misp-circl-feed/feeds/circl/misp/5a09aaa3-e7fc-4e3c-acda-cb8d950d210f.json

1 line
No EOL
12 KiB
JSON

{"Event": {"info": "OSINT - Saudi Arabia's 'Game of Thobes'", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1510922476", "Object": [{"comment": "", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "uuid": "5a09ab2f-39b8-490c-84fb-4daf950d210f", "sharing_group_id": "0", "timestamp": "1510583087", "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "template_version": "3", "Attribute": [{"comment": "", "category": "Other", "uuid": "5a09ab2f-fb18-4691-ad33-4c74950d210f", "timestamp": "1510583087", "to_ids": false, "value": "\"Saudi Arabia's 'Game of Thobes'.doc\u05f3\" submitted from TR, CVE-2017-11826, \r\nC2: 45.76.106[.]149 , 45.76.36[.]243 , saudiedi.toh[.]info\r\n\r\nMore details in Raw Threat Intelligence:\r\n\r\n(link: https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp) docs.google.com/document/d/1_n\u2026", "disable_correlation": false, "object_relation": "post", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a09ab2f-e0cc-4dbb-a6f9-47e2950d210f", "timestamp": "1510583087", "to_ids": false, "value": "Twitter", "disable_correlation": true, "object_relation": "type", "type": "text"}, {"comment": "", "category": "External analysis", "uuid": "5a09ab2f-db38-4066-9878-4865950d210f", "timestamp": "1510583087", "to_ids": true, "value": "https://mobile.twitter.com/ClearskySec/status/929998314002673666", "disable_correlation": false, "object_relation": "link", "type": "url"}, {"comment": "", "category": "Other", "uuid": "5a09ab2f-13c0-4417-9869-42c4950d210f", "timestamp": "1510583087", "to_ids": false, "value": "2017/11/13", "disable_correlation": false, "object_relation": "creation-date", "type": "datetime"}, {"comment": "", "category": "Other", "uuid": "5a09ab2f-9960-4d5f-a028-4b36950d210f", "timestamp": "1510583087", "to_ids": false, "value": "@ClearskySec", "disable_correlation": false, "object_relation": "username", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "microblog"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a09abf7-7304-4831-b206-46b8950d210f", "sharing_group_id": "0", "timestamp": "1510583287", "description": "File object describing a file with meta-information", "template_version": "4", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a09abf7-76f0-4ca2-aa9c-4db4950d210f", "timestamp": "1510583287", "to_ids": true, "value": "aede654e77e92dbd77ca512e19f495b8", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09abf7-952c-4203-934c-423d950d210f", "timestamp": "1510583287", "to_ids": true, "value": "2017-11-13 \u201cSaudi Arabia's 'Game of Thobes'.doc", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09abf7-970c-4251-b73f-42d6950d210f", "timestamp": "1510583287", "to_ids": true, "value": "aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09abf7-cfc0-499a-8a40-4f86950d210f", "timestamp": "1510583287", "to_ids": true, "value": "d9fac68b6c49c485675d9141f375799d10572999", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a09ad27-2430-434c-ad1b-47ea950d210f", "sharing_group_id": "0", "timestamp": "1510583591", "description": "File object describing a file with meta-information", "template_version": "4", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a09ad28-2694-4e83-a1a5-498e950d210f", "timestamp": "1510583592", "to_ids": true, "value": "b76f4c8c22b84600ac3cff64dadfaf8b", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09ad28-47e8-4ede-a675-40ef950d210f", "timestamp": "1510583592", "to_ids": true, "value": "%TEMP%\\vcpkgs.exe", "disable_correlation": false, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09ad28-1a0c-4042-a259-4aa1950d210f", "timestamp": "1510583592", "to_ids": true, "value": "5ae0a582ed5d60324d6d1397be3deb0c704a1d77c9ef3d5f486455f99da32e7f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09ad28-fadc-440f-8140-40fc950d210f", "timestamp": "1510583592", "to_ids": true, "value": "78c0266456e33abed00895cb05d0f9fe09b83da3", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5a09b25e-24f0-4913-8df2-4a94950d210f", "sharing_group_id": "0", "timestamp": "1510584926", "description": "File object describing a file with meta-information", "template_version": "4", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a09b25e-3828-4faa-a73a-4e89950d210f", "timestamp": "1510584926", "to_ids": true, "value": "fea6546e3299a31a58a3aa2a6b7060c9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b25f-0a8c-4cc8-ba65-4a98950d210f", "timestamp": "1510584927", "to_ids": true, "value": "26c672b2537f8a89f2d59674f00bcfe9825796ca9b1ec51c96e5675dd586b87b", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b25f-7798-4c48-8baf-4d76950d210f", "timestamp": "1510584927", "to_ids": true, "value": "eddf2ca780b4396c0bf5ea3f13d22275fb6822fc", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a09ab4a-49f4-4c13-9da2-458b950d210f", "timestamp": "1510922447", "to_ids": false, "value": "https://docs.google.com/document/d/1_nEWAmec3bKBddv30UPXJMiN-F0Ojuhfsmvk6KpFq0Q/edit#heading=h.iixpbs2pcjjp", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "C2", "category": "Network activity", "uuid": "5a09ab6e-33f0-4d46-b1e4-42e7950d210f", "timestamp": "1510922447", "to_ids": true, "value": "45.76.106.149", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C2", "category": "Network activity", "uuid": "5a09ab6e-2168-4156-b837-4462950d210f", "timestamp": "1510922447", "to_ids": true, "value": "45.76.36.243", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C2", "category": "Network activity", "uuid": "5a09ab6e-88f4-40d1-94bd-44ba950d210f", "timestamp": "1510922447", "to_ids": true, "value": "saudiedi.toh.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09af92-143c-4539-b34a-4939950d210f", "timestamp": "1510922447", "to_ids": true, "value": "a1047665ed9d665f5cf066e4a9902d809e7325cf", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09af92-4234-4cfc-8aa2-4154950d210f", "timestamp": "1510922447", "to_ids": true, "value": "ade199b16607fd29c8e7288fb750ca2b", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09af92-f3d4-4794-9bfd-48a2950d210f", "timestamp": "1510922447", "to_ids": true, "value": "d5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "", "category": "Network activity", "uuid": "5a09af92-b3a8-4ad7-a250-4fc7950d210f", "timestamp": "1510922447", "to_ids": true, "value": "saudiedi.toh.info/search?q=%E7%DF%5D%10&cvid=714105926300154928", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-f700-41f7-9d84-43ab950d210f", "timestamp": "1510922447", "to_ids": true, "value": "articles/937933.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-7710-49d4-9626-460c950d210f", "timestamp": "1510922447", "to_ids": true, "value": "articles/937934.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-5d74-4020-bd70-44fe950d210f", "timestamp": "1510922447", "to_ids": true, "value": "articles/937935.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-3ec4-4e61-a267-455f950d210f", "timestamp": "1510922448", "to_ids": true, "value": "articles/937936.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-d328-4cd7-8d4b-46ad950d210f", "timestamp": "1510922448", "to_ids": true, "value": "articles/937937.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a09afd3-9e98-4bc5-abc1-4f62950d210f", "timestamp": "1510922448", "to_ids": true, "value": "articles/937938.html", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b133-be00-49f3-8ee8-48c6950d210f", "timestamp": "1510922448", "to_ids": true, "value": "00007AA8[.]ex_", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b133-653c-413d-9682-4ac3950d210f", "timestamp": "1510922448", "to_ids": true, "value": "Saudi Arabia's 'Game of Thobes'[.]doc", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b326-833c-48ce-8397-4034950d210f", "timestamp": "1510922448", "to_ids": true, "value": "8598313222c41280eb42863eda8a9490", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b326-4660-4c3b-92ba-4a33950d210f", "timestamp": "1510922448", "to_ids": true, "value": "256c631372692a1a907b04d27a735eb0905a003e", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b326-bd9c-4a2e-9950-4ff8950d210f", "timestamp": "1510922448", "to_ids": true, "value": "50eedaf3150253cc2298446615421f4caa0482cb93658dc095855c38d425e3fb", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5a09b326-1c58-4d04-afb8-46ab950d210f", "timestamp": "1510922448", "to_ids": true, "value": "8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8", "category": "External analysis", "uuid": "5a0ed8d0-a348-4851-8def-40e502de0b81", "timestamp": "1510922448", "to_ids": false, "value": "https://www.virustotal.com/file/8c81eb0fb49c40a1fa5474f45ff638961330ff73198dc7d537667455e5273bb8/analysis/1509021029/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: d5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb", "category": "External analysis", "uuid": "5a0ed8d0-2e64-4b0e-b0c7-420e02de0b81", "timestamp": "1510922448", "to_ids": false, "value": "https://www.virustotal.com/file/d5b22843aabbbc20af253d579fd1f098138be85e2cff4677f7886e8d31ff00cb/analysis/1510308447/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": false, "date": "2017-11-13", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a09aaa3-e7fc-4e3c-acda-cb8d950d210f"}}