adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/54e1a3f3-be8c-4840-88ce-f2d9950d210b.json

473 lines
No EOL
14 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2015-02-10",
"extends_uuid": "",
"info": "OSINT MSRT February update from Microsoft",
"publish_timestamp": "1424078776",
"published": true,
"threat_level_id": "3",
"timestamp": "1424074675",
"uuid": "54e1a3f3-be8c-4840-88ce-f2d9950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#33FF00",
"local": false,
"name": "tlp:green",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073859",
"to_ids": false,
"type": "link",
"uuid": "54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
"value": "http://blogs.technet.com/b/mmpc/archive/2015/02/10/msrt-february-escad-and-nukesped.aspx"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-d028-4fda-ab40-4a72950d210b",
"value": "ansi.nls"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-8168-4254-ac41-4968950d210b",
"value": "dayipmr.tbl"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-d668-4806-9d14-4f42950d210b",
"value": "netmonsvc.dll"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-fbe0-41f8-a0c8-439b950d210b",
"value": "pmsconfig.msi"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-88c8-490f-b24f-4cd5950d210b",
"value": "pmslog.msi"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a42f-d918-4c44-b106-4a5c950d210b",
"value": "rdmgr.dll"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a430-5cf0-4c2f-959b-4d51950d210b",
"value": "remoteevtmanager.dll"
},
{
"category": "Artifacts dropped",
"comment": "Escad",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073829",
"to_ids": true,
"type": "filename",
"uuid": "54e1a430-7e34-4f23-bda3-425c950d210b",
"value": "tmscompg.msi"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073842",
"to_ids": false,
"type": "text",
"uuid": "54e1a472-d4f8-43eb-89af-20b7950d210b",
"value": "Escad"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073842",
"to_ids": false,
"type": "text",
"uuid": "54e1a472-ec94-484f-9bea-20b7950d210b",
"value": "Nukesped"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073886",
"to_ids": false,
"type": "link",
"uuid": "54e1a49e-d43c-4564-9b46-f2d9950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Jinupd"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073886",
"to_ids": false,
"type": "link",
"uuid": "54e1a49e-04d8-4a50-b68a-f2d9950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/NukeSped"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073937",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d1-4284-43c9-a77a-fae5950d210b",
"value": "comon32.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073937",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d1-48d4-49d8-864a-fae5950d210b",
"value": "diskpartmg16.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073937",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d1-ad7c-4595-a65c-fae5950d210b",
"value": "dpnsvr16.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073937",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d1-9748-4092-978b-fae5950d210b",
"value": "expandmn32.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073937",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d1-21c0-404f-b2d2-fae5950d210b",
"value": "hwrcompsvc64.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073938",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d2-9554-44d8-9496-fae5950d210b",
"value": "mobsynclm64.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073938",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d2-d004-4aef-b376-fae5950d210b",
"value": "rdpshellex32.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073938",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d2-42d0-4147-b45a-fae5950d210b",
"value": "recdiscm32.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073938",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d2-56bc-4405-9c3e-fae5950d210b",
"value": "taskchg16.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424073938",
"to_ids": true,
"type": "filename",
"uuid": "54e1a4d2-1998-4bee-abae-fae5950d210b",
"value": "taskhosts64.exe"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074195",
"to_ids": false,
"type": "comment",
"uuid": "54e1a5d3-e2b4-498d-ac48-40c3950d210b",
"value": "Seems to be related to Sony hack based on the screenshots on the february update page"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074207",
"to_ids": false,
"type": "comment",
"uuid": "54e1a5df-cfdc-4928-af6f-fae5950d210b",
"value": "Data entered by David Andr\u00c3\u00a9"
},
{
"category": "Network activity",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074349",
"to_ids": true,
"type": "domain",
"uuid": "54e1a66d-d5bc-4f3b-afad-dadf950d210b",
"value": "dailygiftclub.info"
},
{
"category": "Network activity",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074349",
"to_ids": true,
"type": "domain",
"uuid": "54e1a66d-5a08-45f2-8d7e-dadf950d210b",
"value": "dailygiftclub1.info"
},
{
"category": "Network activity",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074349",
"to_ids": true,
"type": "domain",
"uuid": "54e1a66d-6da8-4100-956c-dadf950d210b",
"value": "priv8darkshop.com"
},
{
"category": "Network activity",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074349",
"to_ids": true,
"type": "domain",
"uuid": "54e1a66d-a538-40a0-9882-dadf950d210b",
"value": "sopvps.hk"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074363",
"to_ids": false,
"type": "text",
"uuid": "54e1a67b-cf10-473d-803a-4753950d210b",
"value": "Jinupd"
},
{
"category": "Artifacts dropped",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074431",
"to_ids": true,
"type": "filename",
"uuid": "54e1a6aa-88b0-4aef-ad0b-430e950d210b",
"value": "%APPDATA%\\java se platform updater\\jusched.exe"
},
{
"category": "Artifacts dropped",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074431",
"to_ids": true,
"type": "filename",
"uuid": "54e1a6aa-ea00-4864-9e3b-4b7a950d210b",
"value": "%APPDATA%\\java platform updater\\jusched.exe"
},
{
"category": "Artifacts dropped",
"comment": "Jinupd",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074431",
"to_ids": true,
"type": "filename",
"uuid": "54e1a6aa-06c8-4e4f-8d50-4e61950d210b",
"value": "%TEMP%\\svchost.exe"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074477",
"to_ids": true,
"type": "filename",
"uuid": "54e1a6ed-0db0-41ab-b75b-20b7950d210b",
"value": "%TEMP% \\usbdrv3.sys"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074511",
"to_ids": true,
"type": "filename",
"uuid": "54e1a70f-2744-46bd-b771-426c950d210b",
"value": "%windir% \\iissvr.exe"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074559",
"to_ids": false,
"type": "link",
"uuid": "54e1a73f-bafc-4cc7-8141-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.C!dha"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074559",
"to_ids": false,
"type": "link",
"uuid": "54e1a73f-1158-4659-901c-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.B!dha"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074559",
"to_ids": false,
"type": "link",
"uuid": "54e1a73f-97fc-4ceb-8345-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.A!dha"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074675",
"to_ids": true,
"type": "filename",
"uuid": "54e1a7b3-bc64-4713-be9c-4c95950d210b",
"value": "usbdrv3_32bit.sys"
},
{
"category": "Artifacts dropped",
"comment": "NukeSped",
"deleted": false,
"disable_correlation": false,
"timestamp": "1424074675",
"to_ids": true,
"type": "filename",
"uuid": "54e1a7b3-7460-4a04-afb5-45eb950d210b",
"value": "usbdrv3_64bit.sys"
}
]
}
}
Reference in a new issue View git blame Copy permalink