942 lines
38 KiB
JSON
942 lines
38 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-06-06",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"publish_timestamp": "1465220802",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1465220677",
|
||
|
"uuid": "57557d45-1590-4513-925d-4516950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220443",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557d5b-5784-4f5b-8c19-4000950d210f",
|
||
|
"value": "https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botnet/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PAC file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220483",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d83-b6f0-4d6f-acdc-4ac1950d210f",
|
||
|
"value": "http://xn--51haaa.ml/server.pac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PAC file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220483",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d83-6ac4-4586-9595-45e1950d210f",
|
||
|
"value": "http://xn--51haaa.ml/proxy.pac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PAC file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220483",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d83-7330-4161-a166-4e15950d210f",
|
||
|
"value": "http://xn--koa.net/proxy.pac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PAC file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220484",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d84-da20-4d16-be87-420d950d210f",
|
||
|
"value": "http://wpad.com.gr/server.pac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "On port 8484",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220484",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d84-49fc-4a1e-a3fc-4260950d210f",
|
||
|
"value": "http://93.190.137.240"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "PAC file",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220485",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57557d85-a524-461e-9183-4f70950d210f",
|
||
|
"value": "http://xn--koa.net/server.pac"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220520",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57557da8-e0d4-40f4-bdda-4b2a950d210f",
|
||
|
"value": "93.190.137.240"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220580",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de4-c03c-494d-9996-4b24950d210f",
|
||
|
"value": "754df4b9e0a954f13ef0f4a01a7cc587"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220581",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de5-6174-46b1-8432-4cea950d210f",
|
||
|
"value": "9dfebeacb2fcd8bf558caab4226e73e0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220581",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de5-9268-48ac-9a8d-4d75950d210f",
|
||
|
"value": "8da287ad9cee5376d5822012c1fdc1d8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220582",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de6-f95c-450a-b4ce-4448950d210f",
|
||
|
"value": "fb6e1bfb2083daaf0bf40b9ad5226d3d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220582",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de6-77b8-427c-879b-4b31950d210f",
|
||
|
"value": "d62b97f57093cc5cb4d1fd3cff89f63b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220583",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557de7-7b30-4b87-bc0c-42d9950d210f",
|
||
|
"value": "f2afeeb6a6a205f6561bce5395d67730"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220583",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de7-b080-45b6-b19d-45bf950d210f",
|
||
|
"value": "374c760361a2e9d7aea99b784893ce2d50cd7c41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220583",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de7-fc28-4d74-9984-4c53950d210f",
|
||
|
"value": "78543cc1a1441e730bc4b1f9570cb00285f7de79"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220584",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de8-ff44-43f3-bc28-456c950d210f",
|
||
|
"value": "641d10b10264d0d2fb7f94dfca819ad5bbca49a3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220584",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de8-2034-484b-89fb-428f950d210f",
|
||
|
"value": "2d8e2a0eaa261402a58a20b8862d93e1096f6ce2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220585",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de9-7180-4b8b-b71f-4143950d210f",
|
||
|
"value": "b505a0f13bf9439dcf621899b26bb32fdc2b5d44"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220585",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557de9-0154-4175-94a2-485a950d210f",
|
||
|
"value": "83d15bc3d8cb28321602bc3ca4f47fd2a254b8ab"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220586",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dea-7ac0-401e-a58c-4135950d210f",
|
||
|
"value": "98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220586",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dea-9fbc-44cd-ba5a-4a9f950d210f",
|
||
|
"value": "e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220587",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557deb-3480-400a-a5ff-4954950d210f",
|
||
|
"value": "b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220587",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557deb-749c-4eed-a3c0-4174950d210f",
|
||
|
"value": "c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220588",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dec-11e4-4c4d-a530-49d9950d210f",
|
||
|
"value": "993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220588",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dec-6314-4b72-a898-4491950d210f",
|
||
|
"value": "1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220589",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557ded-70e0-4270-9e61-494b950d210f",
|
||
|
"value": "86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220589",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557ded-e7f4-44ba-ad15-4c83950d210f",
|
||
|
"value": "ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220590",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dee-a7b4-4a24-9d01-48f6950d210f",
|
||
|
"value": "eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220590",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dee-dd1c-4ca4-b0c9-4bb2950d210f",
|
||
|
"value": "2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220590",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557dee-24a4-448a-9a92-4666950d210f",
|
||
|
"value": "eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220591",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557def-815c-45fe-9e75-49c9950d210f",
|
||
|
"value": "e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220591",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557def-3c94-455a-938e-4936950d210f",
|
||
|
"value": "426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220592",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557df0-6c78-435a-93f1-4705950d210f",
|
||
|
"value": "b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220592",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557df0-3f84-45b4-936d-4dbd950d210f",
|
||
|
"value": "ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220592",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557df0-f434-442b-b210-40ad950d210f",
|
||
|
"value": "e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220593",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557df1-9120-4600-b632-44ea950d210f",
|
||
|
"value": "b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220593",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "57557df1-bca8-4943-bf53-4e77950d210f",
|
||
|
"value": "9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the Freetext Import Tool",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220608",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57557e00-80d8-4133-827d-4a8f950d210f",
|
||
|
"value": "xn--51haaa.ml"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the Freetext Import Tool",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220608",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57557e00-d764-4292-848d-4af8950d210f",
|
||
|
"value": "xn--koa.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the Freetext Import Tool",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220609",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "57557e01-4c50-43c6-b236-40f4950d210f",
|
||
|
"value": "wpad.com.gr"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e45-0d9c-4474-ad8d-432d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234/analysis/1450058531/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220678",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e46-59b8-41ad-908d-42ed02de0b81",
|
||
|
"value": "fe1cfeab9080ce9c0436813fc96ca89f1c9e3d07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220678",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e46-3c14-4f93-8e79-424c02de0b81",
|
||
|
"value": "713dc2ca729aad773380c6fca70af8b7"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220679",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e47-f230-4459-815d-4ad202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426/analysis/1463490982/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220679",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e47-f344-4498-8b44-4fd802de0b81",
|
||
|
"value": "73f0977a41ff0a32e9039d2e6f760de3c3083a3c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220680",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e48-d0d8-41e9-a957-4a9102de0b81",
|
||
|
"value": "521ac14c9aae6cac9b988dd4dd6a2f6b"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220680",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e48-6190-45db-b5d5-4bbf02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93/analysis/1463490981/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220680",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e48-9418-4765-81d4-4ac702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f/analysis/1446478125/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220681",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e49-bc8c-49eb-a5f9-4a5702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206/analysis/1464421408/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220681",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e49-2ecc-447f-987d-4f7702de0b81",
|
||
|
"value": "0e816e715c631c28ad8a82202b7fcfea00a72a30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220682",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e4a-f784-4932-a95b-44bd02de0b81",
|
||
|
"value": "99a0df95986f975a4e5229550d710f23"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220682",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e4a-d290-4a02-acff-4a2102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120/analysis/1463490983/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220683",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e4b-e634-475b-9683-473802de0b81",
|
||
|
"value": "468c249e2be922e524ca73f01b4ad662b6e5d411"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220683",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e4b-41cc-434c-92aa-402d02de0b81",
|
||
|
"value": "57212490b784ecbdb9ce965acd228539"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220684",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e4c-c58c-41f5-b275-493502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0/analysis/1451634274/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220684",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e4c-7b9c-4a0e-a450-4c5602de0b81",
|
||
|
"value": "e1d791b60f69a08f81d0acb88f068ad2e8735585"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220684",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e4c-20b4-46a8-9431-427202de0b81",
|
||
|
"value": "8f93e41c30911fd2321973c01277c752"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220685",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e4d-2440-4ca8-87b7-4e1d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167/analysis/1463490983/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220685",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e4d-e8ec-47ce-bcc7-4c3a02de0b81",
|
||
|
"value": "1be920cb406d8fea6a554faa4f1457b2fed47df4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220686",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e4e-95fc-4d0d-95a7-4c3802de0b81",
|
||
|
"value": "c6b90576c2f6aae51fc932c98b17daf0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220686",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e4e-0ddc-477d-9c32-489202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce/analysis/1464248617/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220687",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e4f-bf88-4b9d-8744-467202de0b81",
|
||
|
"value": "b67b22aafda1a77758014071bb12e6ba2e0b8a0f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220687",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e4f-e8dc-485f-8074-400302de0b81",
|
||
|
"value": "eed81f2283c05191c77ceec6ecf989bc"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220688",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e50-a1d8-4e21-afeb-401a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563/analysis/1463490985/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220688",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e50-7f40-4da9-910d-41a602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5/analysis/1463640490/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220688",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e50-3edc-48dd-bb44-4e5b02de0b81",
|
||
|
"value": "3c551bf3b31cf7b2aaa8a6beb5c9114315cf71ba"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220689",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e51-b434-4720-904d-474202de0b81",
|
||
|
"value": "4f19bb0b2f343c2bcc25fe36bccbbab7"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220689",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e51-e968-4f64-87a1-44ff02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0/analysis/1463490981/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220690",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e52-73c4-4a52-8662-4aac02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26/analysis/1453461325/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220690",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e52-0e6c-4910-8519-47cb02de0b81",
|
||
|
"value": "ac15fb527baa0058c059f20f1ef20b5c2bd16abc"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220691",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e53-1688-4253-bd64-412002de0b81",
|
||
|
"value": "0681d610f382f5aa59e69d976ed7acdb"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220691",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e53-3bc0-4883-bddd-4ee802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151/analysis/1464094559/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220692",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e54-9970-4a97-ae94-48b302de0b81",
|
||
|
"value": "678046b7c48ab176fc0053ab22d4490f72e9e132"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220692",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e54-6134-4200-8443-4c0502de0b81",
|
||
|
"value": "6a2ac9046e8632e00d52bfb804ddeb5e"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220692",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e54-7104-43a9-b5c3-49bc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd/analysis/1463490982/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220693",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e55-fda0-4638-9d59-48e302de0b81",
|
||
|
"value": "9297023d51c5361dcfe26c17b5ec0d712e477260"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220693",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e55-20b0-47e1-a925-4d1c02de0b81",
|
||
|
"value": "ef7fc17f694d2ce26d97247ba9b25c36"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220694",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e56-b2d0-4e57-9029-4e5102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1/analysis/1451634587/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220694",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e56-38c4-4e0d-aa31-44dd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31/analysis/1444238521/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220695",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "57557e57-b064-4bdb-923c-461702de0b81",
|
||
|
"value": "b44d0686e918c6708d091870aa91c2db63e84b41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220695",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "57557e57-b29c-4921-8c06-454b02de0b81",
|
||
|
"value": "b29816a16f6ac75432d52848236c04db"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1465220695",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "57557e57-80f8-4e2a-a7ec-459902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a/analysis/1463490983/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|