misp-circl-feed/feeds/circl/misp/55dc2f59-7238-468a-8956-575e950d210b.json

{
  "Event": {
    "analysis": "2",
    "date": "2015-08-24",
    "extends_uuid": "",
    "info": "OSINT RTF Exploit Installs Italian RAT: uWarrior by Palo Alto",
    "publish_timestamp": "1440504598",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1440494650",
    "uuid": "55dc2f59-7238-468a-8956-575e950d210b",
    "Orgc": {
      "name": "CthulhuSPRL.be",
      "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "local": "0",
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": "0",
        "name": "tlp:white",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493443",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc2f83-ce00-42b3-946c-58f2950d210b",
        "value": "http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-rat-uwarrior/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493443",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc2f83-5594-4ed1-a759-58f2950d210b",
        "value": "https://otx.alienvault.com/pulse/55dbbc8c67db8c7bb8cb68c4/"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493504",
        "to_ids": true,
        "type": "filename",
        "uuid": "55dc2fc0-ea3c-4a08-9158-58ef950d210b",
        "value": "%AppData%\\Local\\Temp\\bootloader.dec"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493504",
        "to_ids": true,
        "type": "filename",
        "uuid": "55dc2fc0-1510-46aa-a516-58ef950d210b",
        "value": "%AppData%\\Roaming\\warriors.dat"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493504",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "55dc2fc0-9124-4ef4-866a-58ef950d210b",
        "value": "23.249.225.140"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": true,
        "type": "sha256",
        "uuid": "55dc2fc1-e328-49c5-951a-58ef950d210b",
        "value": "57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": true,
        "type": "sha256",
        "uuid": "55dc2fc1-4f84-491a-9d9a-58ef950d210b",
        "value": "5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "55dc2fc1-0704-42bb-99e6-58ef950d210b",
        "value": "63.142.245.12"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": true,
        "type": "sha256",
        "uuid": "55dc2fc1-e34c-4e1a-a6cc-58ef950d210b",
        "value": "a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": false,
        "type": "vulnerability",
        "uuid": "55dc2fc1-7808-451d-8a34-58ef950d210b",
        "value": "CVE-2012-1856"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": false,
        "type": "vulnerability",
        "uuid": "55dc2fc1-84fc-484d-a0b8-58ef950d210b",
        "value": "CVE-2015-1770"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493505",
        "to_ids": true,
        "type": "sha256",
        "uuid": "55dc2fc1-c2a8-4ac7-be4a-58ef950d210b",
        "value": "f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493506",
        "to_ids": true,
        "type": "hostname",
        "uuid": "55dc2fc2-a12c-4986-9c18-58ef950d210b",
        "value": "login.collegefan.org"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440493506",
        "to_ids": true,
        "type": "hostname",
        "uuid": "55dc2fc2-3858-4ae4-a9f4-58ef950d210b",
        "value": "login.loginto.me"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494650",
        "to_ids": true,
        "type": "sha1",
        "uuid": "55dc343a-c350-47f7-978f-575e950d210b",
        "value": "844d4888ec0968a9b6da60ec2f1f2aa26937e201"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494650",
        "to_ids": true,
        "type": "md5",
        "uuid": "55dc343a-d060-4295-8e35-575e950d210b",
        "value": "828858985c3456e0e5c2bd8add46344b"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494650",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc343a-f080-43dc-a122-575e950d210b",
        "value": "https://www.virustotal.com/file/f4aa83297844eb8297711e32554e41f677cce290732171583199a57fb7a0674b/analysis/1440299283/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494651",
        "to_ids": true,
        "type": "sha1",
        "uuid": "55dc343b-6f78-41f9-948a-575e950d210b",
        "value": "fb434ba4f1eaf9f7f20fe6f49c4375e90fa98069"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494651",
        "to_ids": true,
        "type": "md5",
        "uuid": "55dc343b-eed8-4b86-bb83-575e950d210b",
        "value": "ae6b65ca7cbd4ca0ba86c6278c834547"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494651",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc343b-a264-4918-981d-575e950d210b",
        "value": "https://www.virustotal.com/file/a6dea088c9e2c9191e4c2fc4ece7b7b7bd3f034f444362d35c8765f6ec4bd279/analysis/1440434527/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494651",
        "to_ids": true,
        "type": "sha1",
        "uuid": "55dc343b-5e60-488c-8a4c-575e950d210b",
        "value": "777ba38c219d5c0251571b00d630fa3c5a59c9ac"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494651",
        "to_ids": true,
        "type": "md5",
        "uuid": "55dc343b-2ff4-4025-99dd-575e950d210b",
        "value": "4ec51012233e45e8e293c61250b080ac"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494652",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc343c-1900-4100-adf0-575e950d210b",
        "value": "https://www.virustotal.com/file/5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc/analysis/1439560797/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494652",
        "to_ids": true,
        "type": "sha1",
        "uuid": "55dc343c-ca88-49f9-b19d-575e950d210b",
        "value": "58318739e970bbfa3ef45673f47b09ba3fe3f20b"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494652",
        "to_ids": true,
        "type": "md5",
        "uuid": "55dc343c-2a5c-4153-bca2-575e950d210b",
        "value": "114c8d4316248de8630364cf4c24a754"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1440494652",
        "to_ids": false,
        "type": "link",
        "uuid": "55dc343c-0144-42ed-9807-575e950d210b",
        "value": "https://www.virustotal.com/file/57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c/analysis/1440470623/"
      }
    ]
  }
}