adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59e9ec59-a888-48e4-afb4-441602de0b81.json

699 lines
No EOL
22 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-10-20",
"extends_uuid": "",
"info": "OSINT - IoT_reaper: A Rappid Spreading New IoT Botnet",
"publish_timestamp": "1508585726",
"published": true,
"threat_level_id": "3",
"timestamp": "1508585697",
"uuid": "59e9ec59-a888-48e4-afb4-441602de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#22681c",
"local": false,
"name": "malware_classification:malware-category=\"Botnet\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": false,
"type": "link",
"uuid": "59e9ec90-ee0c-4b5e-aaec-492302de0b81",
"value": "http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": false,
"type": "comment",
"uuid": "59e9ecad-8c48-49dd-a92a-452902de0b81",
"value": "IoT_reaper is fairly large now and is actively expanding. For example, there are multiple C2s we are tracking, the most recently data (October 19) from just one C2 shows the number of unique active bot IP address is more than 10k per day. While at the same time, there are millions of potential vulnerable device IPs being queued into the c2 system waiting to be processed by an automatic loader that injects malicious code to the devices to expand the size of the botnet.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Downloader server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "ip-dst",
"uuid": "59e9eeb7-a164-4f42-9652-461a02de0b81",
"value": "162.211.183.192"
},
{
"category": "Network activity",
"comment": "Downloader subdomain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "hostname",
"uuid": "59e9eeb7-6aa8-45c8-961c-4c2502de0b81",
"value": "d.hl852.com"
},
{
"category": "Network activity",
"comment": "Controler server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "ip-dst",
"uuid": "59e9eeb7-5ba8-498f-896e-485902de0b81",
"value": "27.102.101.121"
},
{
"category": "Network activity",
"comment": "Controler subdomain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "hostname",
"uuid": "59e9eeb7-cbc8-469a-a116-423202de0b81",
"value": "e.hl852.com"
},
{
"category": "Network activity",
"comment": "Reporter server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "ip-dst",
"uuid": "59e9eeb7-bbc8-4ae0-8af6-418602de0b81",
"value": "222.112.82.231"
},
{
"category": "Network activity",
"comment": "Reporter subdomain",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "hostname",
"uuid": "59e9eeb7-15a4-4495-9b8f-4faa02de0b81",
"value": "f.hl852.com"
},
{
"category": "Network activity",
"comment": "loader server",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "ip-dst",
"uuid": "59e9eeb7-034c-4e17-8222-449802de0b81",
"value": "119.82.26.157"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f00e-7a44-4700-8f9e-494702de0b81",
"value": "ca92a3b74a65ce06035fcc280740daf6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-3368-4f39-a74d-63a302de0b81",
"value": "http://cbk99.com:8080/run.lua"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-1278-4d91-8f95-63a302de0b81",
"value": "http://bbk80.com/api/api.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-cc8c-4703-8905-63a302de0b81",
"value": "http://103.1.221.40/63ae01/39xjsda.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-6074-432e-acfb-63a302de0b81",
"value": "http://162.211.183.192/down/server.armel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-c9b4-459f-9101-63a302de0b81",
"value": "http://162.211.183.192/sa"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-875c-428a-b7ea-63a302de0b81",
"value": "http://162.211.183.192/sa5"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-d810-46c8-a9a9-63a302de0b81",
"value": "http://162.211.183.192/server.armel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-14f4-42b0-90a9-63a302de0b81",
"value": "http://162.211.183.192/sm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-4e94-4313-a1e7-63a302de0b81",
"value": "http://162.211.183.192/xget"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-306c-4d0b-bd33-63a302de0b81",
"value": "http://198.44.241.220:8080/run.lua"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-a548-4fc9-8b56-63a302de0b81",
"value": "http://23.234.51.91/control-ARM-LSB"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-8018-4ce4-9a79-63a302de0b81",
"value": "http://23.234.51.91/control-MIPS32-MSB"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-c038-4783-9ba5-63a302de0b81",
"value": "http://23.234.51.91/htam5le"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-25d8-4bab-97e0-63a302de0b81",
"value": "http://23.234.51.91/htmpbe"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-10ac-4ae2-aa45-63a302de0b81",
"value": "http://27.102.101.121/down/1506753086"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "url",
"uuid": "59e9f0a4-35b4-4b0f-8326-63a302de0b81",
"value": "http://27.102.101.121/down/1506851514"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-64ac-41b8-9297-414f02de0b81",
"value": "3182a132ee9ed2280ce02144e974220a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-f044-4860-9374-4ef802de0b81",
"value": "3d680273377b67e6491051abe17759db"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-a8d0-4e19-b894-468502de0b81",
"value": "41ef6a5c5b2fde1b367685c7b8b3c154"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-85f8-4634-bc2c-464f02de0b81",
"value": "4406bace3030446371df53ebbdc17785"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-a050-49c0-8e85-443402de0b81",
"value": "4e2f58ba9a8a2bf47bdc24ee74956c73"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-a1cc-444d-95de-4c7302de0b81",
"value": "596b3167fe0d13e3a0cfea6a53209be4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-9858-4a32-8e8f-45bd02de0b81",
"value": "6587173d571d2a587c144525195daec9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-4f9c-4a43-ae98-40c402de0b81",
"value": "6f91694106bb6d5aaa7a7eac841141d9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-57fc-4a54-b8be-4c9c02de0b81",
"value": "704098c8a8a6641a04d25af7406088e1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-3698-48cc-b1f2-45bd02de0b81",
"value": "726d0626f66d5cacfeff36ed954dad70"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-b1d8-476d-8dad-48e302de0b81",
"value": "76be3db77c7eb56825fe60009de2a8f2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-6c3c-4cd8-bd62-460d02de0b81",
"value": "95b448bdf6b6c97a33e1d1dbe41678eb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-b7f0-4ef6-9ef3-419702de0b81",
"value": "9ad8473148e994981454b3b04370d1ec"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-1640-4c1a-be3c-42de02de0b81",
"value": "9f8e8b62b5adaf9c4b5bdbce6b2b95d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-068c-4219-b032-443f02de0b81",
"value": "a3401685d8d9c7977180a5c6df2f646a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-0af0-4c52-9467-466c02de0b81",
"value": "abe79b8e66c623c771acf9e21c162f44"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f231-d5bc-4e25-9c96-4c2102de0b81",
"value": "b2d4a77244cd4f704b65037baf82d897"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f232-b2f8-4dfd-824f-4db402de0b81",
"value": "e9a03dbde09c6b0a83eefc9c295711d7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f232-f124-44ba-ad41-4dfd02de0b81",
"value": "f9ec2427377cbc6afb4a7ff011e0de77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585688",
"to_ids": true,
"type": "md5",
"uuid": "59e9f232-a28c-4a15-8099-41c102de0b81",
"value": "fb7c00afe00eeefb5d8a24d524f99370"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 726d0626f66d5cacfeff36ed954dad70",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha256",
"uuid": "59eb30d9-1e08-4929-b460-4f0102de0b81",
"value": "2acb0bc56baddeb26a091ff12a39463130243321720d0789375887f4117d8c1a"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 726d0626f66d5cacfeff36ed954dad70",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha1",
"uuid": "59eb30d9-1e68-4719-88f7-490202de0b81",
"value": "cd078ef54430c9ef9aa24dfbb7c89456f13e86f6"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 726d0626f66d5cacfeff36ed954dad70",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": false,
"type": "link",
"uuid": "59eb30d9-d6f0-4fb1-8c54-47c502de0b81",
"value": "https://www.virustotal.com/file/2acb0bc56baddeb26a091ff12a39463130243321720d0789375887f4117d8c1a/analysis/1508525830/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 704098c8a8a6641a04d25af7406088e1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha256",
"uuid": "59eb30d9-a2ec-44a4-ad93-44e802de0b81",
"value": "b8e489068780fff439268a4f3e5feb572356615be043596656d7a1624689b21a"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 704098c8a8a6641a04d25af7406088e1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha1",
"uuid": "59eb30d9-e074-414f-91f9-409b02de0b81",
"value": "694ab441edcd6da67312df7f006a9ab1951a5c24"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 704098c8a8a6641a04d25af7406088e1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": false,
"type": "link",
"uuid": "59eb30d9-6d24-43d6-a9c5-4d7102de0b81",
"value": "https://www.virustotal.com/file/b8e489068780fff439268a4f3e5feb572356615be043596656d7a1624689b21a/analysis/1508529398/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f91694106bb6d5aaa7a7eac841141d9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha256",
"uuid": "59eb30d9-cd84-4368-a26f-4d1102de0b81",
"value": "e2ed207461032f4bf96cfd36e54cd883186592860056bd96df94e73f5b7db035"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 6f91694106bb6d5aaa7a7eac841141d9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha1",
"uuid": "59eb30d9-bcc8-45f0-8ed0-4c5102de0b81",
"value": "8756fc70cf05d558d086c669e449ca007f2b2f05"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 6f91694106bb6d5aaa7a7eac841141d9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": false,
"type": "link",
"uuid": "59eb30d9-f558-4a09-9f68-4e8d02de0b81",
"value": "https://www.virustotal.com/file/e2ed207461032f4bf96cfd36e54cd883186592860056bd96df94e73f5b7db035/analysis/1508539638/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 4406bace3030446371df53ebbdc17785",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha256",
"uuid": "59eb30d9-d900-4cb8-a597-4f5602de0b81",
"value": "c2978651935f9d2af532605509493c4f588fc332a458eaef3b01199eae1f1897"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 4406bace3030446371df53ebbdc17785",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": true,
"type": "sha1",
"uuid": "59eb30d9-a72c-4f52-a587-44b102de0b81",
"value": "bccdbe601b0b12183d55d8622c806f6dff181078"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 4406bace3030446371df53ebbdc17785",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508585689",
"to_ids": false,
"type": "link",
"uuid": "59eb30d9-fe98-4fb7-a08d-4a9b02de0b81",
"value": "https://www.virustotal.com/file/c2978651935f9d2af532605509493c4f588fc332a458eaef3b01199eae1f1897/analysis/1508529259/"
}
]
}
}
Reference in a new issue View git blame Copy permalink