583 lines
No EOL
19 KiB
JSON
583 lines
No EOL
19 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2014-12-18",
|
|
"extends_uuid": "",
|
|
"info": "OSINT 20141029B: Possible RedOctober APT Resurgence from ThreatConnect",
|
|
"publish_timestamp": "1418932530",
|
|
"published": true,
|
|
"threat_level_id": "1",
|
|
"timestamp": "1418929754",
|
|
"uuid": "54931e3e-01d8-46fb-b801-2601950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324df-b2a4-4dc8-9e26-4d86950d210b",
|
|
"value": "049d7e36be1090fa0e2bd09b90d1cba2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929375",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324df-97f4-40c8-8ce3-40dc950d210b",
|
|
"value": "073e3789386f99c43711052e22470f60334d41bf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929375",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324df-e9bc-4417-884c-4dae950d210b",
|
|
"value": "07d31a36f5297d84ade2ef3f0a3c9da5f45fbba6917502c839586a0075146f85"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324df-59e0-4ead-a0df-4c75950d210b",
|
|
"value": "09c0f24323cdad3ed6de8843db5fe3e7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-d238-4636-9d98-482b950d210b",
|
|
"value": "0a07b922333fd47f41038328e081a89872397890"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e0-1ee0-4b3a-8e61-4aca950d210b",
|
|
"value": "19ad782b0c58037b60351780b0f43e43"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-e67c-4b7b-8ab5-4f12950d210b",
|
|
"value": "1afa61f9ec93941ce56fbffa9f25a96b4314f0a0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-e4d0-489f-ad6f-47f2950d210b",
|
|
"value": "1bf89631f92808720a3d638e4b41ba4a22a9b335"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-9b3c-4fb2-9966-42f1950d210b",
|
|
"value": "24742b9e5ac3a97453f277960b043240e923eea7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e0-8f54-4e20-93e2-49ac950d210b",
|
|
"value": "2c3eefeb703476a7e7d986b4fac7077d99681befea66648f61ad121c5754b7df"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e0-1a48-4ed8-a976-435a950d210b",
|
|
"value": "2e53d22a3825f476cd9ff5a1c08352eb63f6fd718bc084316a73ec8fd2117e3e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-81b0-4bb5-8a38-4a62950d210b",
|
|
"value": "2eaed93b012b266d80460fca4bea917adbeb810e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-07f4-4043-8333-4cb5950d210b",
|
|
"value": "30c35e91967b2113963fc57fcf83d9bfac589f45"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e0-3b08-4a22-97cf-4f2c950d210b",
|
|
"value": "3997a58bb47d24b34ee908518ed905e0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-f958-4c1f-ae8d-43cb950d210b",
|
|
"value": "411df0ad7d813e40d778f6c0eecf2d0dbf709993"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929376",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e0-1514-4cf6-bd50-4a34950d210b",
|
|
"value": "43a08ba59f3241b64fa81e4defaba51fb00b1753"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e1-8e34-48e9-b721-4c8f950d210b",
|
|
"value": "4624da84cae0f8b689169e24be8f7410"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e1-a008-460c-80dd-4a67950d210b",
|
|
"value": "4a51a1008f24578a31569c67b58c856c496d5a7c81b33a8445c62838891bba99"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e1-df54-49a2-8d32-4a11950d210b",
|
|
"value": "4ba012c1d6dbd9382933e12c79d483a9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e1-6224-4fdb-9e28-42f6950d210b",
|
|
"value": "5e3ecfd7928822f67fbb3cd9c83be841"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e1-46a0-49cd-af02-4c55950d210b",
|
|
"value": "6567e33aa5cd5baa50661234ac483ddce769b1f8"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e1-ea20-402a-a2cc-4484950d210b",
|
|
"value": "6c28f1499061ee2e4025c904093c2d030e4f92386a170bb285d6b5ca35764466"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e1-2384-4f28-90a2-4d71950d210b",
|
|
"value": "6c55ebe34222a2f04a8a2a8f354fb5e65aebbc34"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e1-8c5c-4a36-9549-4197950d210b",
|
|
"value": "7a83465a95c7e7498fd1eb968bbf4987a6128d9c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e1-0828-423a-a2f2-484b950d210b",
|
|
"value": "7abcca36a792475eb2dbe4b79bb3422e33caa76721eef4d6b9696a3cfe8c37c3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e1-1568-4bb3-8f1c-4075950d210b",
|
|
"value": "7eff31587d1ee7aeb9b3cbb25e8beafe1da29b00d38cb9147a68b0da3fab798e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e1-3934-4180-adec-43b5950d210b",
|
|
"value": "822d842704596a2cf918863ea2116633"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e1-1cd0-4576-bfca-4ea4950d210b",
|
|
"value": "93bb5e951f73fd02c530db79f09fb111"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-78c0-4b88-b913-4b0a950d210b",
|
|
"value": "93bbfe4eea37dea738a5c7a92694ecac"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-0314-43ef-84fb-4b41950d210b",
|
|
"value": "9738faf227bcd12bcab577a0fb58744d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e2-a2c0-494b-a7a6-4692950d210b",
|
|
"value": "9b98f1022be219f6f1493cff0461f39f1fc85d673c426da9f922dd9f52c9e457"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-0078-418d-8526-4799950d210b",
|
|
"value": "a0ad33322f926d35e0c12362ace7209a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e2-d718-4b19-94ef-40f9950d210b",
|
|
"value": "a2d485653cefef5cabfcd7d1256824f2d32333a71d69e0ca200d91ab6f5859ad"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e2-bd64-45d0-8c6e-4f1c950d210b",
|
|
"value": "a2f35786d8b62c47181dc1fd1667fac488b182f48948e93aa61c666bbcc73563"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-0a10-4b20-b1fc-4ed1950d210b",
|
|
"value": "a33e7a753c92a801262f7fa7157daf83"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e2-5284-4e54-a046-476f950d210b",
|
|
"value": "b7645b49e6d91442024abe26fe545e65e82d4ec29f6fd81a0faab002f5f51c0f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e2-0238-4c84-86e2-4722950d210b",
|
|
"value": "c65abc105a6264b549385bed7e4c3c9e7231a9ea"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-3720-43ef-ac86-4456950d210b",
|
|
"value": "c71e1281a68a3fa6a3136c46c0684c38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e2-b358-49ce-ba3f-4142950d210b",
|
|
"value": "c80d4a07480d6a0588b069fa1691de594188ba90"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929378",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e2-edf8-463e-b06e-46a7950d210b",
|
|
"value": "c9997cd7c39b8fb7a062b12813d0171b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e3-d5a4-4878-aa7e-42dc950d210b",
|
|
"value": "cd9b01113b4cca102cffacc4632a9d77d436f5b2386a81e41bde097b6678a625"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e3-cdc4-4396-aa07-4ad4950d210b",
|
|
"value": "d31975fa58bc6c16619d2220100f400e90e46e4f08387c602e3d2591e7a51d38"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e3-63f4-41bc-beb6-4cfa950d210b",
|
|
"value": "d5b42893f185c4388a0a83a2d91d72e897fe583ba096478636ad72942da66225"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e3-afe8-41f8-ae71-4b25950d210b",
|
|
"value": "dacf428fde53d2e436564dba24bcd3996a90a3df5fc7c8e2e2ad715d6b90487b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "549324e3-1ed8-47da-8393-4cfa950d210b",
|
|
"value": "e211c2bad9a83a6a4247ec3959e2a730"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "549324e3-52f0-4bef-bfaa-4a07950d210b",
|
|
"value": "f374d676b4a1a92fe183191270f0128a01b6eeab7e524030e24d9345009b5b88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e3-c23c-42bc-a3f9-45ea950d210b",
|
|
"value": "f4f97f406a97b6be7000af530e3a3a9e3e69aa88"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929379",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "549324e3-ef20-48ed-87b4-4975950d210b",
|
|
"value": "f769fdae782fe1f96b1194545803fa77ab94ad1d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929398",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "549324f6-6c14-43d3-a4fa-4c2d950d210b",
|
|
"value": "Red October"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1418929754",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "5493265a-0138-4896-984f-41ff950d210b",
|
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
|
}
|
|
]
|
|
}
|
|
} |