374 lines
No EOL
11 KiB
JSON
374 lines
No EOL
11 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2014-10-11",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Shellshock exploitation from Red Sky Weekly blog post",
|
|
"publish_timestamp": "1413374133",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1413280400",
|
|
"uuid": "543cf0a2-e1d8-4c20-bb05-9177950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#33FF00",
|
|
"local": "0",
|
|
"name": "tlp:green",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413279919",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "543cf0af-1304-42f8-9cf7-42b4950d210b",
|
|
"value": "Data encoded by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413279928",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "543cf0b9-c5c0-42e6-b945-46bb950d210b",
|
|
"value": "http://henrybasset.blogspot.be/2014/10/red-sky-weekly-faq-and-shellshock.html"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280142",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18e-6100-428f-864a-4de7950d210b",
|
|
"value": "14.163.12.119"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280142",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18e-f66c-40da-98ad-4de7950d210b",
|
|
"value": "77.29.189.34"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-8fac-4e40-9326-4de7950d210b",
|
|
"value": "78.15.20.81"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-b118-4936-9543-4de7950d210b",
|
|
"value": "78.161.195.166"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-0728-4008-9466-4de7950d210b",
|
|
"value": "79.136.130.110"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-5528-4b05-bdf2-4de7950d210b",
|
|
"value": "88.253.229.151"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-3d48-4092-a4bc-4de7950d210b",
|
|
"value": "93.139.212.67"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-6e78-49f0-8b5e-4de7950d210b",
|
|
"value": "109.227.100.189"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-dca4-47c7-842a-4de7950d210b",
|
|
"value": "112.156.18.40"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-e554-4f24-854c-4de7950d210b",
|
|
"value": "113.171.116.163"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-bff0-41bd-8694-4de7950d210b",
|
|
"value": "117.218.186.16"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-c6ac-47f7-b5ca-4de7950d210b",
|
|
"value": "118.172.123.111"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-3230-4742-a4a7-4de7950d210b",
|
|
"value": "119.130.114.154"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-f10c-4936-953b-4de7950d210b",
|
|
"value": "124.123.75.68"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-645c-4977-ab04-4de7950d210b",
|
|
"value": "178.120.175.81"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-242c-42d9-9cac-4de7950d210b",
|
|
"value": "178.121.79.68"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-d94c-45cd-af72-4de7950d210b",
|
|
"value": "190.49.241.220"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-c1d0-4f85-83d4-4de7950d210b",
|
|
"value": "190.82.114.190"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280143",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "543cf18f-cc10-4c57-ace5-4de7950d210b",
|
|
"value": "223.206.54.26"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280273",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "543cf211-4a54-4093-8a47-4de7950d210b",
|
|
"value": "Goga Gastoyan"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280273",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "543cf211-65bc-49c8-8e04-4de7950d210b",
|
|
"value": "bash@blogbuddy.ru"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280273",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "543cf211-fb30-4c8c-ba0f-4de7950d210b",
|
|
"value": "+7.4957452002"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280318",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "543cf23e-5c20-4500-b707-d188950d210b",
|
|
"value": "google-traffic-analytics.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280340",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "543cf254-72d4-49fa-9efc-451b950d210b",
|
|
"value": "stats.google-traffic-analytics.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280348",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "543cf25c-bbb4-4960-ae47-4d43950d210b",
|
|
"value": "http://google-traffic-analytics.com/cl.py"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280381",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "543cf27d-4270-4d4e-8c62-4246950d210b",
|
|
"value": "https://www.virustotal.com/en/file/052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d/analysis/"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280400",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "543cf290-1650-4d10-9448-4eaf950d210b",
|
|
"value": "7847e83ad52b8b32ae14522e1a960370"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280442",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "543cf2ba-5b48-4477-a48b-9177950d210b",
|
|
"value": "24b24379c3a6e554d77428faa22b4176d78499b7"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1413280442",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "543cf2ba-5774-4371-ae45-9177950d210b",
|
|
"value": "052421011162421c7fbe1c9613e37b520a494034901dab1c6ee192466090421d"
|
|
}
|
|
]
|
|
}
|
|
} |