misp-circl-feed/feeds/circl/misp/555ddeca-3ecc-40e3-9ebd-177c950d210b.json

407 lines
No EOL
12 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2015-05-18",
"extends_uuid": "",
"info": "OSINT Trojanized PuTTY Software by Cisco CSIRT",
"publish_timestamp": "1432230558",
"published": true,
"threat_level_id": "3",
"timestamp": "1432215514",
"uuid": "555ddeca-3ecc-40e3-9ebd-177c950d210b",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215259",
"to_ids": false,
"type": "link",
"uuid": "555ddedb-d3b0-4064-9927-f221950d210b",
"value": "http://blogs.cisco.com/security/trojanized-putty-software"
},
{
"category": "Artifacts dropped",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215326",
"to_ids": true,
"type": "md5",
"uuid": "555ddf1e-9e64-41cf-bde3-4c7b950d210b",
"value": "b5c88d5af37afd13f89957150f9311ca"
},
{
"category": "Artifacts dropped",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215326",
"to_ids": true,
"type": "sha1",
"uuid": "555ddf1e-2d64-465a-8e92-4901950d210b",
"value": "51c409b7f0c641ce3670b169b9a7515ac38cdb82"
},
{
"category": "Artifacts dropped",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215327",
"to_ids": true,
"type": "sha256",
"uuid": "555ddf1f-46a4-42d5-b9fa-4d64950d210b",
"value": "d3e866e5bf18f2d9c667563de9150b705813e03377312b6974923f6af2e56291"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215354",
"to_ids": false,
"type": "text",
"uuid": "555ddf3a-bc50-4045-9947-ab11950d210b",
"value": "MalZilla"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215355",
"to_ids": false,
"type": "text",
"uuid": "555ddf3b-fbb0-43f0-bbe3-ab11950d210b",
"value": "MalPutty"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215368",
"to_ids": true,
"type": "domain",
"uuid": "555ddf48-ee64-4898-a8fb-d8ba950d210b",
"value": "ngusto-uro.ru"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215368",
"to_ids": true,
"type": "domain",
"uuid": "555ddf48-68b8-42a8-b9e4-d8ba950d210b",
"value": "go-upload.ru"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215368",
"to_ids": true,
"type": "domain",
"uuid": "555ddf48-7240-488a-a033-d8ba950d210b",
"value": "aliserv2013.ru"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215391",
"to_ids": true,
"type": "ip-dst",
"uuid": "555ddf5f-6aec-4e2f-a1a0-4eff950d210b",
"value": "144.76.120.243"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215391",
"to_ids": true,
"type": "ip-dst",
"uuid": "555ddf5f-5414-454b-afe8-492f950d210b",
"value": "193.227.240.131"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215392",
"to_ids": true,
"type": "ip-dst",
"uuid": "555ddf60-6fc4-4c78-bccc-4c07950d210b",
"value": "146.185.239.3"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215417",
"to_ids": true,
"type": "user-agent",
"uuid": "555ddf79-21c4-4c68-ae65-f221950d210b",
"value": "Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.9.168 Version/11.51"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-d3a0-42ed-a9ed-f87b950d210b",
"value": "http://stc-castelnaudary.fr/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-8af8-4619-b846-f87b950d210b",
"value": "http://holidaystennisclub.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-b92c-4cbf-bd20-f87b950d210b",
"value": "http://stonarov.wz.cz/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-9a08-4486-bbc7-f87b950d210b",
"value": "http://stabryl.home.pl/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-2578-4c24-ac26-f87b950d210b",
"value": "http://mohsenfeshari.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215514",
"to_ids": true,
"type": "url",
"uuid": "555ddfda-27b8-4027-92a3-f87b950d210b",
"value": "http://nwedigital.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-a4f4-4517-a9d2-f87b950d210b",
"value": "http://kangasquads.com.au/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-b29c-4b92-8fb1-f87b950d210b",
"value": "http://sistemaysoporte.es/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-2810-4ecc-b53d-f87b950d210b",
"value": "http://straydogwinter.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-062c-45d6-a96f-f87b950d210b",
"value": "http://snailmailrecall.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-c870-4e57-a9ab-f87b950d210b",
"value": "http://steveacker.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-bcfc-4363-a611-f87b950d210b",
"value": "http://starsretail.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-2398-4da3-9638-f87b950d210b",
"value": "http://podspeak.net/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215515",
"to_ids": true,
"type": "url",
"uuid": "555ddfdb-11f8-4890-b7c6-f87b950d210b",
"value": "http://stephensimmer.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-8cc8-4bca-a421-f87b950d210b",
"value": "http://biznetbrokers.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-3560-4a94-8cdb-f87b950d210b",
"value": "http://ofbcorporation.com/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-7010-4aea-8de6-f87b950d210b",
"value": "http://spriebel.de/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-0d44-45cc-bcca-f87b950d210b",
"value": "http://siteweb.olympe.in/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-4164-453e-be2b-f87b950d210b",
"value": "http://yumyums.comcastbiz.net/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-0da4-40f9-ae9c-f87b950d210b",
"value": "http://prfc.com.au/putty/"
},
{
"category": "Network activity",
"comment": "Compromised hosts",
"deleted": false,
"disable_correlation": false,
"timestamp": "1432215516",
"to_ids": true,
"type": "url",
"uuid": "555ddfdc-8f08-4a9f-87ba-f87b950d210b",
"value": "http://helpmydiabetes.info/wp-includes/"
}
]
}
}