MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/tests/event.json

1470 lines
44 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"Event": {
"id": "750",
"orgc_id": "2",
"org_id": "2",
"date": "2014-12-10",
"threat_level_id": "1",
"info": "OSINT - F-Secure W32/Regin, Stage #1",
"published": true,
"uuid": "54884656-2da8-4625-bf07-43ef950d210b",
"attribute_count": "39",
"analysis": "2",
"timestamp": "1418217625",
"distribution": "3",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1418217647",
"sharing_group_id": "0",
"Galaxy": [],
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Attribute": [
{
"id": "96642",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-f2a8-46ff-be58-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "abiosdsk.sys",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
}
]
},
{
"id": "96643",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-2608-4fe6-959e-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "ser8uart.sys",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
}
]
},
{
"id": "96644",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-93a4-4fb0-aeba-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "usbclass.sys",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96645",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-983c-4e4c-a692-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "pcidump.sys",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96646",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-5134-460e-bea2-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "atdisk.sys",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96647",
"type": "filename",
"category": "Artifacts dropped",
"to_ids": false,
"uuid": "54884832-6fb4-4c63-937c-1ac6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217522",
"comment": "",
"sharing_group_id": "0",
"value": "rdpmdd.sys",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96648",
"type": "regkey",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "5488486c-a044-4c31-830c-15ba950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217580",
"comment": "",
"sharing_group_id": "0",
"value": "HKLM\\System\\CurrentControlSet\\Control\\",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96649",
"type": "regkey",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "5488486c-47ec-4952-8e60-15ba950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217580",
"comment": "",
"sharing_group_id": "0",
"value": "Class\\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96650",
"type": "regkey",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "5488486c-1418-4624-b87c-15ba950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217580",
"comment": "",
"sharing_group_id": "0",
"value": "Class\\{4F20E605-9452-4787-B793-D0204917CA58}",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96614",
"type": "link",
"category": "External analysis",
"to_ids": false,
"uuid": "5488466a-f0d0-4b58-89a5-15bc950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217066",
"comment": "",
"sharing_group_id": "0",
"value": "https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96652",
"type": "text",
"category": "Other",
"to_ids": false,
"uuid": "54884899-35b8-48a3-9da2-15c6950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217625",
"comment": "",
"sharing_group_id": "0",
"value": "Regin",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2824",
"org_id": "2",
"info": "OSINT: An analysis of Regins Hopscotch and Legspin"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "833",
"org_id": "2",
"info": "OSINT - An analysis of Regin's Hopscotch and Legspin"
},
{
"id": "759",
"org_id": "26",
"info": "OSINT F-Secure W64/Regin, Stage #1"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "726",
"org_id": "2",
"info": "Regin fake certificates thumbprints"
},
{
"id": "715",
"org_id": "26",
"info": "OSINT Regin samples shared by VirusShare"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "700",
"org_id": "2",
"info": "Regin Yara rules"
},
{
"id": "699",
"org_id": "2",
"info": "OSINT - The Regin Espionage Toolkit"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96615",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-9db0-4df6-8206-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "26297dc3cd0b688de3b846983c5385e5",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
}
]
},
{
"id": "96616",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-05f8-49e7-af79-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "47d0e8f9d7a6429920329207a32ecc2e",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "715",
"org_id": "26",
"info": "OSINT Regin samples shared by VirusShare"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
}
]
},
{
"id": "96617",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-a33c-41f3-9f7a-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "01c2f321b6bfdb9473c079b0797567ba",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
}
]
},
{
"id": "96618",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-c950-48eb-b960-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "4b6b86c7fec1c574706cecedf44abded",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96619",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-01e0-4231-a739-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "744c07e886497f7b68f6f7fe57b7ab54",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "715",
"org_id": "26",
"info": "OSINT Regin samples shared by VirusShare"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
}
]
},
{
"id": "96620",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d8-3fbc-4a06-ba82-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217432",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "2c8b9d2885543d7ade3cae98225e263b",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96621",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-8b18-4654-9766-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "f3ffc2aaaa1e2ab55ec26ff098653347",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96622",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-3b28-449e-b527-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "e94393561901895cb0783edc34740fd4",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96623",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-e6fc-4b93-a773-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "bfbe8c3ee78750c3a520480700e440f8",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96624",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-fd54-4e49-909b-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "89003e9a1ae635c97ebad07aebc67f00",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96625",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-b63c-4c95-a2bd-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "1800def71006ca6790767e202fae9b9a",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96626",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-1404-4331-ae3c-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "90fecc6a89b2e22d82d58878d93477d4",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96627",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-4020-41da-b5f3-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "db405ad775ac887a337b02ea8b07fddc",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
}
]
},
{
"id": "96628",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-a564-4178-b8e6-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "6662c390b2bbbd291ec7987388fc75d7",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96629",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-39dc-4247-b23d-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "06665b96e293b23acc80451abb413e50",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96630",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-6340-44a0-8f33-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "ffb0b9b5b610191051a7bdf0806e1e47",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96631",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847d9-afe0-4531-a4b0-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217433",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "187044596bc1328efa0ed636d8aa4a5c",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96632",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-ac78-474c-86fe-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "b29ca4f22ae7b7b25f79c1d4a421139d",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "715",
"org_id": "26",
"info": "OSINT Regin samples shared by VirusShare"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96633",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-49c0-404d-ae42-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "d240f06e98c8d3e647cbf4d442d79475",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96634",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-2134-43d7-ba22-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "8fcf4e53ece6111758a1dd3139dc7cad",
"SharingGroup": [],
"ShadowAttribute": []
},
{
"id": "96635",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-71ec-4b2b-bae5-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "148c1bb9d405d717252c77593aff4bd8",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
}
]
},
{
"id": "96636",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-3e40-4ab2-a5eb-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "1c024e599ac055312a4ab75b3950040a",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96637",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-c2d0-4d24-821e-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "b269894f434657db2b15949641a67532",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "715",
"org_id": "26",
"info": "OSINT Regin samples shared by VirusShare"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96638",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-9798-4b6d-b422-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "ba7bb65634ce1e30c1e5415be3d1db1d",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96639",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-ffe4-4a90-9f2a-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "22bfc970f707fd775d49e875b63c2f0c",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
}
]
},
{
"id": "96640",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847da-1660-4562-a1f8-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217434",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "b505d65721bb2453d5039a389113b566",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "2825",
"org_id": "2",
"info": "OSINT: THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS"
},
{
"id": "2006",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec"
},
{
"id": "730",
"org_id": "26",
"info": "Regin Scanner"
},
{
"id": "714",
"org_id": "3",
"info": "Script to detect Regin VFS"
},
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
},
{
"id": "709",
"org_id": "2",
"info": "OSINT - Regin: Nation-state ownage of GSM networks"
},
{
"id": "697",
"org_id": "2",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance"
}
]
},
{
"id": "96641",
"type": "md5",
"category": "Payload installation",
"to_ids": true,
"uuid": "548847db-060c-4275-a0c7-15bb950d210b",
"event_id": "750",
"distribution": "3",
"timestamp": "1418217435",
"comment": "Regin samples collected.",
"sharing_group_id": "0",
"value": "049436bb90f71cf38549817d9b90e2da",
"SharingGroup": [],
"ShadowAttribute": [],
"RelatedAttribute": [
{
"id": "710",
"org_id": "26",
"info": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept"
}
]
}
],
"ShadowAttribute": [],
"RelatedEvent": [
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "2006",
"date": "2015-08-27",
"threat_level_id": "1",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance by Symantec",
"published": true,
"uuid": "55df7369-7d68-428b-aa03-4f5d950d210b",
"analysis": "2",
"timestamp": "1440752388",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
},
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "833",
"date": "2015-01-22",
"threat_level_id": "1",
"info": "OSINT - An analysis of Regin's Hopscotch and Legspin",
"published": true,
"uuid": "54c0ce92-9d00-42b7-8cfc-f03f950d210b",
"analysis": "2",
"timestamp": "1422266910",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
},
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "697",
"date": "2014-11-24",
"threat_level_id": "1",
"info": "OSINT - Regin: Top-tier espionage tool enables stealthy surveillance",
"published": true,
"uuid": "5472cdc5-3e3c-47c9-a3b1-47be950d210b",
"analysis": "2",
"timestamp": "1416818985",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
},
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "699",
"date": "2014-11-24",
"threat_level_id": "1",
"info": "OSINT - The Regin Espionage Toolkit",
"published": true,
"uuid": "5472fbd1-1a38-484a-b3f4-4502950d210b",
"analysis": "2",
"timestamp": "1416821880",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
},
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "700",
"date": "2014-11-24",
"threat_level_id": "1",
"info": "Regin Yara rules",
"published": true,
"uuid": "5473051e-2db8-4467-b6d5-4b1d950d210b",
"analysis": "1",
"timestamp": "1417157341",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
},
{
"Org": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Orgc": {
"id": "2",
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Event": {
"id": "709",
"date": "2014-11-24",
"threat_level_id": "1",
"info": "OSINT - Regin: Nation-state ownage of GSM networks",
"published": true,
"uuid": "5473429a-bc10-498d-a195-46e2950d2109",
"analysis": "2",
"timestamp": "1416843113",
"distribution": "3",
"org_id": "2",
"orgc_id": "2"
}
}
],
"Tag": [
{
"id": "1",
"name": "Type:OSINT",
"colour": "#1eed40",
"exportable": true
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink