misp-circl-feed/feeds/circl/misp/57b57c2f-9218-4138-bd36-48e4950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2015-01-17",
    "extends_uuid": "",
    "info": "OSINT Potential CNC base on CCNE activities described in NSA document leak",
    "publish_timestamp": "1471512100",
    "published": true,
    "threat_level_id": "4",
    "timestamp": "1471511981",
    "uuid": "57b57c2f-9218-4138-bd36-48e4950d210f",
    "Orgc": {
      "name": "CthulhuSPRL.be",
      "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "name": "tlp:white"
      },
      {
        "colour": "#ffffff",
        "name": "OSINT"
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511629",
        "to_ids": false,
        "type": "link",
        "uuid": "57b57c4d-2b1c-4b31-a6e2-4acc950d210f",
        "value": "http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409-2.html"
      },
      {
        "category": "External analysis",
        "comment": "page 22",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511647",
        "to_ids": false,
        "type": "link",
        "uuid": "57b57c5f-427c-47f8-91fb-4ca8950d210f",
        "value": "http://www.spiegel.de/media/media-35684.pdf"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511739",
        "to_ids": true,
        "type": "domain",
        "uuid": "57b57cbb-57d8-48a6-a9c5-4355950d210f",
        "value": "mcee.org"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511739",
        "to_ids": true,
        "type": "domain",
        "uuid": "57b57cbb-e2cc-4184-9628-4437950d210f",
        "value": "sandrogolinelli.net"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511739",
        "to_ids": true,
        "type": "domain",
        "uuid": "57b57cbb-b380-46eb-b811-4d13950d210f",
        "value": "transpersia.com"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511783",
        "to_ids": false,
        "type": "comment",
        "uuid": "57b57ce7-a878-4cbe-b248-4f65950d210f",
        "value": "The document is about 4th party collection by NSA (NSA collecting data that other 3rd parties obtain via hacking)."
      },
      {
        "category": "Artifacts dropped",
        "comment": "Hash mentioned on PassiveTotal as linked to mcee.org according to data from ProofPoint",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511937",
        "to_ids": true,
        "type": "md5",
        "uuid": "57b57d81-eab8-4bb3-9396-49ea950d210f",
        "value": "610695802715595c52cafa0c19ff5a20"
      },
      {
        "category": "Network activity",
        "comment": "sandrogolinelli.net resolved to that IP between 2014-01-23 03:04:41 & 2014-02-05 00:00:00",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1471511981",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "57b57dad-d18c-43aa-8e4c-4701950d210f",
        "value": "208.73.210.155"
      }
    ]
  }
}