adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/588df693-0480-41bd-b8fd-4e9302de0b81.json

318 lines
No EOL
10 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-01-29",
"extends_uuid": "",
"info": "OSINT - #OCJP-133: Hancitor\u00e3\u0192\u017e\u00e3\u0192\u00ab\u00e3\u201a\u00a6\u00e3\u201a\u00a7\u00e3\u201a\u00a2\u00e6\u201e\u0178\u00e6\u0178\u201c \u00e3\u0081\u00a8 \u00e3\u0192\u008f\u00e3\u0192\u0192\u00e3\u201a\u00ad\u00e3\u0192\u00b3\u00e3\u201a\u00b0\u00e3\u0081\u2022\u00e3\u201a\u0152\u00e3\u0081\u0178Wordpress",
"publish_timestamp": "1485701896",
"published": true,
"threat_level_id": "3",
"timestamp": "1485700355",
"uuid": "588df693-0480-41bd-b8fd-4e9302de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0c9200",
"local": false,
"name": "misp-galaxy:tool=\"Hancitor\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485699075",
"to_ids": false,
"type": "link",
"uuid": "588df77f-b26c-4985-9fbc-8c6f02de0b81",
"value": "http://blog.0day.jp/2017/01/ocjp-133-hancitorwordpress.html",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": false,
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485699837",
"to_ids": false,
"type": "link",
"uuid": "588df837-b088-4518-9cd0-404a02de0b81",
"value": "https://otx.alienvault.com/pulse/588dc57f5aa00d150559d1e1/",
"Tag": [
{
"colour": "#004577",
"local": false,
"name": "osint:source-type=\"block-or-filter-list\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Hancitor CNC, Trojan Fareit CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700355",
"to_ids": true,
"type": "ip-dst",
"uuid": "588dfbdc-32e0-4688-a878-424202de0b81",
"value": "95.169.190.104",
"Tag": [
{
"colour": "#7600bf",
"local": false,
"name": "adversary:infrastructure-type=\"proxy\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Zeus/Pony Panel/CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700061",
"to_ids": true,
"type": "domain",
"uuid": "588dfbdd-0c94-439c-9612-4d8002de0b81",
"value": "rowatterding.ru"
},
{
"category": "Network activity",
"comment": "Zeus/Pony Panel/CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700062",
"to_ids": true,
"type": "domain",
"uuid": "588dfbde-0244-46c1-8a74-47b602de0b81",
"value": "fortrittotfor.ru"
},
{
"category": "Network activity",
"comment": "Zeus/Pony Panel/CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700062",
"to_ids": true,
"type": "domain",
"uuid": "588dfbde-eee8-4585-b7d1-4d9f02de0b81",
"value": "fortmamuchco.ru"
},
{
"category": "Network activity",
"comment": "Hancitor CNC, Trojan Fareit CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700063",
"to_ids": true,
"type": "domain",
"uuid": "588dfbdf-aa44-4f47-ad24-49a702de0b81",
"value": "howbetmarow.ru"
},
{
"category": "Network activity",
"comment": "Zeus/Pony Panel/CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700313",
"to_ids": true,
"type": "domain",
"uuid": "588dfbe0-f6cc-4473-a496-4cd902de0b81",
"value": "aningronbut.ru",
"Tag": [
{
"colour": "#9100ea",
"local": false,
"name": "adversary:infrastructure-type=\"panel\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Zeus/Pony Panel/CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700323",
"to_ids": true,
"type": "ip-dst",
"uuid": "588dfbe1-e7d0-4a5c-99ee-4a7802de0b81",
"value": "46.166.172.105",
"Tag": [
{
"colour": "#9100ea",
"local": false,
"name": "adversary:infrastructure-type=\"panel\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "ZeusPanel and also Trojan Fareit CNC",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700335",
"to_ids": true,
"type": "ip-dst",
"uuid": "588dfbe1-5db4-4f29-b1f9-412a02de0b81",
"value": "62.76.89.178",
"Tag": [
{
"colour": "#9100ea",
"local": false,
"name": "adversary:infrastructure-type=\"panel\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Hancitor DOC Malware Hash",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700066",
"to_ids": true,
"type": "sha1",
"uuid": "588dfbe2-e548-4a27-aed8-476702de0b81",
"value": "7085d46b2fb3763464c63918f16f534e2d86a7fb"
},
{
"category": "Payload delivery",
"comment": "Hancitor DLL Malware Hash",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700067",
"to_ids": true,
"type": "sha1",
"uuid": "588dfbe3-c8a8-40c3-84e1-482f02de0b81",
"value": "8b3a8d24022fe6ee4292b36efa62f95ae4bdda53"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700068",
"to_ids": true,
"type": "url",
"uuid": "588dfbe4-c12c-4d5c-9e82-427a02de0b81",
"value": "http://howbetmarow.ru/ls5/forum.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700068",
"to_ids": true,
"type": "url",
"uuid": "588dfbe4-1738-4dd0-aa7f-4c0502de0b81",
"value": "http://howbetmarow.ru/klu/forum.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700069",
"to_ids": true,
"type": "url",
"uuid": "588dfbe5-8160-441b-ad1b-44f602de0b81",
"value": "http://aningronbut.ru/bdk/gate.php"
},
{
"category": "Payload delivery",
"comment": "Hancitor DLL Malware Hash - Xchecked via VT: 8b3a8d24022fe6ee4292b36efa62f95ae4bdda53",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700127",
"to_ids": true,
"type": "sha256",
"uuid": "588dfc1f-1c44-41e7-8248-8c6c02de0b81",
"value": "edd954f233c0f72ecf4beb0e63177969a297c6ee8e1da2bcc90924b922da0d88"
},
{
"category": "Payload delivery",
"comment": "Hancitor DLL Malware Hash - Xchecked via VT: 8b3a8d24022fe6ee4292b36efa62f95ae4bdda53",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700127",
"to_ids": true,
"type": "md5",
"uuid": "588dfc1f-6304-454c-86b0-8c6c02de0b81",
"value": "fb436eeb13a673a30cbadbf781db4add"
},
{
"category": "External analysis",
"comment": "Hancitor DLL Malware Hash - Xchecked via VT: 8b3a8d24022fe6ee4292b36efa62f95ae4bdda53",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700128",
"to_ids": false,
"type": "link",
"uuid": "588dfc20-fa44-4d8d-b90d-8c6c02de0b81",
"value": "https://www.virustotal.com/file/edd954f233c0f72ecf4beb0e63177969a297c6ee8e1da2bcc90924b922da0d88/analysis/1485679503/"
},
{
"category": "Payload delivery",
"comment": "Hancitor DOC Malware Hash - Xchecked via VT: 7085d46b2fb3763464c63918f16f534e2d86a7fb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700129",
"to_ids": true,
"type": "sha256",
"uuid": "588dfc21-d5f0-45fa-98f5-8c6c02de0b81",
"value": "190140f672fa138a01e4928714ff8b3c0bc0baabeb36ced9c9801dd032cdfe51"
},
{
"category": "Payload delivery",
"comment": "Hancitor DOC Malware Hash - Xchecked via VT: 7085d46b2fb3763464c63918f16f534e2d86a7fb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700129",
"to_ids": true,
"type": "md5",
"uuid": "588dfc21-a46c-49f3-8ef5-8c6c02de0b81",
"value": "c0a0a6be5dbb5ce5ba08ea01fbd87e42"
},
{
"category": "External analysis",
"comment": "Hancitor DOC Malware Hash - Xchecked via VT: 7085d46b2fb3763464c63918f16f534e2d86a7fb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1485700130",
"to_ids": false,
"type": "link",
"uuid": "588dfc22-003c-4f2b-a084-8c6c02de0b81",
"value": "https://www.virustotal.com/file/190140f672fa138a01e4928714ff8b3c0bc0baabeb36ced9c9801dd032cdfe51/analysis/1485523743/"
}
]
}
}
Reference in a new issue View git blame Copy permalink