adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/560c1c35-fd9c-4fb4-9a93-801b950d210b.json

583 lines
No EOL
20 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2015-09-30",
"extends_uuid": "",
"info": "OSINT When ELF.BillGates met Windows by Arkoon+Netasq",
"publish_timestamp": "1443681826",
"published": true,
"threat_level_id": "3",
"timestamp": "1443681822",
"uuid": "560c1c35-fd9c-4fb4-9a93-801b950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634253",
"to_ids": false,
"type": "link",
"uuid": "560c1c4d-a4bc-49c3-b22d-6789950d210b",
"value": "http://thisissecurity.net/2015/09/30/when-elf-billgates-met-windows/"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634319",
"to_ids": true,
"type": "md5",
"uuid": "560c1c8f-05a8-4724-a235-6789950d210b",
"value": "4b14d7aca890642c3e269b75953e65cb"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634372",
"to_ids": true,
"type": "ip-dst",
"uuid": "560c1cc4-0984-4576-9d59-8024950d210b",
"value": "39.109.0.113"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634372",
"to_ids": true,
"type": "hostname",
"uuid": "560c1cc4-ff38-43cc-9b05-8024950d210b",
"value": "say.f322.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634373",
"to_ids": true,
"type": "ip-dst",
"uuid": "560c1cc5-debc-4000-8253-8024950d210b",
"value": "1.82.184.200"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634373",
"to_ids": true,
"type": "hostname",
"uuid": "560c1cc5-7154-4873-be3b-8024950d210b",
"value": "mou521.f3322.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634373",
"to_ids": true,
"type": "ip-dst",
"uuid": "560c1cc5-4784-49b1-8ed0-8024950d210b",
"value": "129.231.45.171"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634474",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2a-5ffc-4e83-99cc-8022950d210b",
"value": "fb7e7b5c35bb5311acc8139350344878"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634474",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2a-2eac-4b6a-a9f1-8022950d210b",
"value": "51f00e56b4ef21e6b7d6685ca3fbad1a"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634474",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2a-e788-42d7-baa6-8022950d210b",
"value": "f864867f277330f81669a7c90fb6a3f4"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634475",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2b-38a4-4e2f-85f6-8022950d210b",
"value": "c32f27eaadda31c36e32e97c481771c9"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634475",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2b-eb64-4fdb-a51d-8022950d210b",
"value": "8e9e4da1272f0b637917201443fcbd0a"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634476",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2c-0570-40c3-acf4-8022950d210b",
"value": "93fe8980c6279c090924e8669b0cb582"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634476",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2c-3d98-427a-a61e-8022950d210b",
"value": "2130df6f7817c86890a5e922f99430a3"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Parite",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634476",
"to_ids": true,
"type": "md5",
"uuid": "560c1d2c-488c-414f-a771-8022950d210b",
"value": "129877bf0cbc9b8239c674810675f6f7"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634501",
"to_ids": true,
"type": "filename",
"uuid": "560c1d45-63bc-4f07-9ccc-6221950d210b",
"value": "%PROGRAMFILES%\\DbSecuritySpt\\DbSecuritySpt.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634502",
"to_ids": true,
"type": "filename",
"uuid": "560c1d46-86e4-4032-bb59-6221950d210b",
"value": "%PROGRAMFILES%\\DbSecuritySpt\\svch0st.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634502",
"to_ids": true,
"type": "filename",
"uuid": "560c1d46-9364-41b3-8509-6221950d210b",
"value": "%PROGRAMFILES%\\Windows Media Player\\agony.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634503",
"to_ids": true,
"type": "filename",
"uuid": "560c1d47-284c-410b-b4fe-6221950d210b",
"value": "%PROGRAMFILES%\\Windows Media Player\\agony.sys"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634503",
"to_ids": true,
"type": "filename",
"uuid": "560c1d47-0584-458b-9819-6221950d210b",
"value": "%PROGRAMFILES%\\Windows Media Player\\DNSProtection.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634504",
"to_ids": true,
"type": "filename",
"uuid": "560c1d48-fbb8-4978-ab44-6221950d210b",
"value": "%PROGRAMFILES%\\Windows Media Player\\DNSSupport.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634504",
"to_ids": true,
"type": "filename",
"uuid": "560c1d48-4e78-45cb-9ad5-6221950d210b",
"value": "%PROGRAMFILES%\\DbSecuritySpt\\NPF.sys"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443634505",
"to_ids": true,
"type": "filename",
"uuid": "560c1d49-b02c-4db0-947d-6221950d210b",
"value": "%PROGRAMFILES%\\DbSecuritySpt\\packet.dll"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680485",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0e5-96f8-4be7-8853-801c950d210b",
"value": "2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Parite - Xchecked via VT: 129877bf0cbc9b8239c674810675f6f7",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680486",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0e6-145c-4336-bc21-801c950d210b",
"value": "8d51d194aab4727ff3469b8b4e1486a39f84d6f0"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680486",
"to_ids": false,
"type": "link",
"uuid": "560cd0e6-188c-463c-82f3-801c950d210b",
"value": "https://www.virustotal.com/file/2f1ae7942df4f4d47a569e20913fe9107caa14bfd89b08925473f6536acbc6a3/analysis/1432574759/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680487",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0e7-f514-4c7b-a757-801c950d210b",
"value": "d7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 2130df6f7817c86890a5e922f99430a3",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680487",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0e7-86e4-4368-9656-801c950d210b",
"value": "8531f1e1b3d2ee15af6ed3ab5b4a804773650d25"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680487",
"to_ids": false,
"type": "link",
"uuid": "560cd0e7-0238-4fe1-aa85-801c950d210b",
"value": "https://www.virustotal.com/file/d7efd8ab33fe77b689968ef3fe790ed7939624c754a455ce512fe5bb67be732f/analysis/1439312871/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680488",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0e8-fc38-4565-bfa5-801c950d210b",
"value": "9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates infected by Win32.Virut: - Xchecked via VT: 93fe8980c6279c090924e8669b0cb582",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680488",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0e8-d208-4923-be9a-801c950d210b",
"value": "a80fbe481dfab7d0f4a9e11f649f6863a6b8a844"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680488",
"to_ids": false,
"type": "link",
"uuid": "560cd0e8-ec74-42f0-8c16-801c950d210b",
"value": "https://www.virustotal.com/file/9dc3068a321b41def24dca518b07a717a633a84d953f9e6d6bd94be2e21e8e98/analysis/1424121957/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680489",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0e9-bbac-415b-8d4d-801c950d210b",
"value": "aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: 8e9e4da1272f0b637917201443fcbd0a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680489",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0e9-7c40-4d41-867e-801c950d210b",
"value": "4367ae72e85d42e979c7faca87c0754e5aa9da41"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680489",
"to_ids": false,
"type": "link",
"uuid": "560cd0e9-2480-4d1f-a35e-801c950d210b",
"value": "https://www.virustotal.com/file/aa068ca86fd9ec4e29d3bf00c7d99a3039f04f701e358e31ee98e5c48c09cc7a/analysis/1418116709/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680490",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0ea-9750-4a76-b276-801c950d210b",
"value": "8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: c32f27eaadda31c36e32e97c481771c9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680490",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0ea-bd54-40a5-a3e1-801c950d210b",
"value": "91c6e2ac9dce76bf8ee6bdb5ec58735a6bad98f5"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680491",
"to_ids": false,
"type": "link",
"uuid": "560cd0eb-2448-4924-b638-801c950d210b",
"value": "https://www.virustotal.com/file/8ad95441c528ab80226ad2bb4be5d921acb6818e97c3e793a05f2677e1591e24/analysis/1406118682/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680491",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0eb-6f80-44f2-8ed5-801c950d210b",
"value": "6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: f864867f277330f81669a7c90fb6a3f4",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680491",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0eb-41a0-4f9e-8af9-801c950d210b",
"value": "495bb971f973104a30a83d1f1e8739dc70181912"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680492",
"to_ids": false,
"type": "link",
"uuid": "560cd0ec-efa0-4a7d-9277-801c950d210b",
"value": "https://www.virustotal.com/file/6341eec9e0bdfad72ae6b05ae9e196539b15a8eb7eb2ece1ca79e93ac6f35e25/analysis/1403672511/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680492",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0ec-8744-4dfe-a85c-801c950d210b",
"value": "4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: 51f00e56b4ef21e6b7d6685ca3fbad1a",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680492",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0ec-3004-43cc-bbe5-801c950d210b",
"value": "c145e5e23cd95de4c0b521f0eb7ded59ba0a381e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680493",
"to_ids": false,
"type": "link",
"uuid": "560cd0ed-f9c0-43ad-a544-801c950d210b",
"value": "https://www.virustotal.com/file/4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441/analysis/1431436610/"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680493",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0ed-59f4-4152-941e-801c950d210b",
"value": "0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1"
},
{
"category": "Payload delivery",
"comment": "Win32.BillGates - Xchecked via VT: fb7e7b5c35bb5311acc8139350344878",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680493",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0ed-2fcc-4467-bfa6-801c950d210b",
"value": "3038ca2fc80c4c90cd7909724a937e9890bc0203"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680494",
"to_ids": false,
"type": "link",
"uuid": "560cd0ee-9928-43e5-b9e1-801c950d210b",
"value": "https://www.virustotal.com/file/0434ba4a0dc59bca819f7586f12f9ef0de83de28b37da9c83a0b12520d3ebbd1/analysis/1424273883/"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680494",
"to_ids": true,
"type": "sha256",
"uuid": "560cd0ee-53b4-491e-abdb-801c950d210b",
"value": "d241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd"
},
{
"category": "Payload delivery",
"comment": "Imported via the freetext import. - Xchecked via VT: 4b14d7aca890642c3e269b75953e65cb",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680494",
"to_ids": true,
"type": "sha1",
"uuid": "560cd0ee-d8e8-438b-a5e8-801c950d210b",
"value": "cb4271a5ed7cf66b1d508d3d7364c11280c1763d"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1443680495",
"to_ids": false,
"type": "link",
"uuid": "560cd0ef-0258-4b9b-9c61-801c950d210b",
"value": "https://www.virustotal.com/file/d241880aefef812b462153ae0f8ec079e8b56789f1c7547624e9406b74da12fd/analysis/1435885257/"
}
]
}
}
Reference in a new issue View git blame Copy permalink