460 lines
No EOL
18 KiB
JSON
460 lines
No EOL
18 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2022-07-08",
|
|
"extends_uuid": "",
|
|
"info": "CSSF - Warnings",
|
|
"publish_timestamp": "1657287589",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1657287549",
|
|
"uuid": "f1bb8c57-f133-449e-974d-4fb0156050e1",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:sector=\"Finance\""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"name": "osint:lifetime=\"perpetual\""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"name": "osint:certainty=\"50\""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "7",
|
|
"timestamp": "1657287002",
|
|
"uuid": "54f071e1-ed34-4ec7-9d26-e228331ee76d",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "54f071e1-ed34-4ec7-9d26-e228331ee76d",
|
|
"referenced_uuid": "a38a9911-8903-4c5c-8eb4-8eee2c39de2f",
|
|
"relationship_type": "includes",
|
|
"timestamp": "1657287002",
|
|
"uuid": "7c58e04e-9792-491b-90fa-2d2df2afb4a9"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1657287510",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "3d0dad82-d8a4-4ab7-bcab-15abe3ad3852",
|
|
"value": "https://www.cssf.lu/en/2022/02/warning-concerning-the-usurpation-of-the-name-cssf/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1657287510",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "bde93d98-797a-482f-aa25-129de73654fd",
|
|
"value": "Warning concerning the usurpation of the name CSSF\r\n\r\nThe Commission de Surveillance du Secteur Financier (CSSF) warns the public of unknown persons who send emails with the address format secure@cssf.services, presenting themselves as a CSSF agent, and ask the recipient to divulge confidential information.\r\n\r\nThe CSSF would like to specify that only emails with the address format @cssf.lu are used for its email communications."
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1657286963",
|
|
"uuid": "a38a9911-8903-4c5c-8eb4-8eee2c39de2f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1657287510",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "f1e6d712-6280-43e5-a89a-36e2e341a50b",
|
|
"value": "cssf.services"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "7",
|
|
"timestamp": "1657287292",
|
|
"uuid": "a5f886f2-2cb5-4439-bae6-d72b67b32fe9",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a5f886f2-2cb5-4439-bae6-d72b67b32fe9",
|
|
"referenced_uuid": "51e4cf62-e441-411e-b00a-7c6c8194bef8",
|
|
"relationship_type": "includes",
|
|
"timestamp": "1657287209",
|
|
"uuid": "708accb7-633c-4a67-a6e2-10f84c026f8a"
|
|
},
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "a5f886f2-2cb5-4439-bae6-d72b67b32fe9",
|
|
"referenced_uuid": "579cf244-1a74-4f44-ad53-a26eaaae88e0",
|
|
"relationship_type": "includes",
|
|
"timestamp": "1657287292",
|
|
"uuid": "1afe5d93-927c-4f69-9381-200280486bdb"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1657287510",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "a110e11b-8061-4bff-8fe9-ebd09730dd90",
|
|
"value": "https://www.cssf.lu/en/2022/02/warning-regarding-the-fraudulent-activities-where-the-name-of-the-investment-firm-andreas-capital-s-a-is-misused/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1657287510",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "92892db2-e78b-460b-adb2-6bbe6fed80ae",
|
|
"value": "Warning regarding the fraudulent activities where the name of the investment firm Andreas Capital S.A. is misused\r\n\r\nThe Commission de Surveillance du Secteur Financier (CSSF) warns the public of the websites www.acces-andreascapital.com, www.andreasfx.com and unknown people who contact without solicitation potential investors by presenting themselves under the name \u201cAndreas Capital\u201d and offer notably a so-called \u201clivret Secur\u201d. By doing so, they misuse the name and the address of the investment firm governed by Luxembourg law Andreas Capital S.A. and send emails in the following format Firstname.Surname@andreascapital-online.com and soporte@andreasfx.com.\r\n\r\nThe CSSF would like to specify that the investment firm Andreas Capital S.A., duly authorised in Luxembourg in accordance with the Law of 5 April 1993 on the financial sector and subject to the CSSF\u2019s supervision is not related to the facts referred to in this warning.\r\n\r\n \r\n\r\nUpdated on 6 April 2022"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1657287510",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "e8c26b37-fe32-426e-849f-406b5c5e3a4c",
|
|
"value": "Alert"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1657287186",
|
|
"uuid": "51e4cf62-e441-411e-b00a-7c6c8194bef8",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1657287510",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "ae2e50b3-602f-418d-8eee-4791f3302133",
|
|
"value": "acces-andreascapital.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
|
|
"meta-category": "network",
|
|
"name": "domain-ip",
|
|
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
|
|
"template_version": "11",
|
|
"timestamp": "1657287247",
|
|
"uuid": "579cf244-1a74-4f44-ad53-a26eaaae88e0",
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "domain",
|
|
"timestamp": "1657287510",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "733b02aa-d72e-4e77-a0bc-0a03a8e60b51",
|
|
"value": "andreasfx.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "hostname",
|
|
"timestamp": "1657287510",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "df5dad2b-c691-45d3-baf5-3fe218d7284c",
|
|
"value": "www.andreasfx.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "acces-andreascapital.com: Enriched via the farsight_passivedns module",
|
|
"deleted": false,
|
|
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
|
|
"first_seen": "2021-12-13T07:17:05+00:00",
|
|
"last_seen": "2022-01-28T22:00:30+00:00",
|
|
"meta-category": "network",
|
|
"name": "passive-dns",
|
|
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
|
|
"template_version": "5",
|
|
"timestamp": "1657287549",
|
|
"uuid": "58eaa6ac-83a7-4242-8326-c5f899968eed",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "58eaa6ac-83a7-4242-8326-c5f899968eed",
|
|
"referenced_uuid": "51e4cf62-e441-411e-b00a-7c6c8194bef8",
|
|
"relationship_type": "related-to",
|
|
"timestamp": "1657287414",
|
|
"uuid": "bd40d78c-cd31-439b-8da7-111dd87f6956"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "rdata",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "f893dee7-9080-498c-b3cb-680440397e8c",
|
|
"value": "ns1.cp-34.webhostbox.net."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "rdata",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "87a4297f-8887-4c59-9ba9-5090b8f689bf",
|
|
"value": "ns2.cp-34.webhostbox.net."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "count",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "counter",
|
|
"uuid": "95aacf4c-2de8-4af3-ba56-d9b6e2342b1a",
|
|
"value": "20"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "time_first",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "b523074e-fce0-47a2-91cf-5bd690402ae1",
|
|
"value": "2021-12-13T07:17:05+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "time_last",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "a563873c-ea3a-4c9e-ae33-93ffcea51af8",
|
|
"value": "2022-01-28T22:00:30+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "rrname",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "2b38381a-0d65-4f38-83e3-9510ab9fbb66",
|
|
"value": "acces-andreascapital.com."
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "rrtype",
|
|
"timestamp": "1657287549",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "07da9db9-3959-4a73-8d29-449c0b80ac43",
|
|
"value": "NS"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Result from a rrset lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "bailiwick",
|
|
"timestamp": "1657287549",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "f04f785a-9427-40de-8afc-96a770672c52",
|
|
"value": "acces-andreascapital.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "acces-andreascapital.com: Enriched via the farsight_passivedns module",
|
|
"deleted": false,
|
|
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html",
|
|
"first_seen": "2021-12-23T10:44:53+00:00",
|
|
"last_seen": "2021-12-23T10:44:54+00:00",
|
|
"meta-category": "network",
|
|
"name": "passive-dns",
|
|
"template_uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
|
|
"template_version": "5",
|
|
"timestamp": "1657287536",
|
|
"uuid": "eb03004f-7350-4bd3-8a7c-9496009be9e0",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "eb03004f-7350-4bd3-8a7c-9496009be9e0",
|
|
"referenced_uuid": "51e4cf62-e441-411e-b00a-7c6c8194bef8",
|
|
"relationship_type": "related-to",
|
|
"timestamp": "1657287414",
|
|
"uuid": "7b2e8261-bc79-4619-b015-a1ff4f2d8182"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "rdata",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "684cdb63-7edb-4d88-a5b1-434dfa21d4ce",
|
|
"value": "acces-andreascapital.com."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "count",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "counter",
|
|
"uuid": "386018c2-4468-4e61-abe8-119fb0d8b00a",
|
|
"value": "2"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "time_first",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "0690592c-bcf4-4e6c-a933-f1d6e2d009d1",
|
|
"value": "2021-12-23T10:44:53+00:00"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "time_last",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "f013cb58-63b7-4ad9-a2b5-2a7228a80ba2",
|
|
"value": "2021-12-23T10:44:54+00:00"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "rrname",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "1d11be09-34a1-4957-ac6c-441719a66886",
|
|
"value": "www.acces-andreascapital.com."
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Result from a rdata lookup on DNSDB about the domain name: acces-andreascapital.com",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "rrtype",
|
|
"timestamp": "1657287536",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "93e921e8-602a-447c-b48b-b2c5a7b95211",
|
|
"value": "CNAME"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |