{ "Event": { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "Tag": [ { "colour": "#00ae7a", "exportable": true, "hide_tag": false, "id": "705", "name": "DescriptionTechnique", "numerical_value": null, "user_id": "0" } ], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106500", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608142656", "to_ids": true, "type": "comment", "uuid": "9985b50d-8be6-4fb5-89a5-cf5a30163d61", "value": "Ces IP pointent sur des sites d\u00e9livrant des DLL Egregor malveillantes directement depuis leur racine." }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106501", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "b9bb8535-c495-4d40-9a49-c28f76f93c3f", "value": "185.238.0.233" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106502", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "4fbb9c63-6e55-4f3d-bcc9-eaae6806981d", "value": "45.153.242.129" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106503", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "2bb475a0-7776-42c6-ae5a-99c1078ab528", "value": "49.12.104.241" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106504", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "8b7b0416-5e13-4a06-9682-ec78cdcbf374", "value": "45.138.172.140" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1106505", "object_id": "0", "object_relation": null, "sharing_group_id": "0", "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "fd75f873-f494-4aa2-bcd4-05734cf9954d", "value": "45.11.19.70" } ], "Galaxy": [], "Object": [ { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108831", "object_id": "61360", "object_relation": "regexp-type", "sharing_group_id": "0", "timestamp": "1608133216", "to_ids": false, "type": "text", "uuid": "5fda2a60-3fbc-4739-954f-89570aba047c", "value": "PCRE" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108832", "object_id": "61360", "object_relation": "regexp", "sharing_group_id": "0", "timestamp": "1608143004", "to_ids": false, "type": "text", "uuid": "5fda2a60-a7c8-4d98-b712-89570aba047c", "value": "https?://45\\.138\\.172\\.140/\\w+\\.dll" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108833", "object_id": "61360", "object_relation": "type", "sharing_group_id": "0", "timestamp": "1608133216", "to_ids": false, "type": "text", "uuid": "5fda2a60-39f8-4a8d-bcc8-89570aba047c", "value": "url" } ], "ObjectReference": [], "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "distribution": "5", "event_id": "14872", "id": "61360", "meta-category": "misc", "name": "regexp", "sharing_group_id": "0", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133216", "uuid": "5fda2a60-c804-4b86-996d-89570aba047c" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108834", "object_id": "61361", "object_relation": "regexp-type", "sharing_group_id": "0", "timestamp": "1608133314", "to_ids": false, "type": "text", "uuid": "5fda2ac2-f72c-4069-8031-40ce0aba047c", "value": "PCRE" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108835", "object_id": "61361", "object_relation": "regexp", "sharing_group_id": "0", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2ac2-2b14-4743-940f-40ce0aba047c", "value": "//45.138.172.140/\\w+\\.dll" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108836", "object_id": "61361", "object_relation": "type", "sharing_group_id": "0", "timestamp": "1608133314", "to_ids": false, "type": "text", "uuid": "5fda2ac2-8064-4dd3-934a-40ce0aba047c", "value": "url" } ], "ObjectReference": [], "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "distribution": "5", "event_id": "14872", "id": "61361", "meta-category": "misc", "name": "regexp", "sharing_group_id": "0", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133314", "uuid": "5fda2ac2-f684-4b44-8aad-40ce0aba047c" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108837", "object_id": "61362", "object_relation": "regexp-type", "sharing_group_id": "0", "timestamp": "1608133395", "to_ids": false, "type": "text", "uuid": "5fda2b13-7a54-4477-a40c-40ce0aba047c", "value": "PCRE" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108838", "object_id": "61362", "object_relation": "regexp", "sharing_group_id": "0", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b13-7f14-4d17-b36b-40ce0aba047c", "value": "//49.12.104.241/\\w+\\.dll" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108839", "object_id": "61362", "object_relation": "type", "sharing_group_id": "0", "timestamp": "1608133395", "to_ids": false, "type": "text", "uuid": "5fda2b13-bbc8-4a93-942b-40ce0aba047c", "value": "url" } ], "ObjectReference": [], "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "distribution": "5", "event_id": "14872", "id": "61362", "meta-category": "misc", "name": "regexp", "sharing_group_id": "0", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133395", "uuid": "5fda2b13-deb4-4cc2-804f-40ce0aba047c" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108840", "object_id": "61363", "object_relation": "regexp-type", "sharing_group_id": "0", "timestamp": "1608133441", "to_ids": false, "type": "text", "uuid": "5fda2b33-81d4-457f-936a-22270aba047c", "value": "PCRE" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108841", "object_id": "61363", "object_relation": "regexp", "sharing_group_id": "0", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b33-f60c-4b7c-a53d-22270aba047c", "value": "//45.153.242.129/\\w+\\.dll" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108842", "object_id": "61363", "object_relation": "type", "sharing_group_id": "0", "timestamp": "1608133441", "to_ids": false, "type": "text", "uuid": "5fda2b33-99e0-4fda-86f3-22270aba047c", "value": "url" } ], "ObjectReference": [], "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "distribution": "5", "event_id": "14872", "id": "61363", "meta-category": "misc", "name": "regexp", "sharing_group_id": "0", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133441", "uuid": "5fda2b33-6570-4aac-92e3-22270aba047c" }, { "Attribute": [ { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108843", "object_id": "61364", "object_relation": "regexp-type", "sharing_group_id": "0", "timestamp": "1608133507", "to_ids": false, "type": "text", "uuid": "5fda2b83-43bc-4509-8926-17430aba047c", "value": "PCRE" }, { "Galaxy": [], "ShadowAttribute": [], "Tag": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108844", "object_id": "61364", "object_relation": "regexp", "sharing_group_id": "0", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b83-0b1c-49cc-9a13-17430aba047c", "value": "//185.238.0.233/\\w+\\.dll" }, { "Galaxy": [], "ShadowAttribute": [], "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "distribution": "5", "event_id": "14872", "id": "1108845", "object_id": "61364", "object_relation": "type", "sharing_group_id": "0", "timestamp": "1608133507", "to_ids": false, "type": "text", "uuid": "5fda2b83-c894-40b6-9ca1-17430aba047c", "value": "url" } ], "ObjectReference": [], "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "distribution": "5", "event_id": "14872", "id": "61364", "meta-category": "misc", "name": "regexp", "sharing_group_id": "0", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133507", "uuid": "5fda2b83-49f8-40e5-b26a-17430aba047c" } ], "Org": { "id": "1", "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "Orgc": { "id": "1", "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "RelatedEvent": [], "ShadowAttribute": [], "Tag": [ { "colour": "#f89595", "exportable": true, "hide_tag": false, "id": "40", "name": "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"", "numerical_value": null, "user_id": "0" }, { "colour": "#ffffff", "exportable": true, "hide_tag": false, "id": "482", "name": "cossi:TLP=\"white\"", "numerical_value": null, "user_id": "0" }, { "colour": "#008d63", "exportable": true, "hide_tag": false, "id": "456", "name": "cossi:RechercheSourceOuverte=\"Autorisee\"", "numerical_value": null, "user_id": "0" }, { "colour": "#00704f", "exportable": true, "hide_tag": false, "id": "473", "name": "cossi:fiabilite=\"Bonne\"", "numerical_value": null, "user_id": "0" } ], "analysis": "0", "date": "2020-12-16", "disable_correlation": false, "distribution": "0", "extends_uuid": "", "id": "14872", "info": "[CERT-FR] Liste d'IP distibuant des dll Egregor", "locked": false, "org_id": "1", "orgc_id": "1", "proposal_email_lock": false, "publish_timestamp": "0", "published": false, "sharing_group_id": "0", "threat_level_id": "4", "timestamp": "1608143004", "uuid": "5fda21d6-81cc-47b3-9117-c19a0aba047c" } }