480 lines
No EOL
15 KiB
JSON
480 lines
No EOL
15 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-02-13",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Turla - Harnessing SSL Certificates Using Infrastructure Chaining",
|
|
"publish_timestamp": "1456737775",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1455618994",
|
|
"uuid": "56bf4797-aaf4-4e08-ab5f-6cf102de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376305",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56bf47b1-a480-4f4c-b51e-6cf302de0b81",
|
|
"value": "http://blog.passivetotal.org/harnessing-ssl-certificates-using-infrastructure-chaining/"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376334",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47ce-9408-4be2-b1f1-4a7e02de0b81",
|
|
"value": "trytowin.ignorelist.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376334",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47ce-7a38-4646-9e20-4a4802de0b81",
|
|
"value": "treesofter.mooo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376334",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47ce-fd88-48ff-89b3-4b6e02de0b81",
|
|
"value": "sportinfo.yourtrap.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376335",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47cf-4a8c-4f7e-bb54-4ff502de0b81",
|
|
"value": "profound.zzux.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376335",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47cf-c7ac-4e9d-aafc-426c02de0b81",
|
|
"value": "badget.ignorelist.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376335",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47cf-0eec-4450-bf9a-407702de0b81",
|
|
"value": "norwaynews.mooo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376335",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47cf-c290-46d7-80bb-424402de0b81",
|
|
"value": "dellservice.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376336",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47d0-d180-453e-b465-438402de0b81",
|
|
"value": "priceline.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376336",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47d0-f90c-4550-9f18-479a02de0b81",
|
|
"value": "forumgeek.zzux.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376336",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56bf47d0-906c-4350-9fcc-4b0002de0b81",
|
|
"value": "mouses.strangled.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376358",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e6-bf18-42f0-97aa-6cf202de0b81",
|
|
"value": "209.239.79.69"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376360",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e8-50d0-46b5-b1bb-6cf202de0b81",
|
|
"value": "82.146.174.240"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376360",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e8-f8d8-4498-8844-6cf202de0b81",
|
|
"value": "82.146.166.61"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376361",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e9-debc-47cd-b05b-6cf202de0b81",
|
|
"value": "193.220.55.6"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376361",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e9-6574-436a-a15f-6cf202de0b81",
|
|
"value": "83.229.62.212"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376361",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47e9-6f98-4861-889c-6cf202de0b81",
|
|
"value": "169.255.100.152"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376362",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ea-8778-4212-bfc3-6cf202de0b81",
|
|
"value": "113.208.81.33"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376362",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ea-5ae0-444d-9981-6cf202de0b81",
|
|
"value": "82.146.174.40"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376362",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ea-e64c-47d2-a5b5-6cf202de0b81",
|
|
"value": "82.146.175.52"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376363",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47eb-5afc-4b77-a1a8-6cf202de0b81",
|
|
"value": "113.208.81.48"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376363",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47eb-dc6c-46a9-9320-6cf202de0b81",
|
|
"value": "83.229.75.141"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376363",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47eb-9b38-4c8d-9839-6cf202de0b81",
|
|
"value": "77.246.76.19"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376364",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ec-7348-41ed-9136-6cf202de0b81",
|
|
"value": "209.239.79.121"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376364",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ec-98b8-4ef1-ac54-6cf202de0b81",
|
|
"value": "209.239.79.125"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376364",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ec-f608-44c6-b46a-6cf202de0b81",
|
|
"value": "217.194.150.31"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376365",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ed-734c-4275-ba91-6cf202de0b81",
|
|
"value": "82.146.166.58"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376365",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ed-bae8-4120-a550-6cf202de0b81",
|
|
"value": "217.194.149.111"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376365",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ed-a55c-4289-9e7e-6cf202de0b81",
|
|
"value": "169.255.100.122"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376366",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ee-9ef8-411a-8317-6cf202de0b81",
|
|
"value": "169.255.101.65"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376366",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ee-5aa0-42a2-b509-6cf202de0b81",
|
|
"value": "113.208.81.55"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376366",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ee-63a8-43ed-927b-6cf202de0b81",
|
|
"value": "217.8.36.239"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376367",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ef-2cb8-4b68-990c-6cf202de0b81",
|
|
"value": "83.229.62.210"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376367",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ef-30d0-4a1f-bdcc-6cf202de0b81",
|
|
"value": "82.146.175.48"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376367",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47ef-113c-48d4-b593-6cf202de0b81",
|
|
"value": "82.146.175.69"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47f0-67c0-4232-acad-6cf202de0b81",
|
|
"value": "41.203.79.74"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47f0-f9d0-45e1-a374-6cf202de0b81",
|
|
"value": "77.73.187.223"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455376368",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56bf47f0-3650-46bc-b9e7-6cf202de0b81",
|
|
"value": "217.194.150.22"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455618994",
|
|
"to_ids": true,
|
|
"type": "x509-fingerprint-sha1",
|
|
"uuid": "56bf5021-3dac-4cbd-9927-6cf502de0b81",
|
|
"value": "f415844680ed9118ea74e0c7712b35044f0cc20d"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455526670",
|
|
"to_ids": false,
|
|
"type": "threat-actor",
|
|
"uuid": "56c1930e-8fc8-4167-950b-4989950d210f",
|
|
"value": "Turla"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455526638",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "56c192ee-73d8-4bd5-9b37-47af950d210f",
|
|
"value": "Turla"
|
|
}
|
|
]
|
|
}
|
|
} |