ID SECURITYVULNS:DOC:25961Type securityvulnsReporter SecurityvulnsModified 2011-03-23T00:00:00
Description
Hi!
You can download the slides of the research I was presenting at
RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey
into attacking the power grid.
I presented:
0days in Advantech/BroadWin WebAccess SCADA product
Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs
General attack against EMS Software via State Estimators.
I contacted ICS-CERT to coordinate with Advantech but the vendor denied
having a security flaw. So guys, the exploit I'm releasing does not
exist. All is product of your mind.
Well, indeed WebAccess is full of bugs.
It is a RPC exploit against WebAccess Network Service, port 4592. It
leaks the security code that protects the scada node in addition to
demonstrate RCE on XP. Slighly modifications can be done to support
other systems.
Check the slides, there is more info about the vulns info there.
Download Exploit source code
http://www.reversemode.com/downloads/exploit_advantech.zip
Download Slides [PDF] "SCADA Trojans: Attacking the Grid"
http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf
Regards,
Ruben.
{"id": "SECURITYVULNS:DOC:25961", "bulletinFamily": "software", "title": "SCADA Trojans: Attacking the Grid + Advantech vulnerabilities", "description": "Hi!\r\n\r\nYou can download the slides of the research I was presenting at\r\nRootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey\r\ninto attacking the power grid.\r\n\r\nI presented:\r\n\r\n- 0days in Advantech/BroadWin WebAccess SCADA product\r\n- Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs\r\n- General attack against EMS Software via State Estimators.\r\n\r\n\r\nI contacted ICS-CERT to coordinate with Advantech but the vendor denied\r\nhaving a security flaw. So guys, the exploit I'm releasing does not\r\nexist. All is product of your mind.\r\n\r\nWell, indeed WebAccess is full of bugs.\r\n\r\nIt is a RPC exploit against WebAccess Network Service, port 4592. It\r\nleaks the security code that protects the scada node in addition to\r\ndemonstrate RCE on XP. Slighly modifications can be done to support\r\nother systems.\r\n\r\nCheck the slides, there is more info about the vulns info there.\r\n\r\nDownload Exploit source code\r\nhttp://www.reversemode.com/downloads/exploit_advantech.zip\r\n\r\nDownload Slides [PDF] "SCADA Trojans: Attacking the Grid"\r\nhttp://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf\r\n\r\nRegards,\r\nRuben.", "published": "2011-03-23T00:00:00", "modified": "2011-03-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25961", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:39", "edition": 1, "viewCount": 17, "enchantments": {"score": {"value": 2.7, "vector": "NONE", "modified": "2018-08-31T11:10:39", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1489.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1496.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201400"]}], "modified": "2018-08-31T11:10:39", "rev": 2}, "vulnersScore": 2.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"rst": [{"id": "RST:89D0F66A-F4B8-3D7C-B537-AA7AE05D1A0D", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 104.152.254.26", "description": "Found **104[.]152.254.26** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-10-12T03:00:00.\n IOC tags: **generic**.\nASN 25961: (First IP 104.152.252.0, Last IP 104.152.255.255).\nASN Name \"ALYRICA\" and Organisation \"Alyrica Networks Inc\".\nASN hosts 316 domains.\nGEO IP information: City \"Brownsville\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-13T00:00:00", "modified": "2020-12-26T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-10-12T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4a6cd258167aadaf7a7e9c227faa9c51"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "c1414de47d57939c3ac731b5ee92bb28"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "2152bbf5f9bf90751020a091a1337ea1"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "aa44bdcaf268dd90b23edadd7b9d4530"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "05ec390777c164ec6d081f2a06a9fe50"}, {"key": "modified", "hash": "761d012e6d8eaa8c8a8d22f603e73ae5"}, {"key": "published", "hash": "367bec30c0ba4b1e1089ea2e16dc01df"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7f2969aa64b1dc03ff3c8bf2d69b0e51"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "7b405c1fd41597094d2308cad11f7e9aa76ec3e5b1245087b40f6aed1a69c092", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["104.152.254.26"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.09, "ioc_src": 16.44, "ioc_tags": 0.8, "ioc_total": 1.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Brownsville", "country": "United States", "region": "Oregon"}, "asn": {"cloud": "", "domains": 316, "firstip": {"netv4": "104.152.252.0", "num": "1754856448"}, "isp": "ALYRICA", "lastip": {"netv4": "104.152.255.255", "num": "1754857471"}, "num": 25961, "org": "Alyrica Networks Inc"}, "threat": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "RST:E56AB24B-4464-3D49-AB48-BBB0856BF55E", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 24.93.108.40", "description": "Found **24[.]93.108.40** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-06T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 24.93.96.0, Last IP 24.93.127.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Lima\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-06T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1d68dab75fad73992cb9b1c9d18f183d"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "9b6ee83e7050cb7de46dd014268ffe7e"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "ee35620b36fe8aec3a94b16f194f0692"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "9d2275d765c75cdac8467c0e1e3ceab4"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "2e6072ae901327dc14cde56625555282"}, {"key": "modified", "hash": "9e00841e391ff4251806eb8c3141fedb"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8f9372a403838e9b961b180405b276e3"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "85503d89e3de0cd9b3f473a747debb1ac4472b416913d41ef0c7a39844806ce7", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["24.93.108.40"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.74, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 24.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Lima", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "24.93.96.0", "num": "408772608"}, "isp": "SCRR10796", "lastip": {"netv4": "24.93.127.255", "num": "408780799"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:343CD4A2-5E6E-37F0-BC20-CBD9F952D7A6", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 24.167.245.70", "description": "Found **24[.]167.245.70** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 24.167.192.0, Last IP 24.167.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Racine\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "81f788fab5ac16e4643911b3347fc12e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "2b5bdec4752cf150a0f70dbec325f8b1"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "804ff2aa155f5fabdbb3eebfeed05103"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "d4f93469d24b02d2c36e8fa6a6df64fa"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "28187d40723eee8f8d6b53f6776114e3"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "bdc8f53e2c71e91f571f920ab0f1b7d8"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "112aa24f5b2de50771e0e169ed15557e1032dd9860c934170c94a1e58f9c9b8e", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["24.167.245.70"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Racine", "country": "United States", "region": "Wisconsin"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "24.167.192.0", "num": "413646848"}, "isp": "SCRR10796", "lastip": {"netv4": "24.167.255.255", "num": "413663231"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:EDB37FFA-1330-32F8-9B1A-46E9C5697B86", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 98.29.116.89", "description": "Found **98[.]29.116.89** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **29**.\n First seen: 2020-12-17T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 98.27.89.0, Last IP 98.31.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Springboro\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "bd4b4760f6acefdae46f81ccb2b4f23c"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "c4a0e61bebfba1bf1141a993e1b817f8"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "192e76549471ffd5d60d0a651805c5a4"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "2861f08d127650096e5f4f9296176b1a"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "fcfe104876f822e495704afcb62bbf3e"}, {"key": "modified", "hash": "0fcca158d515ce20d2f103aa23400629"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3b80908129c1b8e60af5b0b087c6078d"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "e42f239f1e6124817d6389c490444564986e09f18adfcdf39da18504b6ffc69d", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["98.29.116.89"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.88, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 29.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Springboro", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "98.27.89.0", "num": "1645959424"}, "isp": "SCRR10796", "lastip": {"netv4": "98.31.255.255", "num": "1646264319"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:0DBB8025-079C-34F9-9240-A8FEAA05A326", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 192.180.109.169", "description": "Found **192[.]180.109.169** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **30**.\n First seen: 2020-12-18T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 192.180.0.0, Last IP 192.181.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Louisville\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-18T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "aa0f36028a6e189e000e94d160f9a2d6"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "7ff1f04583ad6a6bfb63c05fe2a19181"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "0949defee6c8c99c01ec96b7794c9978"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "2daa287631813eca5b1190ab10b6e7b4"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "01ae3076535488f7ae13e18ae9b71552"}, {"key": "modified", "hash": "dc7c5f42e1ae6abaf246af90e842b65c"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5f7f7641fa5c69f51314215c8c23ea73"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "c19ecd8e18fe19aa93f9303dcf7c7a29f95833780bb79e932c50db32db8319b9", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["192.180.109.169"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.9, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 30.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Louisville", "country": "United States", "region": "Kentucky"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "192.180.0.0", "num": "3233021952"}, "isp": "SCRR10796", "lastip": {"netv4": "192.181.255.255", "num": "3233153023"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:6404B35F-7740-31D1-83EF-F3C1DFE6BF72", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 162.155.198.26", "description": "Found **162[.]155.198.26** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 162.155.64.0, Last IP 162.155.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Akron\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "7c38c45b253db949702a0d01d934d93c"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0fe6b4229729e83a1403e9da8b4d19ca"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "c0c84171c03b4afa616691f3be7ec616"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "d4f93469d24b02d2c36e8fa6a6df64fa"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "61412325ea3d146fcd683dedd877a3a4"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "be77657ebb4e1e52c3025253a2cb41be"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "db7940d444691b872c898ed317e7174303094d60d9e9a3fc929672864056731b", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["162.155.198.26"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Akron", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "162.155.64.0", "num": "2728083456"}, "isp": "SCRR10796", "lastip": {"netv4": "162.155.255.255", "num": "2728132607"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:53F3260C-5B02-3DC3-8DEE-1A9B358EC6F2", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 71.67.178.152", "description": "Found **71[.]67.178.152** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 71.67.160.0, Last IP 71.67.212.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Coshocton\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f763f39caed0dc00a633054da6e6913b"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0a5d1f86baf70d8dacbd270e21960df5"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "33451fcf4dab2436568532e13581881c"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "c58711cdd8e92f5036f4b4e9bc4cfc1b"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "ad7ef6a3c1c9ccfdaa550c08f3f80519"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "cfdad76d615fc5f2a2fdcfaa5d827707"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "355be284c3f48ef23f1ab1e0290fa63fe942b2367f0065081205ac945623a61d", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["71.67.178.152"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.95, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 31.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Coshocton", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "71.67.160.0", "num": "1195614208"}, "isp": "SCRR10796", "lastip": {"netv4": "71.67.212.255", "num": "1195627775"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:25D12E6D-B130-3A0E-8553-1D7802FF8194", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 71.72.144.243", "description": "Found **71[.]72.144.243** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-23T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 71.72.0.0, Last IP 71.73.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Springfield\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-23T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f4ee82166576e7b9f726e546567eac10"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "7dbd7f597a16f0b15301d89ac6999e9c"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "cece51c217543dd5537f0ed8e7e1c4e9"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "e74e7965cf99c76abe772450c8150395"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "427efa51b449fad5210c07b00e41f0f1"}, {"key": "modified", "hash": "5d1c23d17d8336808330ac6db5756e98"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e272f744e70c98df173da1772fcc8d15"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "ba399ec6e3b7947adccc7c07d172e4a7b50a8f1da29cb43768a8e28a2c5376c2", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["71.72.144.243"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.98, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Springfield", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "71.72.0.0", "num": "1195900928"}, "isp": "SCRR10796", "lastip": {"netv4": "71.73.255.255", "num": "1196031999"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:62305DB2-147E-3AC9-B6EA-7BDE64360737", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 74.135.83.157", "description": "Found **74[.]135.83.157** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **30**.\n First seen: 2020-12-18T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 74.128.0.0, Last IP 74.135.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Dayton\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-18T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4fa466a3e38567f787ac6bdd64a239e3"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "4d24c6cec6a4eca8ec0c88560989185a"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "2c54c17abab90bbc292079e07e467cc8"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "2daa287631813eca5b1190ab10b6e7b4"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "d934651e078230aaa49cd8bc481f8649"}, {"key": "modified", "hash": "dc7c5f42e1ae6abaf246af90e842b65c"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "6c0e3baba1f0339c6f50451527853999"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "649baf0459c2f2376f67fcc0c8112e21794d1d14af6ea9a90332bbc9df4eadba", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["74.135.83.157"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.9, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 30.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Dayton", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "74.128.0.0", "num": "1249902592"}, "isp": "SCRR10796", "lastip": {"netv4": "74.135.255.255", "num": "1250426879"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:7AE31E40-B048-3503-87F9-C871876A1081", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 65.31.90.64", "description": "Found **65[.]31.90.64** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 65.31.80.0, Last IP 65.31.159.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Trevor\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "a3a5941bda2a7ca0de950f2e451ff7af"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "465095d1f822d2674d47ee1e0bf889fe"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "7d4ffda738329f7b13c845385b473647"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "c58711cdd8e92f5036f4b4e9bc4cfc1b"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "448b6a33c30d2c163443dc8013e12e36"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ee7f846f308975069738aaf77fb20a44"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "1977ecfd864378fb8223f3a71a8988d8b01a938d1664747b180a59b880bcd5e9", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["65.31.90.64"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.95, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 31.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Trevor", "country": "United States", "region": "Wisconsin"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "65.31.80.0", "num": "1092571136"}, "isp": "SCRR10796", "lastip": {"netv4": "65.31.159.255", "num": "1092591615"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:2BD4BE2A-DA42-3115-8ACF-2B20B71A3F75", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 74.138.180.108", "description": "Found **74[.]138.180.108** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 74.137.124.0, Last IP 74.142.81.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Fort Thomas\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "18c6f16be1131fcbad19ab4227ea46e7"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "5ffe2c90e1eb4489775425e1218fbf7a"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "73b8cc44e9c0416384375101e6dd617b"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "d4f93469d24b02d2c36e8fa6a6df64fa"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "5e9139f353cba087c6af68062ad3b004"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "b1808085ea8fccd96ab1d0f98c6102ad"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "f3be781a971b41d42389e747144ede69980710d7e68959c6d8ab93549fd8b65e", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["74.138.180.108"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Fort Thomas", "country": "United States", "region": "Kentucky"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "74.137.124.0", "num": "1250524160"}, "isp": "SCRR10796", "lastip": {"netv4": "74.142.81.255", "num": "1250841087"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:43954FD7-164E-3E22-ACF2-20F6B3BF2CA4", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 75.185.55.230", "description": "Found **75[.]185.55.230** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 75.184.224.0, Last IP 75.188.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Cleveland\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4c9a4d8a08ef653b6d58831410d49fdf"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "46431cc2476476a6c1defa505f5d5324"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "fe286be4d072c5ff4e23a2bc6febc4c9"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "d4f93469d24b02d2c36e8fa6a6df64fa"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "910cb5eeaa80589e02e458cb782975ad"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "91f21d1668ae47ca84171979265ecb8f"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "62e4530b0de8b0bed82cda246cbf2c52de7620784a1482b9e3a959b428301f7c", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["75.185.55.230"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Cleveland", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "75.184.224.0", "num": "1270407168"}, "isp": "SCRR10796", "lastip": {"netv4": "75.188.255.255", "num": "1270677503"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:76836C69-DF32-38F0-8B74-6E231093D7B1", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 75.185.243.179", "description": "Found **75[.]185.243.179** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **25**.\n First seen: 2020-11-16T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 75.184.224.0, Last IP 75.188.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Cincinnati\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-11-16T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4c9a4d8a08ef653b6d58831410d49fdf"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "5749ba8aaf3005d6c42d2b24f01fd90a"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "c0ed93e627f5048e18d3107e4536ebda"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "fee59c67bd87c8bd3a0765f3edf0a4ac"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "ce6d2bcd2d754cdc4e7d8414bca640ff"}, {"key": "modified", "hash": "2e0a6ba3b5625ffe1b61e193dc668ffb"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "fbf2a7aedfb707db734392cce8bdaeb2"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "de18b3fb35783cda0be530cdb7b5fad0ec2d55a1990e38220edf11ba9fc229f0", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["75.185.243.179"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.56, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 25.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Cincinnati", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "75.184.224.0", "num": "1270407168"}, "isp": "SCRR10796", "lastip": {"netv4": "75.188.255.255", "num": "1270677503"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:10E06DA8-0CB2-3795-A927-9388C29986E5", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 76.181.180.175", "description": "Found **76[.]181.180.175** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **5**.\n First seen: 2020-07-02T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 76.181.0.0, Last IP 76.181.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Amelia\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f754613624e7b06c97184b5fc4248384"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "4a133a4fc2aaac221b675d2bbd5ceb17"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "3f0dec862e14224b9d62910da01d8d9e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "3452acb044a71817b214f40fbb33417f"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "7db6e40d6ac68702237c02dc28db6158"}, {"key": "modified", "hash": "f2612b8e00eb9a9023e994df6d8d928a"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "34141c8a40949e605f50dad1a4062a24"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "7ae6520dd817bfaae9915b6e095919b4aec994a8d397f052c6c6dde32d36ce61", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["76.181.180.175"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.17, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 5.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amelia", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "76.181.0.0", "num": "1286930432"}, "isp": "SCRR10796", "lastip": {"netv4": "76.181.255.255", "num": "1286995967"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:62BD9BB3-B3FF-3FC4-8247-C4BA6BB8D10B", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 76.188.233.11", "description": "Found **76[.]188.233.11** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **29**.\n First seen: 2020-12-17T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 76.188.0.0, Last IP 76.190.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Hermitage\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "68f83c62d26c28f22bbc82562d96e262"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "e878f77cd439e4a1785e6dc74b67a579"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "0c4ec345c359b5d16b60e72a2e546853"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "2861f08d127650096e5f4f9296176b1a"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "5a2c58f4ede925da1ca36da0932631db"}, {"key": "modified", "hash": "0fcca158d515ce20d2f103aa23400629"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "6f710c99dc2ce7d4ebefb224cd986e59"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "7ad03dbbe3ea9092844931137126e25c04749cfa9833e6616c3ae907eff28397", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["76.188.233.11"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.88, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 29.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Hermitage", "country": "United States", "region": "Pennsylvania"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "76.188.0.0", "num": "1287389184"}, "isp": "SCRR10796", "lastip": {"netv4": "76.190.255.255", "num": "1287585791"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:B22C22FB-2238-3577-95D6-D561033CCFB6", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 76.189.147.212", "description": "Found **76[.]189.147.212** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 76.188.0.0, Last IP 76.190.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Strongsville\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "68f83c62d26c28f22bbc82562d96e262"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "8fedeea4082b98ddceecf6e9266152e4"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "aaa262c2a8007e0803c09c3c832c3aee"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "d4f93469d24b02d2c36e8fa6a6df64fa"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "6af9e90d189cd60435b922aa3d959076"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2a37e6f666f7e121f9b0ebe89a150dd6"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "70e6a635df7ec0d38f6d67e907130b526ba361eaa65280e793be30188002984f", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["76.189.147.212"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 32.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Strongsville", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "76.188.0.0", "num": "1287389184"}, "isp": "SCRR10796", "lastip": {"netv4": "76.190.255.255", "num": "1287585791"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:C1B3D0CB-C6CC-3FB1-90C5-8E35D7BEF086", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 107.9.20.25", "description": "Found **107[.]9.20.25** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 107.9.0.0, Last IP 107.9.63.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Amelia\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "98125a2f0403e6c5e3510a950a38371c"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "4362a867e574bfdb8004bb0022195f28"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "3f0dec862e14224b9d62910da01d8d9e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "c58711cdd8e92f5036f4b4e9bc4cfc1b"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "57f0b6b7e17e84247e2c036363f79aa6"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "c52b12c38cc8fd96f97401f2a4d47340"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "372d5099b057379f96dd56e2da6ed67508f4933c8200ed8204ae8d53c9c9b679", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["107.9.20.25"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.95, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 31.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Amelia", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "107.9.0.0", "num": "1795751936"}, "isp": "SCRR10796", "lastip": {"netv4": "107.9.63.255", "num": "1795768319"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:79FA4C7C-C04A-3DEF-8572-81A811784703", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 107.10.228.220", "description": "Found **107[.]10.228.220** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 107.9.128.0, Last IP 107.11.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Chagrin Falls\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-25T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-24T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "2d6e7e600fd30c9a43e947d243d0b984"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "e62de5956d172d92800c42af89054385"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4730eb5352d4d5b48f0de08d00d23d2"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "c58711cdd8e92f5036f4b4e9bc4cfc1b"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "abf54dc21e976ff2a50be4d3d617d852"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "546e2298e9e2bab5cebe5675f78f45ef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "790e3edeee9e3027e7d883177543cc9f"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "8d1da8ff5aec90ddf63e67a40ccba4941d92b06cd4d97f84ecbd5936519cfb8f", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["107.10.228.220"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.95, "ioc_src": 42.04, "ioc_tags": 0.8, "ioc_total": 31.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Chagrin Falls", "country": "United States", "region": "Ohio"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "107.9.128.0", "num": "1795784704"}, "isp": "SCRR10796", "lastip": {"netv4": "107.11.255.255", "num": "1795948543"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}, {"id": "RST:B772A170-A246-3F0D-B67D-B4E3FF780AC4", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 74.130.98.224", "description": "Found **74[.]130.98.224** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-22T03:00:00, Last seen: 2020-12-22T03:00:00.\n IOC tags: **generic**.\nASN 10796: (First IP 74.128.0.0, Last IP 74.135.255.255).\nASN Name \"SCRR10796\" and Organisation \"Time Warner Cable Internet LLC\".\nASN hosts 25961 domains.\nGEO IP information: City \"Murray\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-22T00:00:00", "modified": "2020-12-22T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "4fa466a3e38567f787ac6bdd64a239e3"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "cbe211e55cb99c449cdff1c80e74e539"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "1493bf59db09678580e3d6b719c476e3"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "febab1a7b4eff09bcc383c80b69e1744"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "ba6a099627bae4c92e474bb76ba10da4"}, {"key": "modified", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "published", "hash": "548afddb941bc9ce879976084c7bcc9e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3eeae623afc1eead29827a9a78702731"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "1939ac7ceff83ca4cd06d1baf23b398bf658ae263cac07773b71f57d1359b39d", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["74.130.98.224"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Murray", "country": "United States", "region": "Kentucky"}, "asn": {"cloud": "", "domains": 25961, "firstip": {"netv4": "74.128.0.0", "num": "1249902592"}, "isp": "SCRR10796", "lastip": {"netv4": "74.135.255.255", "num": "1250426879"}, "num": 10796, "org": "Time Warner Cable Internet LLC"}, "threat": []}], "cve": [{"id": "CVE-2021-25961", "bulletinFamily": "NVD", "title": "CVE-2021-25961", "description": "In \u201cSuiteCRM\u201d application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.", "published": "2021-09-29T14:15:00", "modified": "2021-10-07T17:05:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25961", "reporter": "vulnerabilitylab@whitesourcesoftware.com", "references": ["https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961", "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648", "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"], "cvelist": ["CVE-2021-25961"], "immutableFields": [], "type": "cve", "lastseen": "2021-10-08T07:28:31", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-25961"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "In \u201cSuiteCRM\u201d application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.", "edition": 1, "enchantments": {}, "extraReferences": [{"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961", "refsource": "MISC", "tags": [], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"}, {"name": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648", "refsource": "MISC", "tags": [], "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"}, {"name": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513", "refsource": "MISC", "tags": [], "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"}], "hash": "854682d7c6c95e0f7afcb2f3f065b54710a4d8b20b73e348e6ea2fafbb522e3a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "9eca2103515dda381ee697fe15df2db0", "key": "href"}, {"hash": "16663d78963a7c8f1e947511f4745756", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "fe11807c5856f6554781e25901815063", "key": "extraReferences"}, {"hash": "d120314588a46ccf6fa55eca4ab16d20", "key": "published"}, {"hash": "7911e46fd10e1bc0b90c9ea2011463fc", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "57eaa38d98ec0bc3f0849ffd5bcc411c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81f4a7089f5ae3d5d4d72eb296bfb12f", "key": "title"}, {"hash": "71d0b09fdb1ed1e0ff083363fb1f762f", "key": "references"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "6c3227e9ecc6f5d9c61f07fe28277958", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25961", "id": "CVE-2021-25961", "immutableFields": [], "lastseen": "2021-09-30T07:31:44", "modified": "2021-09-29T16:44:00", "objectVersion": "1.6", "published": "2021-09-29T14:15:00", "references": ["https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961", "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648", "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"], "reporter": "vulnerabilitylab@whitesourcesoftware.com", "title": "CVE-2021-25961", "type": "cve", "viewCount": 0}, "different_elements": ["extraReferences", "cvss", "modified", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-09-30T07:31:44"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "985f893638ae43442ef3685cd0497af4"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "ba312e35b25ecf39c1bc71b8286d363f"}, {"key": "cvelist", "hash": "6c3227e9ecc6f5d9c61f07fe28277958"}, {"key": "cvss", "hash": "d21ac811d9123f8b274b461d7e2281ad"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "33bd31606600c08c75d94abc49e0e253"}, {"key": "description", "hash": "16663d78963a7c8f1e947511f4745756"}, {"key": "extraReferences", "hash": "63b1567bcfd60882609b72f76a7ae2f3"}, {"key": "href", "hash": "9eca2103515dda381ee697fe15df2db0"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "f95c7eee77f9c08274ecff3802f3f490"}, {"key": "published", "hash": "d120314588a46ccf6fa55eca4ab16d20"}, {"key": "references", "hash": "71d0b09fdb1ed1e0ff083363fb1f762f"}, {"key": "reporter", "hash": "7911e46fd10e1bc0b90c9ea2011463fc"}, {"key": "title", "hash": "81f4a7089f5ae3d5d4d72eb296bfb12f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1dea4e9e02c7a7b34bbb157d8c3f5e1537e05a075b3f2f83cd08349129492589", "viewCount": 1, "enchantments": {"dependencies": {"references": [], "modified": "2021-10-08T07:28:31", "rev": 2}, "score": {"value": 2.6, "vector": "NONE", "modified": "2021-10-08T07:28:31", "rev": 2}}, "objectVersion": "1.6", "cpe": [], "affectedSoftware": [{"cpeName": "salesagility:suitecrm", "name": "salesagility suitecrm", "operator": "lt", "version": "7.11.21"}, {"cpeName": "salesagility:suitecrm", "name": "salesagility suitecrm", "operator": "lt", "version": "7.10.32"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:salesagility:suitecrm:7.10.32:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.10.32", "versionStartIncluding": "7.1.7", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:salesagility:suitecrm:7.11.21:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.11.21", "versionStartIncluding": "7.11.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513"}, {"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961"}, {"name": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648"}], "cpe23": [], "cwe": ["CWE-640"], "scheme": null}]}
