misp-circl-feed/feeds/circl/misp/57adad28-ac28-49f0-b8d5-7495950d210f.json

121 lines
No EOL
3.7 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2016-08-12",
"extends_uuid": "",
"info": "OSINT New C2 \u00e2\u20ac\u201c Neutrino Exploit Kit via pseudoDarkleech HOPTO.ORG gate delivers CrypMic Ransomware by Broad Analysis",
"publish_timestamp": "1471000507",
"published": true,
"threat_level_id": "3",
"timestamp": "1471000487",
"uuid": "57adad28-ac28-49f0-b8d5-7495950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000309",
"to_ids": false,
"type": "link",
"uuid": "57adaef5-bd68-4f9b-8a2e-6c4f950d210f",
"value": "http://www.broadanalysis.com/2016/08/08/new-c2-neutrino-exploit-kit-via-pseudodarkleech-hopto-org-gate-delivers-crypmic-ransomware/"
},
{
"category": "Network activity",
"comment": "Redirect GATE",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000365",
"to_ids": true,
"type": "ip-dst",
"uuid": "57adaf2d-c848-4a48-8ae0-7495950d210f",
"value": "83.217.27.178"
},
{
"category": "Network activity",
"comment": "Redirect GATE",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000391",
"to_ids": true,
"type": "hostname",
"uuid": "57adaf47-646c-469a-a6c7-7495950d210f",
"value": "jkgbpsh.hopto.org"
},
{
"category": "Network activity",
"comment": "Neutrino EK",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000413",
"to_ids": true,
"type": "ip-dst",
"uuid": "57adaf5d-f3a8-46f6-8efc-3297950d210f",
"value": "51.254.30.225"
},
{
"category": "Network activity",
"comment": "Neutrino EK",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000437",
"to_ids": true,
"type": "hostname",
"uuid": "57adaf75-8f48-4c71-9219-42f4950d210f",
"value": "saveoldclinicas.propertymanager.eu.com"
},
{
"category": "Network activity",
"comment": "Port 443 Clear text \u00e2\u20ac\u201c C2 Check-In \u00e2\u20ac\u201c POST INFECTION TRAFFIC Germany, AS24961 myLoc managed IT AG,",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000460",
"to_ids": true,
"type": "ip-dst",
"uuid": "57adaf8c-8edc-4b48-8a0f-3299950d210f",
"value": "85.14.243.9"
},
{
"category": "Network activity",
"comment": "Domains for ransom payments",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000487",
"to_ids": true,
"type": "url",
"uuid": "57adafa7-cfe0-47f1-8c70-3299950d210f",
"value": "http://ccjlwb22w6c22p2k.onion.to"
},
{
"category": "Network activity",
"comment": "Domains for ransom payments",
"deleted": false,
"disable_correlation": false,
"timestamp": "1471000487",
"to_ids": true,
"type": "url",
"uuid": "57adafa7-f574-46df-9e77-3299950d210f",
"value": "http://ccjlwb22w6c22p2k.onion.city"
}
]
}
}