539 lines
No EOL
17 KiB
JSON
539 lines
No EOL
17 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-01-12",
|
|
"extends_uuid": "",
|
|
"info": "OSINT Puttering into the Future...by Cylance",
|
|
"publish_timestamp": "1454399943",
|
|
"published": true,
|
|
"threat_level_id": "1",
|
|
"timestamp": "1454401048",
|
|
"uuid": "56b06135-452c-4b99-bd16-4981950d210f",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399816",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b06148-c508-4ab5-a5be-4b16950d210f",
|
|
"value": "http://blog.cylance.com/puttering-into-the-future"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399844",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06164-c120-447d-b8d1-4f3f950d210f",
|
|
"value": "accounts-google.firewall-gateway.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399844",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06164-02b4-45c4-9aa8-4e00950d210f",
|
|
"value": "admin.spdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399845",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06165-f6a8-4880-bc1c-43f7950d210f",
|
|
"value": "creatnimei.dyndns-wiki.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399845",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06165-c70c-401c-b81b-451a950d210f",
|
|
"value": "detail43.myfirewall.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399846",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06166-1774-4a90-b9d1-4abb950d210f",
|
|
"value": "docs.google.com.publicvm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399846",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06166-7080-4d26-9819-44cd950d210f",
|
|
"value": "economy.spdns.de"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399846",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06166-74a4-4aca-bb28-421a950d210f",
|
|
"value": "economy.spdns.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399847",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06167-3fd0-43d8-b31a-42ad950d210f",
|
|
"value": "extension.spdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399847",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06167-b808-4c3f-aa4a-463a950d210f",
|
|
"value": "firefox.spdns.de"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399847",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06167-0940-4958-946f-4bd0950d210f",
|
|
"value": "firewallupdate.firewall-gateway.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399848",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06168-aedc-40fa-ae0e-486e950d210f",
|
|
"value": "intersecurity.firewall-gateway.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399848",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06168-3cac-4d17-bbb6-457d950d210f",
|
|
"value": "jdk.spdns.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399848",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06168-a1dc-4e1b-a846-4cc7950d210f",
|
|
"value": "kaspersky.firewall-gateway.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399848",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06168-2908-4815-aadb-4cfb950d210f",
|
|
"value": "kissecurity.firewall-gateway.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399849",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06169-10b8-4c50-9b3e-4c83950d210f",
|
|
"value": "news.firewall-gateway.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399849",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06169-010c-4f5e-9e8e-4646950d210f",
|
|
"value": "opero.spdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399849",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b06169-7578-4e89-b972-4ad0950d210f",
|
|
"value": "sys.firewall-gateway.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399850",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b0616a-212c-430d-b167-421d950d210f",
|
|
"value": "sys.firewall-gateway.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399850",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b0616a-9914-449f-b5c1-42c3950d210f",
|
|
"value": "tally.myfirewall.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399850",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "56b0616a-b0ac-426b-8f4b-4195950d210f",
|
|
"value": "zuni.spdns.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399862",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56b06176-b1b0-4f5e-8fa3-49ca950d210f",
|
|
"value": "78.129.252.159"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399862",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56b06176-63e8-4b64-856b-417e950d210f",
|
|
"value": "87.117.229.26"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399863",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56b06177-804c-423b-8926-4445950d210f",
|
|
"value": "109.169.86.25"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399928",
|
|
"to_ids": false,
|
|
"type": "vulnerability",
|
|
"uuid": "56b061b8-019c-4aaa-a529-49bd950d210f",
|
|
"value": "CVE-2012-0158"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399928",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56b061b8-2c6c-480d-9609-436a950d210f",
|
|
"value": "333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399928",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56b061b8-9c04-4a7d-a39e-42e3950d210f",
|
|
"value": "523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399929",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56b061b9-4a64-4a96-b655-4525950d210f",
|
|
"value": "a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399929",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "56b061b9-747c-498d-8d40-48c9950d210f",
|
|
"value": "Reappraisal_of_India_Tibet_Policy.doc"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399929",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56b061b9-7c4c-47c3-8e7a-4a86950d210f",
|
|
"value": "8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454399930",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "56b061ba-86c8-41c5-a407-42c2950d210f",
|
|
"value": "3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401048",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56b06618-e46c-4bc8-8290-455102de0b81",
|
|
"value": "4ca7d9755344d0f48f5838235d973649f798cf65"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401049",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56b06619-4b40-4c6b-bc1c-4a2202de0b81",
|
|
"value": "2826b38efe609d0abebe83c2588d0825"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401049",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b06619-5fb0-4375-8332-4ddd02de0b81",
|
|
"value": "https://www.virustotal.com/file/333061e6c4847aa72d3ba241c1df39aa41ce317a3d2898d3d13a5b6eccffc6d9/analysis/1452508817/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401049",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56b06619-e874-432b-b834-4c9702de0b81",
|
|
"value": "893dc718a5b798679dc0e527704bd3f7e5ddac73"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401050",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56b0661a-7c50-4ea7-a24c-4d9b02de0b81",
|
|
"value": "e1de033ce8015a2e529e7c42042108cb"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401050",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b0661a-1fc0-4d53-ac63-431102de0b81",
|
|
"value": "https://www.virustotal.com/file/523ad50b498bfb5ab688d9b1958c8058f905b634befc65e96f9f947e40893e5b/analysis/1453864468/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401050",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56b0661a-6624-4a5f-a25f-487602de0b81",
|
|
"value": "469b1304be203f796369dd242db10058f9586727"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401051",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56b0661b-08f4-421a-a32b-4db602de0b81",
|
|
"value": "3dda36bb1749b907256f3b8fdfd6da07"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401051",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b0661b-0834-4bfc-9371-4a1702de0b81",
|
|
"value": "https://www.virustotal.com/file/a569f3b02a4be99e0b4a9f1cff43115da803f0660dd4df114b624316f3f63dc6/analysis/1453983769/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401051",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56b0661b-e7c4-46fb-9cbe-4af402de0b81",
|
|
"value": "e2126ebc4910ea0308a150466f70534854ec201d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401052",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56b0661c-12a0-418d-996d-4e9102de0b81",
|
|
"value": "7735e571d0450e2a31e97e4f8e0f66fa"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401052",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b0661c-4138-43d3-b531-4f3502de0b81",
|
|
"value": "https://www.virustotal.com/file/8d98155283c4d8373d2cf2c7b8a79302251a0ce76d227a8a2abdc2a244fc550e/analysis/1437647138/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401052",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "56b0661c-a498-4afe-bbf2-4c2f02de0b81",
|
|
"value": "95cecef175012f145df2e0f8255fe92f55f10414"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401053",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "56b0661d-7f04-4883-be1e-45cb02de0b81",
|
|
"value": "ea45265fe98b25e719d5a9cc3b412d66"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1454401053",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56b0661d-cf00-4f42-9cf6-403302de0b81",
|
|
"value": "https://www.virustotal.com/file/3d9bd26f5bd5401efa17690357f40054a3d7b438ce8c91367dbf469f0d9bd520/analysis/1453744600/"
|
|
}
|
|
]
|
|
}
|
|
} |