270 lines
No EOL
8.2 KiB
JSON
270 lines
No EOL
8.2 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-08-16",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Vawtrak C2 \u00e2\u20ac\u201c Pin it by Threat Geek",
|
|
"publish_timestamp": "1498162365",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1498162279",
|
|
"uuid": "57b585fe-ae40-42d8-bdd7-49d9950d210f",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0eb000",
|
|
"local": false,
|
|
"name": "misp-galaxy:tool=\"Vawtrak\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514130",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57b58612-033c-4c94-a90a-402b950d210f",
|
|
"value": "http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514219",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866b-63ec-4650-8f9f-4909950d210f",
|
|
"value": "rsojnear.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514219",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866b-aec0-41ff-b3ac-43b4950d210f",
|
|
"value": "dmugmwbu.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514219",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866b-dd50-4a19-90b5-42a9950d210f",
|
|
"value": "kmosszts.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514219",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866b-c8fc-4efc-ab3d-440a950d210f",
|
|
"value": "xdpnchon.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514220",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866c-261c-487a-80ea-4700950d210f",
|
|
"value": "hstqothv.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514220",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866c-bd6c-4a3a-9f80-4ca7950d210f",
|
|
"value": "xafmolog.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514220",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866c-0e50-4bce-839a-4df0950d210f",
|
|
"value": "hvnmwvdt.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514220",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866c-941c-4845-b172-4572950d210f",
|
|
"value": "gdxwlrat.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514220",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866c-da14-4533-903f-4572950d210f",
|
|
"value": "jhxrkeuh.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-37c4-4dd4-9d53-4b42950d210f",
|
|
"value": "sgtxgkbi.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-4e7c-4acc-8fd2-42b1950d210f",
|
|
"value": "hzvmnpug.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-9ff0-471d-9189-428c950d210f",
|
|
"value": "nevlomzj.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-9f04-4bab-8ade-444e950d210f",
|
|
"value": "ybqojmpa.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-3b20-44af-a739-4029950d210f",
|
|
"value": "qkgpedwe.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514221",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866d-1e6c-4529-b605-497e950d210f",
|
|
"value": "xyigqlfc.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514222",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866e-da18-45e8-a258-4cc2950d210f",
|
|
"value": "ttliiubl.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514222",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866e-c158-4caf-8b07-40a7950d210f",
|
|
"value": "qrqlyhfc.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514222",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57b5866e-31ac-41cd-b396-4b3f950d210f",
|
|
"value": "enhicefv.ru"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514245",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57b58685-57d4-49f6-8587-4f8c950d210f",
|
|
"value": "https://github.com/fideliscyber/indicators/tree/master/Blogs/Vawtrak%20C2%20-%20Pin%20it"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1471514245",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57b58685-76c8-47d1-ba90-4d86950d210f",
|
|
"value": "https://github.com/fideliscyber/indicators/blob/master/dga-scripts/vawtrak-dga.py"
|
|
}
|
|
]
|
|
}
|
|
} |