adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59f049c0-aae0-47d2-a888-4021950d210f.json

688 lines
No EOL
22 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-10-25",
"extends_uuid": "",
"info": "OSINT - Bad Rabbit: Not-Petya is back with improved ransomware",
"publish_timestamp": "1514467254",
"published": true,
"threat_level_id": "3",
"timestamp": "1511385587",
"uuid": "59f049c0-aae0-47d2-a888-4021950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:ransomware=\"Bad Rabbit\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:preventive-measure=\"Backup and Restore Process\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:preventive-measure=\"Restrict Workstation Communication\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921673",
"to_ids": false,
"type": "link",
"uuid": "59f049cf-329c-4504-a63c-4974950d210f",
"value": "https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "ip-dst",
"uuid": "59f04b31-f73c-4d20-95b5-4edf950d210f",
"value": "185.149.120.3"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": false,
"type": "comment",
"uuid": "59f04b48-223c-4642-a5cf-412c950d210f",
"value": "A new ransomware outbreak today and has hit some major infrastructure in Ukraine including Kiev metro.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "domain",
"uuid": "59f04b70-32f4-4c4b-bd74-4775950d210f",
"value": "1dnscontrol.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508920176",
"to_ids": true,
"type": "filename",
"uuid": "59f04b70-a00c-47a5-903e-44f2950d210f",
"value": "install_flash_player.exe"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (32-bits)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "sha1",
"uuid": "59f04c8f-fba0-4775-913a-4a4f950d210f",
"value": "413eba3973a15c1a6429d9f170f3e8287f98c21c"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (64-bits)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "sha1",
"uuid": "59f04c8f-046c-41dc-a600-4306950d210f",
"value": "16605a4a29a101208457c47ebfde788487be788d"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04d24-9424-49ec-86bc-403c950d210f",
"value": "http://caforssztxqzf2nm.onion"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04d24-f6a4-4278-b3b5-406d950d210f",
"value": "http://185.149.120.3/scholargoogle/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04d24-0348-4b41-8e40-4887950d210f",
"value": "http://1dnscontrol.com/flash_install.php"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-4f04-4174-a93d-4c9d950d210f",
"value": "http://argumentiru.com"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-3e78-47fc-ad92-4866950d210f",
"value": "http://www.fontanka.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-9890-46f0-b252-4884950d210f",
"value": "http://grupovo.bg"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-de28-4f39-a955-43c6950d210f",
"value": "http://www.sinematurk.com"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-7564-446e-80f5-4717950d210f",
"value": "http://www.aica.co.jp"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-d780-4e3e-a215-44b3950d210f",
"value": "http://spbvoditel.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-bcc0-415d-9588-4111950d210f",
"value": "http://argumenti.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-4838-45fc-b75c-48b9950d210f",
"value": "http://www.mediaport.ua"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-4dc8-470d-9268-45bd950d210f",
"value": "http://blog.fontanka.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-0600-4c83-8d3a-41ae950d210f",
"value": "http://an-crimea.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-7eb8-4933-a170-4c3e950d210f",
"value": "http://www.t.ks.ua"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-7b94-4be1-a497-42c2950d210f",
"value": "http://most-dnepr.info"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-fe88-4850-b260-4b7d950d210f",
"value": "http://osvitaportal.com.ua"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-8294-4d84-862f-46d7950d210f",
"value": "http://www.otbrana.com"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-3198-4485-8eae-4833950d210f",
"value": "http://calendar.fontanka.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-9858-4feb-ad80-4183950d210f",
"value": "http://www.grupovo.bg"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-7448-4f85-b71a-48d7950d210f",
"value": "http://www.pensionhotel.cz"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-7d48-426d-9d85-4d32950d210f",
"value": "http://www.online812.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-fc80-4ddf-822f-47b2950d210f",
"value": "http://www.imer.ro"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-c6e8-4de1-a60a-42c8950d210f",
"value": "http://novayagazeta.spb.ru"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-b9c0-485f-b2c3-42cb950d210f",
"value": "http://i24.com.ua"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-4fc4-4b03-927f-4c92950d210f",
"value": "http://bg.pensionhotel.com"
},
{
"category": "Network activity",
"comment": "compromised site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "url",
"uuid": "59f04ddf-e83c-4d61-b9ab-43ea950d210f",
"value": "http://ankerch-crimea.ru"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (64-bits) - Xchecked via VT: 16605a4a29a101208457c47ebfde788487be788d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "sha256",
"uuid": "59f0514a-7310-4dad-b3b1-490002de0b81",
"value": "2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (64-bits) - Xchecked via VT: 16605a4a29a101208457c47ebfde788487be788d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "md5",
"uuid": "59f0514a-df70-416c-bfae-445f02de0b81",
"value": "37945c44a897aa42a66adcab68f560e0"
},
{
"category": "External analysis",
"comment": "Mimikatz (64-bits) - Xchecked via VT: 16605a4a29a101208457c47ebfde788487be788d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": false,
"type": "link",
"uuid": "59f0514a-7f84-4846-ba38-449302de0b81",
"value": "https://www.virustotal.com/file/2f8c54f9fa8e47596a3beff0031f85360e56840c77f71c6a573ace6f46412035/analysis/1508915760/"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (32-bits) - Xchecked via VT: 413eba3973a15c1a6429d9f170f3e8287f98c21c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "sha256",
"uuid": "59f0514a-b3d0-4191-a490-440802de0b81",
"value": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c"
},
{
"category": "Payload delivery",
"comment": "Mimikatz (32-bits) - Xchecked via VT: 413eba3973a15c1a6429d9f170f3e8287f98c21c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": true,
"type": "md5",
"uuid": "59f0514a-1be4-4e5c-8fff-48cc02de0b81",
"value": "347ac3b6b791054de3e5720a7144a977"
},
{
"category": "External analysis",
"comment": "Mimikatz (32-bits) - Xchecked via VT: 413eba3973a15c1a6429d9f170f3e8287f98c21c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1508921674",
"to_ids": false,
"type": "link",
"uuid": "59f0514a-f0d8-4972-9b45-40cb02de0b81",
"value": "https://www.virustotal.com/file/301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c/analysis/1508918790/"
}
],
"Object": [
{
"comment": "Diskcoder",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "3",
"timestamp": "1508921861",
"uuid": "59f04c50-0864-406b-b9fd-4797950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59f04c50-0864-406b-b9fd-4797950d210f",
"referenced_uuid": "59f04cab-7520-4c5d-b6d7-4f46950d210f",
"relationship_type": "dropped-by",
"timestamp": "1508921858",
"uuid": "59f05202-85f0-4f57-8f6c-4940950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1508920400",
"to_ids": true,
"type": "filename",
"uuid": "59f04c50-54bc-44c5-8b25-4ceb950d210f",
"value": "infpub.dat"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1508920400",
"to_ids": true,
"type": "sha1",
"uuid": "59f04c50-93b0-4a68-aa51-4042950d210f",
"value": "79116fe99f2b421c52ef64097f0f39b815b20907"
}
]
},
{
"comment": "Lockscreen",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "3",
"timestamp": "1508921972",
"uuid": "59f04c7a-1ee8-472b-93b7-4f06950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59f04c7a-1ee8-472b-93b7-4f06950d210f",
"referenced_uuid": "59f04c50-0864-406b-b9fd-4797950d210f",
"relationship_type": "dropped-by",
"timestamp": "1508921969",
"uuid": "59f05271-6fac-4f63-9bf2-4028950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1508920442",
"to_ids": true,
"type": "filename",
"uuid": "59f04c7a-5c84-488a-9acd-4e27950d210f",
"value": "dispci.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1508920442",
"to_ids": true,
"type": "sha1",
"uuid": "59f04c7a-3490-4017-9aa1-48cc950d210f",
"value": "afeee8b4acff87bc469a6f0364a81ae5d60a2add"
}
]
},
{
"comment": "Dropper",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "3",
"timestamp": "1508921843",
"uuid": "59f04cab-7520-4c5d-b6d7-4f46950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "59f04cab-7520-4c5d-b6d7-4f46950d210f",
"referenced_uuid": "59f04cf4-0f54-4525-8d29-453f950d210f",
"relationship_type": "dropped-by",
"timestamp": "1508921840",
"uuid": "59f051f0-9fa4-4ba0-84d3-4a37950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1508920491",
"to_ids": true,
"type": "filename",
"uuid": "59f04cab-ca10-4e65-bdc2-4658950d210f",
"value": "install_flash_player.exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1508920491",
"to_ids": true,
"type": "sha1",
"uuid": "59f04cab-4674-4ca3-9c66-4d8e950d210f",
"value": "de5c8d858e6e41da715dca1c019df0bfb92d32c0"
}
]
},
{
"comment": "JavaScript on compromised sites",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "3",
"timestamp": "1508920564",
"uuid": "59f04cf4-0f54-4525-8d29-453f950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1508920564",
"to_ids": true,
"type": "filename",
"uuid": "59f04cf4-3220-4295-ab59-4dce950d210f",
"value": "page-main.js"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1508920564",
"to_ids": true,
"type": "sha1",
"uuid": "59f04cf4-6ddc-4387-823f-41b3950d210f",
"value": "4f61e154230a64902ae035434690bf2b96b4e018"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink