adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5566caa6-0590-4956-81bf-4179950d210b.json

616 lines
No EOL
18 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2012-04-16",
"extends_uuid": "",
"info": "OSINT Beware of what you download. Recent purported CEIEC document dump booby-trapped by Shadow Server",
"publish_timestamp": "1433229343",
"published": true,
"threat_level_id": "4",
"timestamp": "1433229110",
"uuid": "5566caa6-0590-4956-81bf-4179950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432799927",
"to_ids": false,
"type": "link",
"uuid": "5566cab7-e764-4563-b32e-4638950d210b",
"value": "http://blog.shadowserver.org/2012/04/16/beware-of-what-you-download-recent-purported-ceiec-document-dump-booby-trapped/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "vulnerability",
"uuid": "556d54f6-0d08-4b48-bd1e-22fa950d210b",
"value": "CVE-2010-3333"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "vulnerability",
"uuid": "556d54f6-c58c-41ba-a6f1-22fa950d210b",
"value": "CVE-2009-3129"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "filename",
"uuid": "556d554a-05d4-4d46-bf97-4429950d210b",
"value": "LD.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554a-a6cc-4cb7-8c7f-4429950d210b",
"value": "2e454ea0c0d3fadfc478e8695400df40"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554a-7228-4fb9-a170-4429950d210b",
"value": "0dc324cf2efae2bc7dc29fe26f616decd765d66a"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554a-d2e0-4963-aae1-4429950d210b",
"value": "8c26bf867e70f2e3511bd295c2c56abca51ab008b88d7a9e80b99ca240f79773"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229052",
"to_ids": false,
"type": "filename",
"uuid": "556d554a-f9b4-4555-9f14-4429950d210b",
"value": "LD(1).doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "filename",
"uuid": "556d554b-aaec-4d34-8d5c-4429950d210b",
"value": "sach.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554b-dd7c-4138-8d53-4429950d210b",
"value": "32f5ad4f09135fcdde86ecd4c466a993"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554b-2e2c-4019-a28b-4429950d210b",
"value": "d3311b97aa10d759bbf704c0a3c4c2cef3f997a6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554b-c4e8-4e45-a262-4429950d210b",
"value": "15f9f9f3e617d84083e6ac3652dfa9090f236ca8879a66654464a5b781318df5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "filename",
"uuid": "556d554b-ed6c-48c7-a154-4429950d210b",
"value": "rise.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554b-a0fc-4f30-8fa7-4429950d210b",
"value": "d824988793146a25d026eb12759dbab0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554b-3ab4-499e-90f7-4429950d210b",
"value": "3ce24923dc478afb30d8105303f51c958856da52"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554b-7330-41bd-a767-4429950d210b",
"value": "e4e123a6757e041a5c1c053e2770f89b08ad2b58661e0044b29965d480f5100e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229065",
"to_ids": false,
"type": "filename",
"uuid": "556d554c-6628-430b-afe2-4429950d210b",
"value": "2011.xls"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554c-0714-43a6-b9e3-4429950d210b",
"value": "1423113c5b7176cef19f989f76a020c4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554c-e490-4a92-adc0-4429950d210b",
"value": "608ed5cb5b8497f3bc483d1c2a91a34a09abd828"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554c-d548-4016-96d4-4429950d210b",
"value": "761d8cbb4cd95bf520584ca5ec3036ae9fd9a9cefdf4ae9e79b060db3a673b28"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229069",
"to_ids": false,
"type": "filename",
"uuid": "556d554c-b0b4-416d-abea-4429950d210b",
"value": "928.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554c-1188-4f51-9acc-4429950d210b",
"value": "cd80a451990f17f6684d5b100de6ece0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554c-0ee4-409c-9ff4-4429950d210b",
"value": "436047e74948181d8a2ba91f0c044c4b4e9e1865"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554c-bc2c-4e87-b583-4429950d210b",
"value": "51f495acd08195a04671fb7eb808a5697f3be8877e9d5254d38241147d2b51f1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "filename",
"uuid": "556d554d-ee94-4fa3-96bc-4429950d210b",
"value": "bi(done).doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554d-da00-4d65-a084-4429950d210b",
"value": "2332ebd103a963d5494ddb431e8b05b7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554d-74a4-4d2f-94da-4429950d210b",
"value": "bc289ea12d9afdae9f7503309a9d142b0c247ca7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554d-ce78-40e1-928e-4429950d210b",
"value": "cff1035db0c190081fc78dde2323a04a39ded675b2029f2572b3c084240aaedb"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "filename",
"uuid": "556d554d-ec40-497d-aab2-4429950d210b",
"value": "thang_3.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554d-1050-4c80-80b9-4429950d210b",
"value": "336420283e047155bec94a549cd60ac8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554d-8d88-4f93-9875-4429950d210b",
"value": "4b8d6693dc6c127ac9f649f3428de6cd6f8aa8e7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554e-0674-45f1-bcc9-4429950d210b",
"value": "2c28cf467d9e42f0182174943ec9e8dc467901020465b2354fdb27ccdaafa0c0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "filename",
"uuid": "556d554e-bff4-4586-a4f9-4429950d210b",
"value": "thang_3(1).doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": false,
"type": "filename",
"uuid": "556d554e-d818-4fc8-ae95-4429950d210b",
"value": "vu.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "filename",
"uuid": "556d554e-10f8-4e61-8d3f-4429950d210b",
"value": "moi.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "md5",
"uuid": "556d554e-9840-4d3d-9da8-4429950d210b",
"value": "d916409f960d3fc3263b32fe32b4bf20"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha1",
"uuid": "556d554e-bf94-4f7d-a527-4429950d210b",
"value": "42a767745bff3e8a1f5f42d1340eb4db4ed3e57c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "sha256",
"uuid": "556d554e-7464-406e-9268-4429950d210b",
"value": "8e8f15980af335727dec14d9c2fed218cbc699aa7f41dae42d9cf96e7b663da4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "hostname",
"uuid": "556d55d2-4208-4035-ac6b-5e69950d210b",
"value": "kullywolf.gicp.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "hostname",
"uuid": "556d55d2-263c-4cbe-9d0a-5e69950d210b",
"value": "congtytancang.uicp.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "hostname",
"uuid": "556d55d3-d364-4a86-b170-5e69950d210b",
"value": "www.ollay011.zyns.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "hostname",
"uuid": "556d55d3-5ec4-4564-adf0-5e69950d210b",
"value": "l1x.lflinkup.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d55d3-b028-4f6d-a269-5e69950d210b",
"value": "73.252.204.85"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d55d3-fa98-4d81-9d47-5e69950d210b",
"value": "216.70.255.201"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d55d3-0f68-416c-8fc2-5e69950d210b",
"value": "216.70.128.124"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d55d3-fdb0-4d03-9215-5e69950d210b",
"value": "58.137.153.115"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d55d3-aa74-4635-8169-5e69950d210b",
"value": "64.56.70.253"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "hostname",
"uuid": "556d55d3-5620-49fd-998e-5e69950d210b",
"value": "front11.gicp.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d5630-e698-4ff3-987f-442b950d210b",
"value": "123.120.105.120"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d5630-cc2c-41ce-81bb-442b950d210b",
"value": "112.112.147.16"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229000",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d5630-0e94-408d-8693-442b950d210b",
"value": "222.172.238.174"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229042",
"to_ids": true,
"type": "ip-dst",
"uuid": "556d5630-c73c-41cf-ad6e-442b950d210b",
"value": "64.56.70.254"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1433229110",
"to_ids": false,
"type": "comment",
"uuid": "556d5736-5ff8-4c71-b4a3-442b950d210b",
"value": "Disabled \"for IDS\" flag for some of the filenames in the original reports since they seem likely to trigger false positives"
}
]
}
}
Reference in a new issue View git blame Copy permalink