adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/56580480-2738-4888-98be-b742950d210b.json

319 lines
No EOL
9.7 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "0",
"date": "2015-11-27",
"extends_uuid": "",
"info": "OSINT Expansion on APT-28 - Evolving Threats: dissection of a Cyber-Espionage attack",
"publish_timestamp": "1468246298",
"published": true,
"threat_level_id": "1",
"timestamp": "1448612175",
"uuid": "56580480-2738-4888-98be-b742950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#33FF00",
"local": false,
"name": "tlp:green",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608932",
"to_ids": false,
"type": "text",
"uuid": "565804a4-6bc8-4dbb-88c4-4b02950d210b",
"value": "APT28"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608932",
"to_ids": false,
"type": "text",
"uuid": "565804a4-5b60-4e42-a2db-4a6c950d210b",
"value": "Sednit"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608933",
"to_ids": false,
"type": "text",
"uuid": "565804a5-7c14-4b8f-8ad5-40cc950d210b",
"value": "Sofacy"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608981",
"to_ids": true,
"type": "domain",
"uuid": "565804d5-38bc-4e6e-9cc0-b791950d210b",
"value": "microsofthelpcenter.info"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608982",
"to_ids": true,
"type": "domain",
"uuid": "565804d6-aa04-48b1-99ee-b791950d210b",
"value": "1oo7.net"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608982",
"to_ids": true,
"type": "domain",
"uuid": "565804d6-f130-4582-8c10-b791950d210b",
"value": "microsoftdriver.com"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608983",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d7-4408-4786-b006-b791950d210b",
"value": "198.105.125.74"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608983",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d7-d8f4-4eba-a35a-b791950d210b",
"value": "66.172.12.133"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608984",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d8-a4fc-4721-8b3a-b791950d210b",
"value": "45.64.105.23"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608984",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d8-e720-4012-b480-b791950d210b",
"value": "176.31.112.10"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608985",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d9-6174-41e1-a430-b791950d210b",
"value": "176.31.96.178"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608985",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804d9-df2c-490e-95fb-b791950d210b",
"value": "87.236.215.13"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608986",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804da-08a8-40f5-9bd1-b791950d210b",
"value": "46.19.138.66"
},
{
"category": "Network activity",
"comment": "CnC list paragraph",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448608986",
"to_ids": true,
"type": "ip-dst",
"uuid": "565804da-f894-4f3d-8fed-b791950d210b",
"value": "5.199.171.58"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609035",
"to_ids": false,
"type": "link",
"uuid": "5658050b-9fe8-45be-bf50-b742950d210b",
"value": "http://www.rsaconference.com/writable/presentations/file_upload/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609036",
"to_ids": false,
"type": "link",
"uuid": "5658050c-3aec-4100-b938-b742950d210b",
"value": "https://github.com/gasgas4/APTnotes/blob/master/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf"
},
{
"category": "Network activity",
"comment": "Combing through screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609210",
"to_ids": true,
"type": "domain",
"uuid": "565805ba-f6fc-43db-90bb-b376950d210b",
"value": "militaryexponews.com"
},
{
"category": "Network activity",
"comment": "Combing through screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609212",
"to_ids": true,
"type": "domain",
"uuid": "565805bc-f64c-4cc5-b5a3-b376950d210b",
"value": "irwing.org"
},
{
"category": "Network activity",
"comment": "Combing through screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609212",
"to_ids": true,
"type": "domain",
"uuid": "565805bc-10fc-4f47-a3a9-b376950d210b",
"value": "eservicesystems.net"
},
{
"category": "Network activity",
"comment": "Combing through screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609213",
"to_ids": true,
"type": "domain",
"uuid": "565805bd-6630-4743-ba10-b376950d210b",
"value": "windowsappstore.net"
},
{
"category": "Network activity",
"comment": "Combing through screenshots",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448609213",
"to_ids": true,
"type": "ip-dst",
"uuid": "565805bd-4320-414c-9afd-b376950d210b",
"value": "131.72.136.10"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448611989",
"to_ids": false,
"type": "comment",
"uuid": "56581095-fba8-4c69-bd27-b376950d210b",
"value": "Additional IOCs found combing through screenshots & using threatCrowd.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448612064",
"to_ids": false,
"type": "comment",
"uuid": "565810e0-b624-4b74-9335-401f950d210b",
"value": "GET to URLs containing the follwoing tokens: /find/?itwm= &from= &utm= &oprnd= &from=\r\nPOST to URLs containing the follwoing tokens: /open/?ags= &ags= &oprnd= &channel= &itwm="
},
{
"category": "Network activity",
"comment": "Resolution of domain irwing.org",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448612173",
"to_ids": true,
"type": "ip-dst",
"uuid": "5658114d-bc94-4a40-8080-485d950d210b",
"value": "204.12.244.58"
},
{
"category": "Network activity",
"comment": "Resolution of domain irwing.org",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448612174",
"to_ids": true,
"type": "ip-dst",
"uuid": "5658114e-9a4c-4fac-92a3-4868950d210b",
"value": "104.200.17.202"
},
{
"category": "Network activity",
"comment": "Resolution of domain irwing.org",
"deleted": false,
"disable_correlation": false,
"timestamp": "1448612174",
"to_ids": true,
"type": "ip-dst",
"uuid": "5658114e-1b48-4304-87ec-4fc9950d210b",
"value": "104.200.17.53"
}
]
}
}
Reference in a new issue View git blame Copy permalink