2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "0",
|
|
|
|
"date": "2016-08-24",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Malspam 2016-08-24 (.hta in .zip) - campaign: \"Emailing{N}.jpg\"",
|
|
|
|
"publish_timestamp": "1472051117",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1472051070",
|
|
|
|
"uuid": "57bd9b3a-c354-481c-b414-424e950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#3b7500",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043888",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bd9b70-b228-433e-88d7-45d3950d210f",
|
|
|
|
"value": "http://mage4ever.0catch.com/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043888",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bd9b70-8eb0-4bdc-b294-4a19950d210f",
|
|
|
|
"value": "mage4ever.0catch.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043889",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bd9b71-8a28-4f99-b486-4f2d950d210f",
|
|
|
|
"value": "69.27.174.10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043889",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bd9b71-59ec-474c-81cb-4034950d210f",
|
|
|
|
"value": "http://www.agenziadini.it/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043889",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bd9b71-e5f8-4975-baec-4f1b950d210f",
|
|
|
|
"value": "www.agenziadini.it"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043889",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bd9b71-5ab4-478b-8e30-41e7950d210f",
|
|
|
|
"value": "213.205.40.169"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043889",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bd9b71-8f5c-4444-9d17-4c26950d210f",
|
|
|
|
"value": "http://iesjaumei.edu.gva.es/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043890",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bd9b72-3058-4b0e-8ebe-41a1950d210f",
|
|
|
|
"value": "iesjaumei.edu.gva.es"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043890",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bd9b72-3f50-421e-9451-4286950d210f",
|
|
|
|
"value": "193.144.125.70"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043890",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bd9b72-9838-48b6-a1f3-4220950d210f",
|
|
|
|
"value": "http://www.carloabati.com/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472043890",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bd9b72-df5c-460b-bac8-4dba950d210f",
|
|
|
|
"value": "www.carloabati.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472044043",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "email-subject",
|
|
|
|
"uuid": "57bd9c0b-5b3c-43c1-a167-4a47950d210f",
|
|
|
|
"value": "Emailing{N}.jpg"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051067",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bdb77b-9e78-4217-ae6e-450c950d210f",
|
|
|
|
"value": "http://brunnenburg.de/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051067",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57bdb77b-b270-4809-9e79-489c950d210f",
|
|
|
|
"value": "brunnenburg.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051067",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bdb77b-b6f4-4c2d-84ba-442b950d210f",
|
|
|
|
"value": "212.40.179.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051068",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bdb77c-571c-4301-90c2-44d9950d210f",
|
|
|
|
"value": "http://csmjs.cba.pl/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051068",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bdb77c-2614-4f20-9863-4736950d210f",
|
|
|
|
"value": "csmjs.cba.pl"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051068",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bdb77c-413c-41e5-a46a-4b20950d210f",
|
|
|
|
"value": "95.211.144.65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051068",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bdb77c-c5c0-4326-82c8-4fb1950d210f",
|
|
|
|
"value": "http://ficonline.cat/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051068",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57bdb77c-5f3c-4239-adf0-4992950d210f",
|
|
|
|
"value": "ficonline.cat"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bdb77d-30ac-4dd6-9c3a-4308950d210f",
|
|
|
|
"value": "134.0.14.63"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bdb77d-2c7c-4d98-bf14-4977950d210f",
|
|
|
|
"value": "http://jon.nomaki.jp/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bdb77d-aa60-447f-add4-4cbb950d210f",
|
|
|
|
"value": "jon.nomaki.jp"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bdb77d-d4f4-4278-9202-445f950d210f",
|
|
|
|
"value": "112.140.42.29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "57bdb77d-3544-4a46-acbe-4b27950d210f",
|
|
|
|
"value": "http://ajurveda.meganet.lt/GHBuyd472"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051069",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57bdb77d-f5f4-4f4f-ba8e-4842950d210f",
|
|
|
|
"value": "ajurveda.meganet.lt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "download location",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1472051070",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "57bdb77e-a8a8-41fa-8028-428f950d210f",
|
|
|
|
"value": "88.222.0.5"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|