adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/595d508c-dc3c-49e8-8288-4a6002de0b81.json

423 lines
No EOL
16 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "0",
"date": "2017-07-05",
"extends_uuid": "",
"info": "OSINT - The MeDoc Connection",
"publish_timestamp": "1499287907",
"published": true,
"threat_level_id": "3",
"timestamp": "1499287883",
"uuid": "595d508c-dc3c-49e8-8288-4a6002de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d509a-d224-4645-b1ac-439102de0b81",
"value": "The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the attack. The investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware. By utilizing stolen credentials, the actor was able to manipulate the update server for M.E.Doc to proxy connections to an actor-controlled server. Based on the findings, Talos remains confident that the attack was destructive in nature. The effects were broad reaching, with Ukraine Cyber police confirming over 2000 affected companies in Ukraine alone.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "link",
"uuid": "595d50a4-bd20-437d-8737-434802de0b81",
"value": "http://blog.talosintelligence.com/2017/07/the-medoc-connection.html",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c5-f144-46fd-b6ff-46db02de0b81",
"value": "W32.Ransomware.Nyetya.Talos"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c6-db5c-4e7e-9db0-4d1002de0b81",
"value": "W32.F9D6FE8BD8.Backdoor.Ransomware.Nyetya.Talos"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c6-569c-4921-b849-47d002de0b81",
"value": "W32.D462966166.Backdoor.Ransomware.Nyetya.Talos"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c6-3ab8-40f2-bf02-4c4a02de0b81",
"value": "W32.2FD2863D71.Backdoor.Ransomware.Nyetya.Talos"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c6-8674-4393-aaa3-434a02de0b81",
"value": "W32.02EF73BD24-95.SBX.TG"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": false,
"type": "text",
"uuid": "595d50c6-f770-47d6-a061-496202de0b81",
"value": "W32.GenericKD:Petya.20h1.1201"
},
{
"category": "Network activity",
"comment": "MALICIOUS IP ADDRESSES:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "ip-dst",
"uuid": "595d50d5-2328-427b-9535-4fe302de0b81",
"value": "176.31.182.167"
},
{
"category": "Network activity",
"comment": "MALICIOUS IP ADDRESSES:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "ip-dst",
"uuid": "595d50d5-f8e8-4769-93b1-400e02de0b81",
"value": "159.148.186.214"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50e8-d3f0-4552-9306-437c02de0b81",
"value": "027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50e8-307c-4a7f-b19b-4e0502de0b81",
"value": "02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50e8-7a6c-493f-a1c8-452502de0b81",
"value": "eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50fb-f4a8-4e59-8d73-436402de0b81",
"value": "f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50fb-3ac8-473b-82c8-45f002de0b81",
"value": "d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287883",
"to_ids": true,
"type": "sha256",
"uuid": "595d50fb-1dcc-4ac3-9755-4ff802de0b81",
"value": "2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: 2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-c9ac-4ccd-bb65-499602de0b81",
"value": "3567434e2e49358e8210674641a20b147e0bd23c"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: 2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-d144-4815-98f0-4c9d02de0b81",
"value": "3efe62f6cb7285153114f888900a0962"
},
{
"category": "External analysis",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: 2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-81e4-4e91-8bc4-4be202de0b81",
"value": "https://www.virustotal.com/file/2fd2863d711a1f18eeee5c7c82f2349c5d4e00465de9789da837fcdca4d00277/analysis/1499286304/"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-a0ac-487c-a2ba-41f202de0b81",
"value": "7f3b1c56c180369ae7891483675bec61f3182f27"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-4188-483d-9fd9-4a9702de0b81",
"value": "87db6af04613f4bd70467720239117e5"
},
{
"category": "External analysis",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-1d84-4628-99a6-44a102de0b81",
"value": "https://www.virustotal.com/file/d462966166450416d6addd3bfdf48590f8440dd80fc571a389023b7c860ca3ac/analysis/1499278990/"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-857c-4902-81e0-455102de0b81",
"value": "7b051e7e7a82f07873fa360958acc6492e4385dd"
},
{
"category": "Payload delivery",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-5fe8-42ca-850a-42c002de0b81",
"value": "8f5718be4ba2c6e4f8ce1597248bb03f"
},
{
"category": "External analysis",
"comment": "M.E.DOC ZVITPUBLISHEDOBJECTS.DLL FILES WITH BACKDOOR: - Xchecked via VT: f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-d7c0-4e20-ba7f-4b9d02de0b81",
"value": "https://www.virustotal.com/file/f9d6fe8bd8aca6528dec7eaa9f1aafbecde15fd61668182f2ba8a7fc2b9a6740/analysis/1499256049/"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-9030-4303-9902-496d02de0b81",
"value": "56c03d8e43f50568741704aee482704a4f5005ad"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-b8bc-4293-a0ea-4dff02de0b81",
"value": "2813d34f6197eb4df42c886ec7f234a1"
},
{
"category": "External analysis",
"comment": "NYETYA MALWARE - Xchecked via VT: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-c4e0-49cc-82d7-468802de0b81",
"value": "https://www.virustotal.com/file/eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998/analysis/1498939521/"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-0284-4d7b-9762-494a02de0b81",
"value": "38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-d754-4082-9b7a-451102de0b81",
"value": "7e37ab34ecdcc3e77e24522ddfd4852d"
},
{
"category": "External analysis",
"comment": "NYETYA MALWARE - Xchecked via VT: 02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-3d18-431e-bcf0-457c02de0b81",
"value": "https://www.virustotal.com/file/02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f/analysis/1499122164/"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "sha1",
"uuid": "595d514c-0248-4f6d-a21e-422702de0b81",
"value": "34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d"
},
{
"category": "Payload delivery",
"comment": "NYETYA MALWARE - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": true,
"type": "md5",
"uuid": "595d514c-363c-4b80-b083-469102de0b81",
"value": "71b6a493388e7d0b40c83ce903bc6b04"
},
{
"category": "External analysis",
"comment": "NYETYA MALWARE - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"deleted": false,
"disable_correlation": false,
"timestamp": "1499287884",
"to_ids": false,
"type": "link",
"uuid": "595d514c-a394-41bb-9d53-404102de0b81",
"value": "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1499267430/"
}
]
}
}
Reference in a new issue View git blame Copy permalink