{"data":{"results":[{"entity":{"id":"J_IWqd","name":"CVE-2012-1723","type":"CyberVulnerability","description":"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."},"risk":{"level":5.0,"rule":{"count":9,"mostCritical":"Exploited in the Wild by Recently Active Malware","maxCount":22,"evidence":{"linkedToCyberExploit":{"count":55.0,"timestamp":"2019-06-18T13:19:28.000Z","description":"2682 sightings on 55 sources including: Guided Collection, fakegogle.blogspot.com, netdna-cdn.com, GitHub, Ver007 APT Tools. Most recent tweet: KAV/Checkpoint CVE-2012-1723 Generic Exploit Kit. Most recent link (Jun 18, 2019): https://twitter.com/EskimoTrolled/statuses/1140972295894249472","rule":"Linked to Historical Cyber Exploit","mitigation":"","level":1.0},"recentMalwareActivity":{"count":1.0,"timestamp":"2020-10-07T00:00:00.000Z","description":"66 sightings on 1 source: Recorded Future Malware Hunting. Activity seen on 12 out of the last 28 days with 255 all-time daily sightings. Exploited in the wild by 11 malware families including <e id=LXUcJk>ExpJava</e>, <e id=K05qo4>JavaKC</e>, <e id=KeKuaF>Maljava</e>. Last observed on Oct 7, 2020. Sample hash: <e id=hash:7c0ed2b98af4076c64ec84f7ea38b05ea2432ec0337b963756ffced54a6f69c4>7c0ed2b98af4076c64ec84f7ea38b05ea2432ec0337b963756ffced54a6f69c4</e>.","rule":"Exploited in the Wild by Recently Active Malware","mitigation":"","level":5.0},"linkedToRAT":{"count":26.0,"timestamp":"2020-08-03T00:00:00.000Z","description":"174 sightings on 26 sources including: Guided Collection, GitHub, medium.com, MarketWatch, SYS-CON Media. 4 related malwares: Uroburos Rootkit, Blackhole, Icefog, Zeroaccess. Most recent link (Aug 3, 2020): https://reportcybercrime.com/the-epic-turla-snake-uroburos-attacks/","rule":"Historically Linked to Remote Access Trojan","mitigation":"","level":1.0},"linkedToExploitKit":{"count":13.0,"timestamp":"2019-07-30T01:01:59.793Z","description":"62 sightings on 13 sources including: Guided Collection, medium.com, GitHub, Avast Blog, TechNet Blogs. 12 related malwares including Nuclear Pack Exploit Kit, Blackhole, Angler Exploit Kit, Blacole, Egypack. Most recent link (Jul 30, 2019): http://blog.malwaremustdie.org/2012/09/monitoring-blackhole-exploit-kit.html","rule":"Historically Linked to Exploit Kit","mitigation":"","level":1.0},"nistCritical":{"count":1.0,"timestamp":"2020-10-01T03:03:20.930Z","description":"1 sighting on 1 source: Recorded Future Vulnerability Analysis. CVSS v2 Score (10) calculated using NIST reported CVSS Base Score (10) and Recorded Future Temporal Metrics. Base vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C. Temporal vector string: E:H/RL:X/RC:C.","rule":"NIST Severity: Critical","mitigation":"","level":4.0},"pocVerifiedRemote":{"count":1.0,"timestamp":"2012-07-11T00:00:00.000Z","description":"1 sighting on 1 source: ExploitDB. 1 execution type: Remote. Most recent link (Jul 11, 2012): https://www.exploit-db.com/exploits/19717","rule":"Historical Verified Proof of Concept Available Using Remote Execution","mitigation":"","level":2.0},"linkedToIntrusionMethod":{"count":9.0,"timestamp":"2019-06-18T13:19:28.000Z","description":"140 sightings on 9 sources including: fakegogle.blogspot.com, Guided Collection, GitHub, McAfee, @xjfftw. 16 related malwares including BrobanDel, Fanny Worm, Ransomware, Banking Trojan, Artemis. Most recent tweet: @PortSwigger Was wondering if you knew why @Virustotal was flagging BS Pro on multiple AVs when scanning the unpacked JAR? KAV/Checkpoint CVE-2012-1723 Generic Exploit Kit. Most recent link (Jun 18, 2019): https://twitter.com/EskimoTrolled/statuses/1140972295894249472","rule":"Historically Linked to Malware","mitigation":"","level":1.0},"linkedToRecentCyberExploit":{"count":1.0,"timestamp":"2020-10-05T17:19:29.000Z","description":"35 sightings on 1 source: VirusTotal. Most recent link (Oct 5, 2020): https://www.virustotal.com/gui/file/1a3fa1cac28dffe79752df9bc92932d8b40b6d562d98e3315af7875d2f944edf/","rule":"Linked to Recent Cyber Exploit","mitigation":"","level":1.0},"scannerUptake":{"count":5.0,"timestamp":"2019-10-01T02:58:24.000Z","description":"29 sightings on 5 sources: Guided Collection, GitHub, VirusTotal, ReversingLabs, PasteBin. Most recent link (Oct 1, 2019): https://www.virustotal.com/gui/file/911c69c02f5194ccbb5703869c4478e7ff68232ebb78affe98cb86de5b146b20","rule":"Historically Linked to Penetration Testing Tools","mitigation":"","level":1.0}},"summary":[{"count":1.0,"level":2.0},{"count":1.0,"level":5.0},{"count":1.0,"level":4.0},{"count":6.0,"level":1.0}]},"context":{"malware":{"rule":{"count":1,"maxCount":2},"score":90.0},"public":{"rule":{"maxCount":22},"summary":[{"count":1.0,"level":2.0},{"count":1.0,"level":5.0},{"count":1.0,"level":4.0},{"count":6.0,"level":1.0}],"mostCriticalRule":"Exploited in the Wild by Recently Active Malware","score":99.0}},"score":99.0}},{"entity":{"id":"url:http://www.plexipr.com/vAHzWX.php","name":"http://www.plexipr.com/vAHzWX.php","type":"URL"},"risk":{"level":4.0,"rule":{"count":3,"mostCritical":"C&C URL","maxCount":29,"evidence":{"cncUrl":{"count":1.0,"timestamp":"2020-10-12T02:55:38.670Z","description":"1 sighting on 1 source: Abuse.ch: Ransomware C&C URL Blocklist.","rule":"C&C URL","mitigation":"","level":4.0},"maliciousSiteDetected":{"count":1.0,"timestamp":"2019-09-13T18:53:31.000Z","description":"9 sightings on 1 source: Recorded Future URL Analysis.","rule":"Historically Detected Malicious Browser Exploits","mitigation":"","level":1.0},"malwareSiteDetected":{"count":1.0,"timestamp":"2019-09-13T18:53:31.000Z","description":"9 sightings on 1 source: Recorded Future URL Analysis.","rule":"Historically Detected Malware Distribution","mitigation":"","level":1.0}},"summary":[{"count":1.0,"level":4.0},{"count":2.0,"level":1.0}]},"context":{"malware":{"rule":{"count":0,"maxCount":4},"score":0.0},"public":{"rule":{"maxCount":26},"summary":[{"count":1.0,"level":4.0},{"count":2.0,"level":1.0}],"mostCriticalRule":"C&C URL","score":91.0},"c2":{"score":90.0,"rule":{"maxCount":1,"count":1}},"phishing":{"score":0.0,"rule":{"maxCount":3,"count":0}}},"score":91.0}},{"entity":{"id":"hash:44d88612fea8a8f36de82e1278abb02f","name":"44d88612fea8a8f36de82e1278abb02f","type":"Hash"},"risk":{"level":3.0,"rule":{"count":4,"mostCritical":"Positive Malware Verdict","maxCount":13,"evidence":{"linkedToVuln":{"count":1.0,"timestamp":"2019-09-21T12:00:07.000Z","description":"1 sighting on 1 source: dfir.pro. 2 related cyber vulnerabilities: CVE-2018-11776, CWE-20. Most recent link (Sep 21, 2019): http://dfir.pro/index.php?link_id=98319","rule":"Linked to Vulnerability","mitigation":"","level":2.0},"linkedToVector":{"count":2.0,"timestamp":"2018-08-06T20:50:41.819Z","description":"3 sightings on 2 sources: PyPI Recent Updates, Malwr.com. 2 related attack vectors: ShellCode, Phishing. Most recent link (Aug 6, 2018): https://pypi.org/project/python-virustotal/0.0.1a0/","rule":"Linked to Attack Vector","mitigation":"","level":2.0},"linkedToMalware":{"count":4.0,"timestamp":"2020-10-02T14:11:26.000Z","description":"40 sightings on 4 sources: GitHub, PyPI Recent Updates, VirusTotal, Malwr.com. 3 related malwares: EICAR-AV-Test, Eicar_test_file, EICAR Test String. Most recent link (Oct 2, 2020): https://www.virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/","rule":"Linked to Malware","mitigation":"","level":2.0},"positiveMalwareVerdict":{"count":4.0,"timestamp":"2020-10-10T00:34:03.497Z","description":"21 sightings on 4 sources: VirusTotal, Malwr.com, ReversingLabs, PolySwarm. Most recent link (Apr 8, 2020): https://www.virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","rule":"Positive Malware Verdict","mitigation":"","level":3.0}},"summary":[{"count":3.0,"level":2.0},{"count":1.0,"level":3.0}]},"context":{"malware":{"rule":{"count":1,"maxCount":2},"score":80.0},"public":{"rule":{"maxCount":11},"summary":[{"count":3.0,"level":2.0},{"count":1.0,"level":3.0}],"mostCriticalRule":"Positive Malware Verdict","score":83.0}},"score":83.0}},{"entity":{"id":"ip:66.240.205.34","name":"66.240.205.34","type":"IpAddress"},"risk":{"level":2.0,"rule":{"count":13,"mostCritical":"Recent Multicategory Blacklist","maxCount":53,"evidence":{"cncServer":{"count":1.0,"timestamp":"2020-09-23T01:46:30.620Z","description":"17 sightings on 1 source: GitHub. Most recent link (Jul 23, 2019): https://gist.github.com/techhelplist/2a208ae6fc9859f2ff3282d3ff893b46","rule":"Historical C&C Server","mitigation":"","level":1.0},"recentMultiBlacklist":{"count":2.0,"timestamp":"2020-10-08T01:30:47.833Z","description":"13 sightings on 2 sources: AbuseIP Database, AlienVault: IP Reputation Data. Most recent link (Oct 7, 2020): https://www.abuseipdb.com/check/66.240.205.34","rule":"Recent Multicategory Blacklist","mitigation":"","level":2.0},"honeypot":{"count":8.0,"timestamp":"2020-06-19T00:58:26.000Z","description":"979 sightings on 8 sources including: @atma_es, @WebironBots, @gosint2, @HoneyFog, @HoneyPyLog. Most recent tweet: BFB-attack detected from 66.240.205.34 to Portscan on 19.06.2020 02:58:19. Most recent link (Jun 19, 2020): https://twitter.com/EIS_BFB/statuses/1273782158067404803","rule":"Historical Honeypot Sighting","mitigation":"","level":1.0},"linkedIntrusion":{"count":4.0,"timestamp":"2019-08-05T19:06:11.000Z","description":"37 sightings on 4 sources: GitHub, Recorded Future URL Analysis, ReversingLabs, @EIS_BFB. 5 related intrusion methods: Browser Targeted Code Injection, Web Application Exploitation, Brute Force Blocking (BFB), Cross site scripting, Trojan. Most recent tweet: BFB-attack detected from 66.240.205.34 to Portscan on 05.08.2019 21:06:05.","rule":"Historically Linked to Intrusion Method","mitigation":"","level":1.0},"recentDhsAis":{"count":1.0,"timestamp":"2020-10-09T12:44:44.895Z","description":"3 sightings on 1 source: DHS Automated Indicator Sharing. 3 reports including NCCIC:STIX_Package-00e3c8ca-0a3c-4a70-9edc-534ea7b51474, from Infoblox Inc, Information Technology Sector, NCCIC:STIX_Package-00e3c8ca-0a3c-4a70-9edc-534ea7b51474 (Oct 9, 2020).","rule":"Recently Reported by DHS AIS","mitigation":"","level":2.0},"linkedToCyberAttack":{"count":2.0,"timestamp":"2019-06-15T09:01:52.000Z","description":"483 sightings on 2 sources: @HoneyPyLog, @EIS_BFB. Most recent tweet: honeydbz: #Citrix-ICA-Browser Possible Citrix-ICA-Browser attack from 66.240.205.34 https://t.co/Wpmfyo4di1. Most recent link (Jun 15, 2019): https://twitter.com/HoneyPyLog/statuses/1139820304996478976","rule":"Historically Linked to Cyber Attack","mitigation":"","level":1.0},"dhsAis":{"count":1.0,"timestamp":"2020-09-14T11:12:55.000Z","description":"22 sightings on 1 source: DHS Automated Indicator Sharing. 22 reports including NCCIC:STIX_Package-427425f9-cd82-49bc-a4b4-c609aaeddd7d, from Infoblox Inc, Information Technology Sector, NCCIC:STIX_Package-427425f9-cd82-49bc-a4b4-c609aaeddd7d (Sep 14, 2020).","rule":"Historically Reported by DHS AIS","mitigation":"","level":1.0},"recentLinkedIntrusion":{"count":1.0,"timestamp":"2020-10-11T22:30:12.000Z","description":"14 sightings on 1 source: Recorded Future URL Analysis. 3 related intrusion methods: Browser Targeted Code Injection, Web Application Exploitation, Cross site scripting.","rule":"Recently Linked to Intrusion Method","mitigation":"","level":2.0},"historicalThreatListMembership":{"count":2.0,"timestamp":"2020-10-11T23:18:11.344Z","description":"Previous sightings on 2 sources: University of Science and Technology of China Black IP List, Project Turris Attempted Access Greylist. Observed between Jul 1, 2019, and Jan 28, 2020.","rule":"Historically Reported in Threat List","mitigation":"","level":1.0},"rfTrending":{"count":1.0,"timestamp":"2020-08-03T15:09:58.796Z","description":"1 sighting on 1 source: Recorded Future Analyst Community Trending Indicators. Recently viewed by many analysts in many organizations in the Recorded Future community.","rule":"Trending in Recorded Future Analyst Community","mitigation":"","level":1.0},"maliciousPacketSource":{"count":1.0,"timestamp":"2020-10-11T23:18:11.344Z","description":"1 sighting on 1 source: CINS: CI Army List.","rule":"Malicious Packet Source","mitigation":"","level":2.0},"multiBlacklist":{"count":1.0,"timestamp":"2017-04-28T10:00:20.345Z","description":"7 sightings on 1 source: AbuseIP Database. Most recent link (Apr 28, 2017): https://www.abuseipdb.com/check/66.240.205.34?page=10","rule":"Historical Multicategory Blacklist","mitigation":"","level":1.0},"spam":{"count":1.0,"timestamp":"2019-04-16T13:04:45.428Z","description":"284 sightings on 1 source: Daily Botnet Statistics. Most recent link (Apr 16, 2019): http://botnet-tracker.blogspot.com/2019/04/suspected-bot-list-2019-04-06.html","rule":"Historical Spam Source","mitigation":"","level":1.0}},"summary":[{"count":4.0,"level":2.0},{"count":9.0,"level":1.0}]},"context":{"public":{"rule":{"maxCount":50},"summary":[{"count":3.0,"level":2.0},{"count":9.0,"level":1.0}],"mostCriticalRule":"Recent Multicategory Blacklist","score":59.0},"c2":{"score":0.0,"rule":{"maxCount":2,"count":0}},"phishing":{"score":0.0,"rule":{"maxCount":1,"count":0}}},"score":59.0}},{"entity":{"id":"idn:passbolt.siemplify.co","name":"passbolt.siemplify.co","type":"InternetDomainName"},"risk":{"level":0.0,"rule":{"count":0,"mostCritical":"","summary":[],"maxCount":47},"context":{"malware":{"rule":{"count":0,"maxCount":2},"score":0.0},"public":{"rule":{"maxCount":41},"summary":[],"mostCriticalRule":"","score":0.0},"c2":{"score":0.0,"rule":{"maxCount":2,"count":0}},"phishing":{"score":0.0,"rule":{"maxCount":2,"count":0}}},"score":0.0}},{"entity":{"id":"url:http://bolizarsospos.com/703hjdr3ez72","name":"http://bolizarsospos.com/703hjdr3ez72","type":"URL"},"risk":{"level":4.0,"rule":{"count":3,"mostCritical":"C&C URL","maxCount":29,"evidence":{"cncUrl":{"count":1.0,"timestamp":"2020-10-12T02:46:13.823Z","description":"1 sighting on 1 source: Abuse.ch: Ransomware C&C URL Blocklist.","rule":"C&C URL","mitigation":"","level":4.0},"maliciousSiteDetected":{"count":1.0,"timestamp":"2019-12-07T23:10:05.000Z","description":"4 sightings on 1 source: Recorded Future URL Analysis.","rule":"Historically Detected Malicious Browser Exploits","mitigation":"","level":1.0},"malwareSiteDetected":{"count":1.0,"timestamp":"2019-12-07T23:10:05.000Z","description":"4 sightings on 1 source: Recorded Future URL Analysis.","rule":"Historically Detected Malware Distribution","mitigation":"","level":1.0}},"summary":[{"count":1.0,"level":4.0},{"count":2.0,"level":1.0}]},"context":{"malware":{"rule":{"count":0,"maxCount":4},"score":0.0},"public":{"rule":{"maxCount":26},"summary":[{"count":1.0,"level":4.0},{"count":2.0,"level":1.0}],"mostCriticalRule":"C&C URL","score":91.0},"c2":{"score":90.0,"rule":{"maxCount":1,"count":1}},"phishing":{"score":0.0,"rule":{"maxCount":3,"count":0}}},"score":91.0}}]},"counts":{"returned":6,"total":6}}

[{"EntityResult":{"Last Reference":"2019-10-04T18:19:19.044Z","Triggered Rules":"7/51","First Reference":"16-05-25T11:47:06.812Z","Risk Score":"45"},"Entity":"CVE-2019-9925"}]

[{"EntityResult":{"Last Reference":"2019-10-04T18:19:19.044Z","Triggered Rules":"7/51","First Reference":"16-05-25T11:47:06.812Z","Risk Score":"45","Hash Algorithm":"MD5"},"Entity":"MD5"}]

[{"EntityResult":{"Last Reference":"2019-10-04T18:19:19.044Z","Triggered Rules":"7/51","First Reference":"16-05-25T11:47:06.812Z","Risk Score":"45","Geo-City":"Beijing","Geo-Country":"China","Org":"DigitalOcean","Asn":"AS393406"},"Entity":"8.8.8.8"}]

[{"EntityResult":{"Last Reference":"2019-10-04T18:19:19.044Z","Triggered Rules":"7/51","First Reference":"16-05-25T11:47:06.812Z","Risk Score":"45","Geo-City":"Beijing","Geo-Country":"China","Org":"DigitalOcean","Asn":"AS393406"},"Entity":"8.8.8.8"}]

[{"EntityResult":{"Triggered Rules":"7\/51","Risk Score":"45"},"Entity":"8.8.8.8"}]

{"data":{"review":{"assignee":null,"noteAuthor":null,"note":null,"status":"no-action","noteDate":null},"entities":[{"entity":{"id":"idn:gmail.com.sabsepehlelic.com","name":"gmail.com.sabsepehlelic.com","type":"InternetDomainName"},"risk":{"criticalityLabel":"Suspicious","score":null,"documents":[{"references":[{"fragment":"A certificate for the domain gmail.com.sabsepehlelic.com has been registered","entities":[{"id":"idn:gmail.com.sabsepehlelic.com","name":"gmail.com.sabsepehlelic.com","type":"InternetDomainName"}],"language":"eng"}],"source":{"id":"beD_4-","name":"New Certificate Registrations","type":"Source"},"url":null,"title":"Certificate Registration"}],"evidence":[{"mitigationString":"","timestamp":"2020-09-28T02:36:23.924Z","criticalityLabel":"Suspicious","evidenceString":"1 sighting on 1 source: New Certificate Registrations. Certificate registered on Sep 28, 2020.","rule":"Newly Registered Certificate With Potential for Abuse - DNS Sandwich","criticality":2},{"mitigationString":"","timestamp":"2020-09-28T02:36:25.000Z","criticalityLabel":"Suspicious","evidenceString":"Identified by Recorded Future as potential typosquatting: DNS Sandwich similarity found between gmail.com.sabsepehlelic.com and 1 possible target: gmail.com.","rule":"Recent Typosquat Similarity - DNS Sandwich","criticality":2}],"criticality":2},"trend":{},"documents":[]},{"entity":{"id":"idn:www.gmail.com.sabsepehlelic.com","name":"www.gmail.com.sabsepehlelic.com","type":"InternetDomainName"},"risk":{"criticalityLabel":"Suspicious","score":null,"documents":[{"references":[{"fragment":"A certificate for the domain www.gmail.com.sabsepehlelic.com has been registered","entities":[{"id":"idn:www.gmail.com.sabsepehlelic.com","name":"www.gmail.com.sabsepehlelic.com","type":"InternetDomainName"}],"language":"eng"}],"source":{"id":"beD_4-","name":"New Certificate Registrations","type":"Source"},"url":null,"title":"Certificate Registration"}],"evidence":[{"mitigationString":"","timestamp":"2020-09-28T02:36:23.924Z","criticalityLabel":"Suspicious","evidenceString":"1 sighting on 1 source: New Certificate Registrations. Certificate registered on Sep 28, 2020.","rule":"Newly Registered Certificate With Potential for Abuse - DNS Sandwich","criticality":2},{"mitigationString":"","timestamp":"2020-09-28T02:36:25.000Z","criticalityLabel":"Suspicious","evidenceString":"Identified by Recorded Future as potential typosquatting: DNS Sandwich similarity found between www.gmail.com.sabsepehlelic.com and 1 possible target: gmail.com.","rule":"Recent Typosquat Similarity - DNS Sandwich","criticality":2}],"criticality":2},"trend":{},"documents":[]}],"url":"https://app.recordedfuture.com/live/sc/notification/?id=feRS3x","rule":{"url":"https://app.recordedfuture.com/live/sc/ViewIdkobra_view_report_item_alert_editor?view_opts=%7B%22reportId%22%3A%22eOFFb0%22%2C%22bTitle%22%3Atrue%2C%22title%22%3A%22Infrastructure+and+Brand+Risk%2C+Potential+Typosquatting+Watch+List+Domains%22%7D&state.bNavbar=false","name":"Infrastructure and Brand Risk, Potential Typosquatting Watch List Domains","id":"eOFFb0"},"triggered":"2020-09-28T10:13:40.466Z","id":"feRS3x","counts":{"references":2,"entities":2,"documents":1},"title":"Infrastructure and Brand Risk, Potential Typosquatting Watch List Domains ...","type":"ENTITY"}}