572 lines
No EOL
17 KiB
JSON
572 lines
No EOL
17 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-09-04",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Threat Research Team Goes \u00e2\u20ac\u0153Beyond the Exploit\u00e2\u20ac\u009d in Search of Payloads from MS15-093 by bit9",
|
|
"publish_timestamp": "1456870676",
|
|
"published": true,
|
|
"threat_level_id": "4",
|
|
"timestamp": "1441627379",
|
|
"uuid": "55ed7c41-5a68-4307-8184-43bc950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627244",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ed7c6c-7e0c-4f13-8d69-4188950d210b",
|
|
"value": "https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627244",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "55ed7c6c-af98-4484-98df-4698950d210b",
|
|
"value": "https://otx.alienvault.com/pulse/55ed61d667db8c6fb3515d9a/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627367",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ce7-92f0-4be2-a287-42b7950d210b",
|
|
"value": "076ae76dcd0946ff913a9ce033e0ca55"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce8-8f68-4f22-b46a-41a6950d210b",
|
|
"value": "103.224.81.131"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce8-a9e0-4343-8874-4361950d210b",
|
|
"value": "103.249.28.5"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce8-e5b0-4c0d-ac93-4522950d210b",
|
|
"value": "103.249.28.6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627369",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce9-e734-45c4-9ae6-4b82950d210b",
|
|
"value": "104.151.10.100"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627369",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce9-21b8-4bbe-979f-4af4950d210b",
|
|
"value": "106.185.34.29"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627369",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ce9-166c-45a2-a5a5-418b950d210b",
|
|
"value": "107.183.149.75"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627370",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cea-b354-40c5-890d-41a6950d210b",
|
|
"value": "146.71.100.211"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627370",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cea-cbb8-4527-86fe-492b950d210b",
|
|
"value": "17a5621c765d9f2e3c117517b5ea0fd2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627370",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cea-1bec-4d76-9c28-4544950d210b",
|
|
"value": "180.210.207.133"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627370",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cea-e670-4f7a-85fc-4ddc950d210b",
|
|
"value": "184.164.70.96"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627371",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ceb-6d60-4ec7-8c94-4423950d210b",
|
|
"value": "200cc5c2482fc7968964dfc7a71f8fbd"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627371",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7ceb-730c-4811-a3d6-4b53950d210b",
|
|
"value": "216.139.227.86"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627371",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ceb-5dec-4699-acaa-41b9950d210b",
|
|
"value": "22eea74f771ff142163aa5ac02025f3a"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627372",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cec-4988-4aff-ae7e-4f8f950d210b",
|
|
"value": "23.228.204.6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627372",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cec-faa4-4306-951d-48a4950d210b",
|
|
"value": "23.27.192.115"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627372",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "55ed7cec-621c-48d9-b6fa-4370950d210b",
|
|
"value": "27.255.94.74"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627373",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ced-b4ac-4f91-a757-450f950d210b",
|
|
"value": "3475d208c6a67e7ddb3c266b79789773"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627373",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ced-ea38-4ffb-bd3a-497c950d210b",
|
|
"value": "43cda62a1b68d8978ca1357f4800cdf9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627373",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ced-9aac-4b4c-90bb-4acb950d210b",
|
|
"value": "66a2f4470913020780853bb06ef44b2f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627373",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7ced-39e4-4be3-a008-4a34950d210b",
|
|
"value": "6c260baa4367578778b1ecdaaab37ef9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627374",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cee-2484-49c9-a033-44af950d210b",
|
|
"value": "7cba74017b8baf7df9f6f7a42914d217"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627374",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cee-2394-43a2-a7e1-4fb6950d210b",
|
|
"value": "7d3e927bf918ac40b9d4bee748a34fc7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627374",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cee-901c-43e0-9ec6-4999950d210b",
|
|
"value": "828d0cafe4a88c2238cd3d29d8c29c1a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cef-36b0-4d88-b4fb-4115950d210b",
|
|
"value": "84bb1c8c5957125029e4fbfa9ec63045"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627375",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cef-4e60-4b5b-9b31-4432950d210b",
|
|
"value": "9e5f8d0d54c22bf09913d2f5399db352"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627375",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cef-6a5c-44ba-b9d6-4151950d210b",
|
|
"value": "app.theworldfun.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627376",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf0-0260-4a66-801e-44d0950d210b",
|
|
"value": "baba.koumm.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627376",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cf0-7e94-4065-95c1-487f950d210b",
|
|
"value": "bb5a0af2a95557cbb488e8ad33760b7f"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627376",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b",
|
|
"value": "cmc.apecscmc.com"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627376",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "55ed7cf0-fa88-4bdd-8349-4745950d210b",
|
|
"value": "CVE-2015-2502"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627377",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "55ed7cf1-041c-4017-a40f-4184950d210b",
|
|
"value": "ff39a8946b7e9342f57167e5eee95912"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627377",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "55ed7cf1-8428-448d-924e-4f4f950d210b",
|
|
"value": "gotoiknowledge.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627377",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf1-039c-4753-a97a-4040950d210b",
|
|
"value": "mail.theworldfun.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627377",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf1-3b7c-4e35-a7bf-48e6950d210b",
|
|
"value": "ov.theworldfun.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627378",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf2-6714-4087-be3d-492d950d210b",
|
|
"value": "update.avupdate.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627378",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf2-08e4-460d-b0df-4c9a950d210b",
|
|
"value": "www.konsocn.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627378",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf2-4630-4695-8cc1-47e1950d210b",
|
|
"value": "www.koumm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1441627379",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "55ed7cf3-5154-42af-a802-413c950d210b",
|
|
"value": "www.theworldfun.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860221",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c6a9fd-22b0-44ed-af02-c654950d210f",
|
|
"value": "dd4a55571b94d24703ad06476cbce9413e2f9ecf"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860223",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c6a9ff-b050-4cb5-8a2b-59a0950d210f",
|
|
"value": "c7b1a2bc996f4e3cc0b7211db82f12997cdacf6f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860225",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c6aa01-fee0-436d-992b-5f51950d210f",
|
|
"value": "67ede66874fe152d107f858acf906d7a70f1f709"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860227",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c6aa03-8e24-4f43-aa2a-5f51950d210f",
|
|
"value": "2d99e88c30cd805f5e346388d312f7a3e3386798"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860222",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c6a9fe-fc5c-4ec6-a32b-5f51950d210f",
|
|
"value": "c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860224",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c6aa00-9f50-4683-969c-4715950d210f",
|
|
"value": "61900fb9841a4d6d14e990163ea575694e684beaf912f50989b0013a9634196f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860226",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c6aa02-dd88-450b-83cf-c653950d210f",
|
|
"value": "71b201a5a7dfdbe91c0a7783f845b71d066c62014b944f488de5aec6272f907c"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455860228",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c6aa04-f4c8-4910-afdd-599e950d210f",
|
|
"value": "56ec1ccab98c1ed67a0095b7ec8e6b17b12da3e00d357274fa37ec63ec724c07"
|
|
}
|
|
]
|
|
}
|
|
} |