{ "Event": { "analysis": "0", "date": "2020-12-16", "extends_uuid": "", "info": "[CERT-FR] Liste d'IP distibuant des dll Egregor", "protected": false, "publish_timestamp": "1754493377", "published": true, "threat_level_id": "4", "timestamp": "1754436805", "uuid": "5fda21d6-81cc-47b3-9117-c19a0aba047c", "Orgc": { "name": "CERT-FR", "uuid": "56bdf779-46f8-4353-bdf9-2bb95bce2212" }, "Tag": [ { "colour": "#f89595", "local": false, "name": "fr-classif:non-classifiees=\"NON-CLASSIFIEES\"", "relationship_type": "" }, { "colour": "#00714f", "local": false, "name": "cert-fr:fiabilite=\"Bonne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "PAP:CLEAR", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "cossi:TLP=\"white\"", "relationship_type": "" }, { "colour": "#008e63", "local": false, "name": "cossi:RechercheSourceOuverte=\"Autorisee\"", "relationship_type": "" }, { "colour": "#00714f", "local": false, "name": "cossi:fiabilite=\"Bonne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1608142656", "to_ids": true, "type": "comment", "uuid": "9985b50d-8be6-4fb5-89a5-cf5a30163d61", "value": "Ces IP pointent sur des sites d\u00e9livrant des DLL Egregor malveillantes directement depuis leur racine.", "Tag": [ { "colour": "#00af7a", "local": false, "name": "DescriptionTechnique", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "b9bb8535-c495-4d40-9a49-c28f76f93c3f", "value": "185.238.0.233" }, { "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "4fbb9c63-6e55-4f3d-bcc9-eaae6806981d", "value": "45.153.242.129" }, { "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "2bb475a0-7776-42c6-ae5a-99c1078ab528", "value": "49.12.104.241" }, { "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "8b7b0416-5e13-4a06-9682-ec78cdcbf374", "value": "45.138.172.140" }, { "category": "Network activity", "comment": "IP distribuant la dll Egregor", "deleted": false, "disable_correlation": false, "timestamp": "1608131031", "to_ids": true, "type": "ip-dst", "uuid": "fd75f873-f494-4aa2-bcd4-05734cf9954d", "value": "45.11.19.70" } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "meta-category": "misc", "name": "regexp", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133216", "uuid": "5fda2a60-c804-4b86-996d-89570aba047c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp-type", "timestamp": "1608133216", "to_ids": false, "type": "text", "uuid": "5fda2a60-3fbc-4739-954f-89570aba047c", "value": "PCRE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp", "timestamp": "1608143004", "to_ids": false, "type": "text", "uuid": "5fda2a60-a7c8-4d98-b712-89570aba047c", "value": "https?://45\\.138\\.172\\.140/\\w+\\.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1608133216", "to_ids": false, "type": "text", "uuid": "5fda2a60-39f8-4a8d-bcc8-89570aba047c", "value": "url" } ] }, { "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "meta-category": "misc", "name": "regexp", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133314", "uuid": "5fda2ac2-f684-4b44-8aad-40ce0aba047c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp-type", "timestamp": "1608133314", "to_ids": false, "type": "text", "uuid": "5fda2ac2-f72c-4069-8031-40ce0aba047c", "value": "PCRE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2ac2-2b14-4743-940f-40ce0aba047c", "value": "//45.138.172.140/\\w+\\.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1608133314", "to_ids": false, "type": "text", "uuid": "5fda2ac2-8064-4dd3-934a-40ce0aba047c", "value": "url" } ] }, { "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "meta-category": "misc", "name": "regexp", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133395", "uuid": "5fda2b13-deb4-4cc2-804f-40ce0aba047c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp-type", "timestamp": "1608133395", "to_ids": false, "type": "text", "uuid": "5fda2b13-7a54-4477-a40c-40ce0aba047c", "value": "PCRE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b13-7f14-4d17-b36b-40ce0aba047c", "value": "//49.12.104.241/\\w+\\.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1608133395", "to_ids": false, "type": "text", "uuid": "5fda2b13-bbc8-4a93-942b-40ce0aba047c", "value": "url" } ] }, { "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "meta-category": "misc", "name": "regexp", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133441", "uuid": "5fda2b33-6570-4aac-92e3-22270aba047c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp-type", "timestamp": "1608133441", "to_ids": false, "type": "text", "uuid": "5fda2b33-81d4-457f-936a-22270aba047c", "value": "PCRE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b33-f60c-4b7c-a53d-22270aba047c", "value": "//45.153.242.129/\\w+\\.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1608133441", "to_ids": false, "type": "text", "uuid": "5fda2b33-99e0-4fda-86f3-22270aba047c", "value": "url" } ] }, { "comment": "", "deleted": false, "description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.", "meta-category": "misc", "name": "regexp", "template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "template_version": "4", "timestamp": "1608133507", "uuid": "5fda2b83-49f8-40e5-b26a-17430aba047c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp-type", "timestamp": "1608133507", "to_ids": false, "type": "text", "uuid": "5fda2b83-43bc-4509-8926-17430aba047c", "value": "PCRE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "regexp", "timestamp": "1608133537", "to_ids": false, "type": "text", "uuid": "5fda2b83-0b1c-49cc-9a13-17430aba047c", "value": "//185.238.0.233/\\w+\\.dll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "type", "timestamp": "1608133507", "to_ids": false, "type": "text", "uuid": "5fda2b83-c894-40b6-9ca1-17430aba047c", "value": "url" } ] } ] } }