adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5464a711-55dc-4416-aad2-4aba950d210b.json

330 lines
No EOL
9.3 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2014-10-30",
"extends_uuid": "",
"info": "OSINT Black Energy 2 malware analysis blog post by Joseph Mlodzianowski",
"publish_timestamp": "1444059774",
"published": true,
"threat_level_id": "2",
"timestamp": "1444059767",
"uuid": "5464a711-55dc-4416-aad2-4aba950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#33FF00",
"local": "0",
"name": "tlp:green",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882527",
"to_ids": false,
"type": "link",
"uuid": "5464a71f-6484-4c06-be36-49d4950d210b",
"value": "http://sub0day.com/2014/10/black-energy-ii-ii/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882536",
"to_ids": false,
"type": "comment",
"uuid": "5464a728-9560-4fa9-b497-4daf950d210b",
"value": "Data entered by David Andr\u00c3\u00a9"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882639",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a78f-c6e4-4074-92d5-4d5f950d210b",
"value": "5.79.80.166"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882639",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a78f-3430-4010-9490-4f4e950d210b",
"value": "5.61.38.31"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882639",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a78f-43e8-4a60-857f-47c8950d210b",
"value": "5.255.87.39"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882639",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a78f-ec18-4bca-89c6-4b7a950d210b",
"value": "37.220.34.56"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-85b4-460e-b87f-49a9950d210b",
"value": "46.165.222.6"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-8d88-499d-99bf-408c950d210b",
"value": "46.165.222.101"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-abdc-4659-af76-41d6950d210b",
"value": "46.4.28.218"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-0038-4117-b2c4-452b950d210b",
"value": "4.65.222.28"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-a3e8-4914-8375-43d2950d210b",
"value": "78.46.40.239"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-0c8c-4def-9609-4b8d950d210b",
"value": "84.19.161.123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-a85c-4beb-94cd-43f3950d210b",
"value": "85.17.94.134"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-180c-4281-a965-492b950d210b",
"value": "89.149.223.205"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-f2a8-4332-8318-48a9950d210b",
"value": "95.143.193.182"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-0f34-44b7-b699-4b00950d210b",
"value": "95.211.122.36"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-355c-484d-91db-445b950d210b",
"value": "109.236.88.12"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-e3ec-4ae5-b50b-45ca950d210b",
"value": "124.217.253.10"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-dd60-4fb1-918a-4a2f950d210b",
"value": "184.22.205.194"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882640",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a790-d79c-4070-8085-4050950d210b",
"value": "188.227.176.74"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882641",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a791-6cac-4bd9-8f22-47d9950d210b",
"value": "194.28.172.58"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882641",
"to_ids": true,
"type": "ip-dst",
"uuid": "5464a791-5748-4632-82c8-4b1b950d210b",
"value": "212.124.110.62"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882698",
"to_ids": true,
"type": "regkey|value",
"uuid": "5464a7ca-a034-44c3-ba38-43d9950d210b",
"value": "HKLM\\SYSTEM\\ControlSet001\\Services\\xliigeobghmg\\ImagePath|%TEMP%\\ristialm.sys"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882733",
"to_ids": true,
"type": "filename",
"uuid": "5464a7ed-9588-4885-be90-4c22950d210b",
"value": "%TEMP%\\ristialm.sys"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882907",
"to_ids": true,
"type": "domain",
"uuid": "5464a89b-8480-4502-bdaa-4ea8950d210b",
"value": "agxxgle.in"
},
{
"category": "Network activity",
"comment": "POST",
"deleted": false,
"disable_correlation": false,
"timestamp": "1415882921",
"to_ids": true,
"type": "url",
"uuid": "5464a8a9-9704-47f3-9d30-445a950d210b",
"value": "http://agxxgle.in/good/getcfg.php"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1444059767",
"to_ids": false,
"type": "text",
"uuid": "56129a77-a6c4-4e25-a213-42d0950d210b",
"value": "BlackEnergy"
}
]
}
}
Reference in a new issue View git blame Copy permalink