", "deleted": false, "disable_correlation": false, "timestamp": "1440060837", "to_ids": true, "type": "sha1", "uuid": "55d595a5-e170-464e-8929-0ec5950d210b", "value": "648a62d74ab1076e66a7a70f0899b8093eca2b01" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3ba57784d7fd4302fe74beb648b28dc1", "deleted": false, "disable_correlation": false, "timestamp": "1440060837", "to_ids": true, "type": "sha256", "uuid": "55d595a5-6f24-4901-bcf3-0ec5950d210b", "value": "32159d2a16397823bc882ddd3cd77ecdbabe0fde934e62f297b8ff4d7b89832a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440060837", "to_ids": false, "type": "link", "uuid": "55d595a5-a7f8-4e72-8fcd-0ec5950d210b", "value": "https://www.virustotal.com/file/32159d2a16397823bc882ddd3cd77ecdbabe0fde934e62f297b8ff4d7b89832a/analysis/1439460874/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb", "deleted": false, "disable_correlation": false, "timestamp": "1440060837", "to_ids": true, "type": "md5", "uuid": "55d595a5-aef8-436f-b9f4-0ec5950d210b", "value": "7b0e7297d5157586f4075098be9efc8c" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb", "deleted": false, "disable_correlation": false, "timestamp": "1440060838", "to_ids": true, "type": "sha1", "uuid": "55d595a6-f3f0-4163-9e01-0ec5950d210b", "value": "421156c4858878ef8beeadf54c4549095445b682" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1440060838", "to_ids": false, "type": "link", "uuid": "55d595a6-f484-4119-84b7-0ec5950d210b", "value": "https://www.virustotal.com/file/63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb/analysis/1439461052/" } ] } }