adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59b286e5-9604-4c1c-a51b-423b950d210f.json

721 lines
No EOL
22 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-08-15",
"extends_uuid": "",
"info": "OSINT - Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms",
"publish_timestamp": "1505131544",
"published": true,
"threat_level_id": "3",
"timestamp": "1504872684",
"uuid": "59b286e5-9604-4c1c-a51b-423b950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#32003e",
"local": "0",
"name": "ms-caro-malware:malware-type=\"DDoS\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872194",
"to_ids": true,
"type": "domain",
"uuid": "59b28702-1778-4627-9722-4b49950d210f",
"value": "shashenddos.club"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872194",
"to_ids": true,
"type": "domain",
"uuid": "59b28702-0bb0-4db6-a142-4b58950d210f",
"value": "87ddos.cc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872194",
"to_ids": true,
"type": "hostname",
"uuid": "59b28702-3dac-4ad2-b02c-4a4c950d210f",
"value": "www.dk.ps88.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872194",
"to_ids": true,
"type": "hostname",
"uuid": "59b28702-41d4-4b35-95e4-4564950d210f",
"value": "www.pc4.tw"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872292",
"to_ids": false,
"type": "link",
"uuid": "59b28713-8418-4ce6-82c2-45f3950d210f",
"value": "http://blog.talosintelligence.com/2017/08/chinese-online-ddos-platforms.html",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872298",
"to_ids": false,
"type": "comment",
"uuid": "59b2872b-a554-4084-93d6-446e950d210f",
"value": "In the past few months, Talos has observed an uptick in the number of Chinese websites offering online DDoS services. Many of these websites have a nearly identical layout and design, offering a simple interface in which the user selects a target\u00e2\u20ac\u2122s host, port, attack method, and duration of attack. In addition, the majority of these sites have been registered within the past six months. However, the websites operate under different group names and have different registrants. In addition, Talos has observed administrators of these websites launching attacks on one another. Talos sought to research the actors responsible for creating these platforms and analyze why they have become more prevalent lately.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-87c4-4842-991f-4808950d210f",
"value": "www.794ddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-43ec-4f65-9e3d-42a0950d210f",
"value": "www.tmddos.top"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-7248-4106-b838-4abf950d210f",
"value": "www.wm-ddos.win"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-93c0-427a-90b6-46fe950d210f",
"value": "www.tc4.pw"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-060c-4687-bf26-4cba950d210f",
"value": "www.hkddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-1654-4c10-a4a6-4ff2950d210f",
"value": "www.ppddos.club"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-5130-4017-be0a-4c8a950d210f",
"value": "www.lnddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-cb30-494d-b0f4-4318950d210f",
"value": "www.711ddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-44e8-4377-88dc-4ae1950d210f",
"value": "www.830ddos.top"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-2fcc-4bfa-ae81-4b15950d210f",
"value": "www.bbddos.com"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-c460-48a3-818b-462d950d210f",
"value": "www.941ddos.club"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-6570-40bb-9cb5-4ab4950d210f",
"value": "www.123ddos.net"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-7570-4cbd-8774-4ac0950d210f",
"value": "www.the-dos.com"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-2364-466d-83c7-4ca7950d210f",
"value": "www.etddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-6ee8-4d08-8e1e-42c6950d210f",
"value": "www.jtddos.me"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-e7bc-4cc2-a703-476e950d210f",
"value": "www.ccddos.ml"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-3bb4-4b19-b867-4baa950d210f",
"value": "www.87ddos.cc"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-af50-48e2-bbda-4dc4950d210f",
"value": "www.ddos.cx"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-5d84-49b7-a4ed-4bec950d210f",
"value": "www.hackdd.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-8894-443d-91ec-47d6950d210f",
"value": "www.shashenddos.club"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-ee3c-4073-a648-416a950d210f",
"value": "www.minddos.club"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-5534-47db-85d0-45fc950d210f",
"value": "www.caihongtangddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-6550-4b4f-bf85-4e04950d210f",
"value": "www.zfxcb.top"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-9278-4cec-9ac8-4bdb950d210f",
"value": "www.91moyu.top"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-9080-4a75-9b5d-4e23950d210f",
"value": "www.xcbzy.club"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-adc8-49bb-8e86-4561950d210f",
"value": "www.this-ddos.cn"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-683c-4688-b7dc-4113950d210f",
"value": "www.aaajb.top"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-a15c-4395-bc71-4377950d210f",
"value": "www.ddos.qv5.pw"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-7254-4553-bd86-4b2c950d210f",
"value": "www.tdddos.com"
},
{
"category": "Network activity",
"comment": "Online DDoS Websites",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872368",
"to_ids": true,
"type": "hostname",
"uuid": "59b287b0-dc50-499a-815e-4bb5950d210f",
"value": "www.ddos.blue"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872472",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28818-19a0-4f5a-9979-47b0950d210f",
"value": "104.18.54.93"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872472",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28818-e66c-4aa3-990a-4389950d210f",
"value": "104.18.40.150"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-1b00-4ccb-b033-4b5f950d210f",
"value": "115.159.30.202"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-8d0c-419a-846f-45eb950d210f",
"value": "104.27.161.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-fbf8-4bdd-96bd-46a1950d210f",
"value": "104.27.174.49"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-43d4-4cd5-93a3-4434950d210f",
"value": "104.27.128.111"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-0938-4edb-8955-40cf950d210f",
"value": "144.217.162.94"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-0b44-482b-a3b5-4594950d210f",
"value": "104.27.130.205"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-3b4c-4937-8492-43fc950d210f",
"value": "103.255.237.138"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-693c-43c6-a8ff-40bc950d210f",
"value": "45.76.202.77"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-7f58-46ff-ac78-4e35950d210f",
"value": "104.27.177.67"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-b57c-4f41-978a-48d9950d210f",
"value": "104.31.86.177"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-df8c-4554-bfff-47a4950d210f",
"value": "103.42.212.68"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-7d6c-4404-bf40-4b8f950d210f",
"value": "142.4.210.15"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-3ea0-4ef3-8206-41bd950d210f",
"value": "104.18.33.110"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-5f48-437c-a7cd-4d76950d210f",
"value": "104.27.154.16"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-8be8-4f1e-b1c3-4914950d210f",
"value": "104.27.137.58"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-3de0-45de-9811-44e2950d210f",
"value": "23.230.235.62"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-1f80-4fc1-bb4a-4065950d210f",
"value": "104.18.42.18"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-a748-424a-b213-432d950d210f",
"value": "162.251.93.27"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-4acc-47ed-b461-4153950d210f",
"value": "104.18.62.202"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-33d8-4321-84d1-4a96950d210f",
"value": "104.24.117.44"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-4ec8-42b9-8667-4976950d210f",
"value": "104.28.4.180"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504872473",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b28819-6f0c-4384-8dd5-4335950d210f",
"value": "104.31.76.30"
}
]
}
}
Reference in a new issue View git blame Copy permalink