1452 lines
No EOL
44 KiB
JSON
1452 lines
No EOL
44 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2014-10-27",
|
|
"extends_uuid": "",
|
|
"info": "OSINT ScanBox framework \u00e2\u20ac\u201c who\u00e2\u20ac\u2122s affected, and who\u00e2\u20ac\u2122s using it? by PWC",
|
|
"publish_timestamp": "1456151044",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1416347276",
|
|
"uuid": "546bba61-69d0-4c0e-8066-4942950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#33FF00",
|
|
"local": "0",
|
|
"name": "tlp:green",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346219",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "546bba6b-9a8c-4bf5-89d1-f2ea950d210b",
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346230",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bba76-3cc8-4b33-9dfe-4606950d210b",
|
|
"value": "Scanbox"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346430",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbb3e-4368-4df5-9ac8-c1e7950d210b",
|
|
"value": "js.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346430",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbb3e-8954-4180-949f-c1e7950d210b",
|
|
"value": "code.googlecaches.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346430",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbb3e-ce9c-4de3-b97a-c1e7950d210b",
|
|
"value": "news.foundationssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346430",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbb3e-ee6c-4306-a2fa-c1e7950d210b",
|
|
"value": "qoog1e.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-7f98-47cd-bd6f-f2ea950d210b",
|
|
"value": "103.246.247.246"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-432c-4bf0-9de9-f2ea950d210b",
|
|
"value": "103.255.61.114"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-20c4-4db3-80c2-f2ea950d210b",
|
|
"value": "103.255.61.39"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-7060-4d50-a1c3-f2ea950d210b",
|
|
"value": "113.10.201.124"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-0054-49a2-b302-f2ea950d210b",
|
|
"value": "118.193.153.201"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-3404-4f9a-9be1-f2ea950d210b",
|
|
"value": "122.10.10.210"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-6ad4-4729-bc19-f2ea950d210b",
|
|
"value": "122.10.9.109"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-8698-46a1-ad1d-f2ea950d210b",
|
|
"value": "123.108.111.209"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-4268-4365-a097-f2ea950d210b",
|
|
"value": "176.53.22.143"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-bccc-4495-9216-f2ea950d210b",
|
|
"value": "180.210.206.225"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-dc2c-43ea-9eed-f2ea950d210b",
|
|
"value": "184.22.163.121"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-ec50-4d76-8c49-f2ea950d210b",
|
|
"value": "184.82.123.222"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-0e94-478d-94c4-f2ea950d210b",
|
|
"value": "184.82.46.5"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346820",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc4-3ccc-4472-992d-f2ea950d210b",
|
|
"value": "192.161.61.10"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-e058-44ce-935f-f2ea950d210b",
|
|
"value": "198.96.92.108"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-7f6c-4d20-8dd0-f2ea950d210b",
|
|
"value": "204.152.198.100"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-ad04-44ff-b103-f2ea950d210b",
|
|
"value": "210.0.176.21"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-57ec-447c-b898-f2ea950d210b",
|
|
"value": "210.0.176.23"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-ac40-409f-871d-f2ea950d210b",
|
|
"value": "210.209.127.114"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-fe4c-46e5-90eb-f2ea950d210b",
|
|
"value": "210.209.127.32"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-2270-4453-972e-f2ea950d210b",
|
|
"value": "210.209.127.39"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-48b0-430f-b8ae-f2ea950d210b",
|
|
"value": "210.209.127.53"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-2f78-4bbe-b20f-f2ea950d210b",
|
|
"value": "210.209.86.145"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-9a3c-45ce-8c7a-f2ea950d210b",
|
|
"value": "58.96.172.209"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-4a1c-4230-8080-f2ea950d210b",
|
|
"value": "66.197.231.62"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-3968-4998-a10e-f2ea950d210b",
|
|
"value": "69.197.146.80"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-0054-4e5b-b4e9-f2ea950d210b",
|
|
"value": "69.197.183.142"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-e040-4cb5-b7b9-f2ea950d210b",
|
|
"value": "69.197.183.152"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-c16c-4b4a-9c65-f2ea950d210b",
|
|
"value": "69.197.183.159"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346821",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "546bbcc5-631c-4c8b-9b12-f2ea950d210b",
|
|
"value": "69.197.183.189"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346850",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "546bbce2-d558-4d16-936a-40b5950d210b",
|
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346870",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "546bbcf6-4424-45e3-8311-c1e7950d210b",
|
|
"value": "ef498ea09bf51b002fc7eb3dfd0d19d3"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346870",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "546bbcf6-c62c-4f4e-ba03-c1e7950d210b",
|
|
"value": "409ae279d7c44b11156318848ddb4a3f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346870",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "546bbcf6-fc9c-41ae-a644-c1e7950d210b",
|
|
"value": "9cf5523da799277a4d40881199eb8325"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346870",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "546bbcf7-ef90-4599-83e3-c1e7950d210b",
|
|
"value": "9d1f8822b92ad3224db1c9ec89b529ca"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346871",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "546bbcf7-5688-4d06-a32a-c1e7950d210b",
|
|
"value": "be3a3daa7d0d11df2380d3401696624a"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-8f78-4624-94a5-4549950d210b",
|
|
"value": "james_boodle@yahoo.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-a0c8-4f0f-8907-4b0e950d210b",
|
|
"value": "li2384826402@yahoo.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-acc4-48dd-9b77-4d9a950d210b",
|
|
"value": "networkedu@hotmail.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b",
|
|
"value": "qinyz001@163.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-ccb0-4125-934c-4d79950d210b",
|
|
"value": "some.trouble@yahoo.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-f8f8-4b00-9d87-4fb6950d210b",
|
|
"value": "wangsongxu@gmail.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-1e74-4c4e-9270-438a950d210b",
|
|
"value": "xingyadi2008@gmail.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416346958",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "546bbd4e-11f0-4f71-8e09-484c950d210b",
|
|
"value": "yuming@yinsibaohu.aliyun.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-cfe4-4981-a196-427b950d210b",
|
|
"value": "9aaa.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-3350-4dcd-a976-4613950d210b",
|
|
"value": "educationel.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-105c-45b3-8d3d-44f4950d210b",
|
|
"value": "foundationssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-a580-4fc3-9500-40ab950d210b",
|
|
"value": "googlecaches.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-77c8-4316-80b3-443f950d210b",
|
|
"value": "googlewebcache.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-42c0-41ab-8658-4651950d210b",
|
|
"value": "hudsononlinenews.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-cf38-4e46-b166-4361950d210b",
|
|
"value": "lifewalden.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdd9-09e8-441e-8ce3-43ca950d210b",
|
|
"value": "mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347097",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdda-39c8-4b05-82f6-4974950d210b",
|
|
"value": "msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347098",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdda-3ce8-4279-a9d8-4c0b950d210b",
|
|
"value": "outlookssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347098",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdda-d4a4-43cd-a0d7-42b1950d210b",
|
|
"value": "qoog1e.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347098",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdda-7a08-4763-a01e-40e6950d210b",
|
|
"value": "webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347098",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "546bbdda-3610-4dca-ae68-482e950d210b",
|
|
"value": "windowsautoupdate.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347124",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf4-7fd4-4468-8b42-48d8950d210b",
|
|
"value": "blog.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347124",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf4-58bc-4c7f-9c82-42cf950d210b",
|
|
"value": "blog.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347124",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf4-a8d4-41c5-9605-4022950d210b",
|
|
"value": "blogs.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347124",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf4-738c-4064-a280-4610950d210b",
|
|
"value": "boxun.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347124",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf4-78b8-4695-ba4b-46a3950d210b",
|
|
"value": "ccac.dyndns-web.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-d00c-488f-9f54-488b950d210b",
|
|
"value": "dns.symantec-sync.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-8da8-431a-8e6d-4cab950d210b",
|
|
"value": "download.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-69b8-4be7-a1d7-4b7a950d210b",
|
|
"value": "download.symantec-sync.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-4f44-4b35-8668-47b7950d210b",
|
|
"value": "email.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-3e18-40da-814d-47c1950d210b",
|
|
"value": "files.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-c948-4282-9089-4833950d210b",
|
|
"value": "flash0day.4pu.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-25d0-487f-9cd1-4f32950d210b",
|
|
"value": "flashplayer.proxydns.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-83fc-4077-a35d-4319950d210b",
|
|
"value": "ftp.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-e768-4f05-ad93-4a80950d210b",
|
|
"value": "googlebot1.dyndns-office.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-decc-4e66-a846-4887950d210b",
|
|
"value": "googlebot5.dyndns-office.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-62d0-4e9f-8e06-45d9950d210b",
|
|
"value": "image.googlecaches.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-93f4-440e-aeb1-4a9f950d210b",
|
|
"value": "image.symantec-sync.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-36f4-4098-8327-4437950d210b",
|
|
"value": "images.googlewebcache.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-9568-4717-8c9a-46b9950d210b",
|
|
"value": "imap.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-c33c-4cc2-addd-4476950d210b",
|
|
"value": "inbox.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347125",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf5-6210-425a-87cc-4bc5950d210b",
|
|
"value": "inbox.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-57a8-4218-bc08-4746950d210b",
|
|
"value": "lenovocn.dyndns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-7190-4839-a303-4142950d210b",
|
|
"value": "mail.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-d510-4776-bc3f-42c3950d210b",
|
|
"value": "news.educationel.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-edb4-415a-be1b-45f3950d210b",
|
|
"value": "news.googlecaches.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-e4ac-470f-85f8-4522950d210b",
|
|
"value": "news.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-7df8-405b-a3a5-4b20950d210b",
|
|
"value": "news.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-5c80-480d-a5e5-4de5950d210b",
|
|
"value": "pop.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-60a4-4ec3-a5a9-4ea3950d210b",
|
|
"value": "proxy.otzo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-fff0-4482-8e4e-4aa8950d210b",
|
|
"value": "remote.googlewebcache.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-0988-4b57-9817-409d950d210b",
|
|
"value": "shared.images.googlewebcache.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-f7b4-40b1-bf9b-4f19950d210b",
|
|
"value": "smtp.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-691c-414a-8a4a-4544950d210b",
|
|
"value": "smtp.outlookssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-cc5c-4130-8069-4b57950d210b",
|
|
"value": "smtp.windowsautoupdate.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-9604-437e-b5a3-4c1a950d210b",
|
|
"value": "socks5.proxydns.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-ad20-4d88-97b8-42ba950d210b",
|
|
"value": "symantec-sync.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-ae10-4d34-b1b6-4f55950d210b",
|
|
"value": "tem.dyndns.tv"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347126",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf6-5de8-407d-89c7-4981950d210b",
|
|
"value": "test.googlecaches.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-b6ec-4578-a13f-422d950d210b",
|
|
"value": "update.windowsautoupdate.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-906c-47dd-9451-4022950d210b",
|
|
"value": "upload.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-73c4-489e-9934-4af3950d210b",
|
|
"value": "vpn.foundationssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-e34c-4b8a-9f8b-46c7950d210b",
|
|
"value": "vpn.ssl443.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-0b60-4dc1-9ad9-4f32950d210b",
|
|
"value": "web.windowsautoupdate.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-dc60-4584-ae1e-4e4e950d210b",
|
|
"value": "www.educationel.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-e2f8-452a-920e-4de6950d210b",
|
|
"value": "www.foundationssl.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-8a14-4832-bf9d-4568950d210b",
|
|
"value": "www.hudsononlinenews.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-4424-4ef2-8734-45ba950d210b",
|
|
"value": "www.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-fd88-4ffc-b261-484f950d210b",
|
|
"value": "www.msdnblog.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-a440-4b39-89ae-4136950d210b",
|
|
"value": "www.qoog1e.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-0cac-41d4-80b7-4dc7950d210b",
|
|
"value": "www.webmailgoogle.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-bddc-4690-b3cd-435f950d210b",
|
|
"value": "www.windowsautoupdate.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-8f14-46eb-8eb9-4ca2950d210b",
|
|
"value": "yahoo.mailaunch.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347127",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "546bbdf7-e5e4-4414-a817-45ad950d210b",
|
|
"value": "zhfdc.dyndns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347276",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8c-2b00-4cd0-b6b0-467c950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Plugin used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"=scanbox.info.\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347276",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8c-af58-4742-808c-435c950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Java Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"\\\"No Java or Disable\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347277",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8d-4bf4-4563-84f4-42a2950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework AV Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"avg2012check()\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347277",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8d-fbb8-4283-a2b7-4755950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework and legitimate websites Flash Detection\"; flow:from_server,established; file_data; content:\"var flash=function(){}\\;flash.prototype.controlVersion=function\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347277",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8d-a95c-47dc-a98c-4d6d950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Local IP Detection\"; flow:from_server,established; file_data; content:\"if (evt.candidate) grepSDP(evt.candidate.candidate)\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347277",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8d-4934-48e1-9f52-4b0d950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Javscript Keylogging\"; flow:from_server,established; file_data; content:\"CapsLock=currKey>=65&&currKey<=90\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1416347277",
|
|
"to_ids": true,
|
|
"type": "snort",
|
|
"uuid": "546bbe8d-461c-4be5-9121-45ff950d210b",
|
|
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Navigator Plugin Detection\"; flow:from_server,established; file_data; content:\"navigator.plugins[x].filename.replace(/,/g,\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834595",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c645e3-80e8-4b89-bbbf-599e950d210f",
|
|
"value": "e8a8ffe39040fe36e95217b4e4f1316177d675ed"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via 9cf5523da799277a4d40881199eb8325)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834597",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c645e5-ed90-41b7-98dc-59a0950d210f",
|
|
"value": "809959f390d5a49c8999ad6fff27fdc92ff1b2b0"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834599",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56c645e7-596c-4636-bce9-59a3950d210f",
|
|
"value": "f1890cc9d6dc84021426834063394539414f68d8"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834596",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c645e4-8bec-477d-805a-44b8950d210f",
|
|
"value": "ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via 9cf5523da799277a4d40881199eb8325)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834598",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c645e6-a24c-4f4c-912a-599f950d210f",
|
|
"value": "4639c30b3666cb11b3927d5579790a88bff68e8137f18241f4693e0d4539c608"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1455834600",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56c645e8-20e0-4063-8968-4832950d210f",
|
|
"value": "3112420afeb829a575ba46512314c0fab2fc80870c153de35cde4d3140a2dd26"
|
|
}
|
|
]
|
|
}
|
|
} |