403 lines
No EOL
12 KiB
JSON
403 lines
No EOL
12 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-05-18",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Trojanized PuTTY Software by Cisco CSIRT",
|
|
"publish_timestamp": "1432230558",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1432215514",
|
|
"uuid": "555ddeca-3ecc-40e3-9ebd-177c950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215259",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "555ddedb-d3b0-4064-9927-f221950d210b",
|
|
"value": "http://blogs.cisco.com/security/trojanized-putty-software"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215326",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "555ddf1e-9e64-41cf-bde3-4c7b950d210b",
|
|
"value": "b5c88d5af37afd13f89957150f9311ca"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215326",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "555ddf1e-2d64-465a-8e92-4901950d210b",
|
|
"value": "51c409b7f0c641ce3670b169b9a7515ac38cdb82"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215327",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "555ddf1f-46a4-42d5-b9fa-4d64950d210b",
|
|
"value": "d3e866e5bf18f2d9c667563de9150b705813e03377312b6974923f6af2e56291"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215354",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "555ddf3a-bc50-4045-9947-ab11950d210b",
|
|
"value": "MalZilla"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215355",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "555ddf3b-fbb0-43f0-bbe3-ab11950d210b",
|
|
"value": "MalPutty"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215368",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "555ddf48-ee64-4898-a8fb-d8ba950d210b",
|
|
"value": "ngusto-uro.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215368",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "555ddf48-68b8-42a8-b9e4-d8ba950d210b",
|
|
"value": "go-upload.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215368",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "555ddf48-7240-488a-a033-d8ba950d210b",
|
|
"value": "aliserv2013.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215391",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "555ddf5f-6aec-4e2f-a1a0-4eff950d210b",
|
|
"value": "144.76.120.243"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215391",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "555ddf5f-5414-454b-afe8-492f950d210b",
|
|
"value": "193.227.240.131"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215392",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "555ddf60-6fc4-4c78-bccc-4c07950d210b",
|
|
"value": "146.185.239.3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215417",
|
|
"to_ids": true,
|
|
"type": "user-agent",
|
|
"uuid": "555ddf79-21c4-4c68-ae65-f221950d210b",
|
|
"value": "Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.9.168 Version/11.51"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-d3a0-42ed-a9ed-f87b950d210b",
|
|
"value": "http://stc-castelnaudary.fr/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-8af8-4619-b846-f87b950d210b",
|
|
"value": "http://holidaystennisclub.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-b92c-4cbf-bd20-f87b950d210b",
|
|
"value": "http://stonarov.wz.cz/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-9a08-4486-bbc7-f87b950d210b",
|
|
"value": "http://stabryl.home.pl/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-2578-4c24-ac26-f87b950d210b",
|
|
"value": "http://mohsenfeshari.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215514",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfda-27b8-4027-92a3-f87b950d210b",
|
|
"value": "http://nwedigital.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-a4f4-4517-a9d2-f87b950d210b",
|
|
"value": "http://kangasquads.com.au/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-b29c-4b92-8fb1-f87b950d210b",
|
|
"value": "http://sistemaysoporte.es/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-2810-4ecc-b53d-f87b950d210b",
|
|
"value": "http://straydogwinter.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-062c-45d6-a96f-f87b950d210b",
|
|
"value": "http://snailmailrecall.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-c870-4e57-a9ab-f87b950d210b",
|
|
"value": "http://steveacker.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-bcfc-4363-a611-f87b950d210b",
|
|
"value": "http://starsretail.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-2398-4da3-9638-f87b950d210b",
|
|
"value": "http://podspeak.net/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215515",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdb-11f8-4890-b7c6-f87b950d210b",
|
|
"value": "http://stephensimmer.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-8cc8-4bca-a421-f87b950d210b",
|
|
"value": "http://biznetbrokers.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-3560-4a94-8cdb-f87b950d210b",
|
|
"value": "http://ofbcorporation.com/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-7010-4aea-8de6-f87b950d210b",
|
|
"value": "http://spriebel.de/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-0d44-45cc-bcca-f87b950d210b",
|
|
"value": "http://siteweb.olympe.in/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-4164-453e-be2b-f87b950d210b",
|
|
"value": "http://yumyums.comcastbiz.net/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-0da4-40f9-ae9c-f87b950d210b",
|
|
"value": "http://prfc.com.au/putty/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Compromised hosts",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1432215516",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "555ddfdc-8f08-4a9f-87ba-f87b950d210b",
|
|
"value": "http://helpmydiabetes.info/wp-includes/"
|
|
}
|
|
]
|
|
}
|
|
} |