adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a214d9a-ed50-4a33-8812-491a950d210f.json

484 lines
No EOL
16 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-11-29",
"extends_uuid": "",
"info": "OSINT - Fake Windows Troubleshooting Support Scam Uploads Screenshots & Uses Paypal",
"publish_timestamp": "1514467579",
"published": true,
"threat_level_id": "3",
"timestamp": "1512356424",
"uuid": "5a214d9a-ed50-4a33-8812-491a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512132229",
"to_ids": false,
"type": "comment",
"uuid": "5a214dd9-0f8c-48c0-b299-492c950d210f",
"value": "A new tech support scam has been discovered that shows a fake BSOD, or Blue Screen of Death, on the infected computer and then displays an application that pretends to be a Troubleshooter for Windows. This Troubleshooter will then state that your computer cannot be fixed, blocks you from using Windows, and prompts you to purchase a program using PayPal to fix the \"detected problems\" and unlock the screen.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512132257",
"to_ids": false,
"type": "link",
"uuid": "5a214e5a-cae4-4fb6-a72c-48cf950d210f",
"value": "https://www.bleepingcomputer.com/news/security/fake-windows-troubleshooting-support-scam-uploads-screenshots-and-uses-paypal/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-1370-4213-9807-4856950d210f",
"value": "http://hitechnovation.com/Extra/Downloads/BSOD.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-86f0-404d-ae51-4953950d210f",
"value": "http://hitechnovation.com/Extra/Downloads/csrvc.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-c7c8-4ccb-9d52-47f3950d210f",
"value": "http://hitechnovation.com/Extra/Downloads/adwizz.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-bda0-43aa-adce-44b7950d210f",
"value": "http://hitechnovation.com/Extra/Downloads/Troubleshoot.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-d894-4f87-a651-4cd6950d210f",
"value": "http://hitechnovation.com/extra/downloads/scshtrv.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-0110-4c25-85c9-463e950d210f",
"value": "http://hitechnovation.com/Extra/Downloads/Windows%20Chat%20Support.exe"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-bd6c-44c1-a51e-474a950d210f",
"value": "http://hitechnovation.com/thankyou.txt"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-c154-48fb-8661-43f4950d210f",
"value": "http://hitechnovation.com/Downloads/DList.txt"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-3130-47b9-8209-4a8e950d210f",
"value": "http://freegeoip.net/xml"
},
{
"category": "Network activity",
"comment": "Network Connections",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134080",
"to_ids": true,
"type": "url",
"uuid": "5a2155c0-75f0-431b-80eb-4edb950d210f",
"value": "ftp://182.50.132.48"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134316",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-4e20-4ae2-a900-458d950d210f",
"value": "%Temp%\\csrvc\\BSOD.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-4934-47c8-a301-4e1b950d210f",
"value": "%Temp%\\csrvc\\csrvc.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-29bc-4081-9ea4-4c81950d210f",
"value": "%Temp%\\csrvc\\csrvc.InstallLog"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-a598-4489-b7cd-48e7950d210f",
"value": "%Temp%\\csrvc\\csrvc.InstallState"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-4650-47b2-b440-4897950d210f",
"value": "%Temp%\\csrvc\\scshtrv.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-8f00-4a67-ace8-4d4a950d210f",
"value": "%Temp%\\csrvc\\Troubleshoot.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": true,
"type": "filename",
"uuid": "5a2156ad-bb74-4e42-bacb-4036950d210f",
"value": "%PROGRAMFILES%\\adwizz\\adwizz.exe"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": false,
"type": "regkey",
"uuid": "5a2156ad-1f7c-4ed1-be78-40b9950d210f",
"value": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\adwizz"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": false,
"type": "regkey",
"uuid": "5a2156ad-36d0-4ff2-8200-4368950d210f",
"value": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\csrvc"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512134317",
"to_ids": false,
"type": "regkey",
"uuid": "5a2156ad-d080-4b04-998e-4bce950d210f",
"value": "HKLM\\SYSTEM\\CurrentControlSet\\services\\csrvc"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "5",
"timestamp": "1512132838",
"uuid": "5a2150e6-d8d0-41aa-878e-4f9d950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512132838",
"to_ids": true,
"type": "filename",
"uuid": "5a2150e6-604c-4781-8b44-4021950d210f",
"value": "adwizz.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512132838",
"to_ids": true,
"type": "sha256",
"uuid": "5a2150e6-a08c-43ec-bdd6-4c0b950d210f",
"value": "5becf86e5ad1703345fa243458f6a3b6189619f87e67ffab6bc874d6bdf7c03f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "5",
"timestamp": "1512132981",
"uuid": "5a215175-0b44-43ae-88c8-f375950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512132981",
"to_ids": true,
"type": "filename",
"uuid": "5a215175-2d34-42d7-8aa4-f375950d210f",
"value": "BSOD.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512132981",
"to_ids": true,
"type": "sha256",
"uuid": "5a215175-e998-47d6-8d5a-f375950d210f",
"value": "9a95f7e477cede36981a6a1e01a849d9c6aeac3985ee3a492cf4136bb6dab69c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "5",
"timestamp": "1512133098",
"uuid": "5a2151ea-d8fc-41fd-bf32-4369950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512133098",
"to_ids": true,
"type": "filename",
"uuid": "5a2151ea-0424-42b0-a35d-4338950d210f",
"value": "csrvc.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512133098",
"to_ids": true,
"type": "sha256",
"uuid": "5a2151ea-e8c4-435a-a412-4b8a950d210f",
"value": "1b1e48f2ee9940c1965c00ee1226fd7c3b9ee9c179ba29b9aeb586c6211cb223"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "5",
"timestamp": "1512133362",
"uuid": "5a2152f2-f344-43b3-af64-4d98950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512133363",
"to_ids": true,
"type": "filename",
"uuid": "5a2152f3-1fe0-440f-b99a-4535950d210f",
"value": "scshtrv.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512133363",
"to_ids": true,
"type": "sha256",
"uuid": "5a2152f3-73e8-4808-b345-4b23950d210f",
"value": "0cc8ad791dc4061ce1f492d651ed2a9baeed02413c5940240bf47bb023f509ef"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "5",
"timestamp": "1512134048",
"uuid": "5a2155a0-5950-434e-b70e-4a1b950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512134048",
"to_ids": true,
"type": "filename",
"uuid": "5a2155a0-2fac-417a-bbd9-4724950d210f",
"value": "Troubleshoot.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512134048",
"to_ids": true,
"type": "sha256",
"uuid": "5a2155a0-e864-48d6-8473-40dd950d210f",
"value": "f34185d5124690815f089b06cc1629a3d1a42cd7d51aee602823c98e03116a98"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink