123 lines
No EOL
3.3 KiB
JSON
123 lines
No EOL
3.3 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-07-12",
|
|
"extends_uuid": "",
|
|
"info": "HackShit phishing as a service",
|
|
"publish_timestamp": "1500277912",
|
|
"published": true,
|
|
"threat_level_id": "4",
|
|
"timestamp": "1500277889",
|
|
"uuid": "596c6ae1-d4f0-4d84-8718-4a50950d210f",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#326300",
|
|
"local": "0",
|
|
"name": "circl:incident-classification=\"phishing\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#856c13",
|
|
"local": "0",
|
|
"name": "Phishing",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00e7e7",
|
|
"local": "0",
|
|
"name": "ecsirt:fraud=\"phishing\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277553",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "596c6b31-c730-4996-9438-4312950d210f",
|
|
"value": "https://resources.netskope.com/h/i/352356475-phishing-as-a-service-phishing-revamped"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277723",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "596c6bdb-1f2c-4d3a-9cc4-4909950d210f",
|
|
"value": "pod-1.logshit.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277723",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "596c6bdb-8704-4b6a-a588-49cf950d210f",
|
|
"value": "pod.logshit.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277734",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "596c6be6-72c8-4412-84e1-4bd9950d210f",
|
|
"value": "hackshit.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277734",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "596c6be6-0b2c-4e5a-be5d-4cb8950d210f",
|
|
"value": "logshit.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "CDN, but the hostname is specific to this customer/site",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1500277864",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "596c6c68-e7a0-4742-aaf2-4af3950d210f",
|
|
"value": "hspod-1.eu1.evennode.com"
|
|
}
|
|
]
|
|
}
|
|
} |