2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2015-07-14",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT Tracking MiniDionis: CozyCar\u00e2\u20ac\u2122s New Ride Is Related to Seaduke by Unit 42 Palo Alto Networks",
|
|
|
|
"publish_timestamp": "1498163020",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "2",
|
|
|
|
"timestamp": "1498163009",
|
|
|
|
"uuid": "55a8d7b5-9ab8-476f-982f-1e08950d210b",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#12e100",
|
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:threat-actor=\"APT 29\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:tool=\"Trojan.Seaduke\"",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128646",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "55a8d7c6-d244-4227-b722-0a95950d210b",
|
|
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128754",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "55a8d832-0574-4fca-b203-1e12950d210b",
|
|
|
|
"value": "CozyCar"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128754",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "55a8d832-74ec-4410-931a-1e12950d210b",
|
|
|
|
"value": "Cozy Car"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128755",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "55a8d833-47ac-4cdd-80c3-1e12950d210b",
|
|
|
|
"value": "Seaduke"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128755",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "55a8d833-e4e0-452f-85fb-1e12950d210b",
|
|
|
|
"value": "Mini Dionis"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128755",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "55a8d833-eb14-47be-9ec2-1e12950d210b",
|
|
|
|
"value": "Minidionis"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d87d-d740-4af4-9c4f-1e09950d210b",
|
|
|
|
"value": "ff.whitebirchpaper.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "55a8d87d-603c-4816-b9c6-1e09950d210b",
|
|
|
|
"value": "visionresearch.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d87d-9660-4f64-8346-1e09950d210b",
|
|
|
|
"value": "betawebservices.ntnonline.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d87d-0ce4-4c7f-8336-1e09950d210b",
|
|
|
|
"value": "staff.shasta.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128829",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d87d-ccbc-4df1-9291-1e09950d210b",
|
|
|
|
"value": "extranet.qualityplanning.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d87e-6ecc-456d-a0b3-1e09950d210b",
|
|
|
|
"value": "secure.hgl.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "55a8d87e-dcc8-4977-b1a7-1e09950d210b",
|
|
|
|
"value": "illuminatistudios.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "55a8d87e-24e8-45ca-8571-1e09950d210b",
|
|
|
|
"value": "103.254.16.168"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "55a8d87e-70bc-4f1e-95c6-1e09950d210b",
|
|
|
|
"value": "103.226.132.7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "55a8d87e-2ea8-49b5-a63b-1e09950d210b",
|
|
|
|
"value": "122.228.193.115"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128830",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87e-86fc-45ce-ad84-1e09950d210b",
|
|
|
|
"value": "01039a95e0a14767784acc8f07035935"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-7f78-4cad-8b76-1e09950d210b",
|
|
|
|
"value": "0f9534b63cb7af1e3aa34839d7d6e632"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-dfac-48e8-b766-1e09950d210b",
|
|
|
|
"value": "2e64131c0426a18c1c363ec69ae6b5f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-d488-4f87-bebd-1e09950d210b",
|
|
|
|
"value": "70f5574e4e7ad360f4f5c2117a7a1ca7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-eae4-4101-ab07-1e09950d210b",
|
|
|
|
"value": "1dd593ad084e1526c8facce834b0e124"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-c3fc-45a3-9f6d-1e09950d210b",
|
|
|
|
"value": "42ffc84c6381a18b1f6d000b94c74b09"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128831",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d87f-ad60-40f8-a44f-1e09950d210b",
|
|
|
|
"value": "719cf63a3922953ceaca6fb4dbed6584"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-220c-4416-9802-1e09950d210b",
|
|
|
|
"value": "f415470b9f0edc1298b1f6ae75dfaf31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-1360-4bd0-8009-1e09950d210b",
|
|
|
|
"value": "ca770a4c9881afcd610aad30aa53f651"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-16a8-4a6e-9146-1e09950d210b",
|
|
|
|
"value": "24083e6186bc773cd9c2e70a49309763"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-2520-4091-8ed7-1e09950d210b",
|
|
|
|
"value": "b0a9a175e2407352214b2d005253bc0c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-a864-4c08-8561-1e09950d210b",
|
|
|
|
"value": "b55628a605a5dfb5005c44220ae03b8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128832",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d880-31cc-4873-abb6-1e09950d210b",
|
|
|
|
"value": "26bd36cc57e30656363ca89910579f63"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128833",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d881-34fc-4888-8f09-1e09950d210b",
|
|
|
|
"value": "a9c045c401afb9766e2ca838dc6f47a4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128833",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d881-e6b4-4bb7-8954-1e09950d210b",
|
|
|
|
"value": "f8cb10b2ee8af6c5555e9cf3701b845f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128833",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d881-ed1c-4ea2-87c6-1e09950d210b",
|
|
|
|
"value": "c8b49b42e6ebb6b977ce7001b6bd96c8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128833",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d881-6f18-4bda-b8c8-1e09950d210b",
|
|
|
|
"value": "030da7510113c28ee68df8a19c643bb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128833",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d881-afa0-4770-ba27-1e09950d210b",
|
|
|
|
"value": "e07ef8ffe965ec8b72041ddf9527cac4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-c3e4-44cf-a492-1e09950d210b",
|
|
|
|
"value": "4cbd9a0832dcf23867b092de37c10d9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-59cc-4c5e-ae3c-1e09950d210b",
|
|
|
|
"value": "3a04a5d7ed785daa16f4ebfd3acf0867"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-ee38-44af-a76b-1e09950d210b",
|
|
|
|
"value": "9018fa0826f237342471895f315dbf39"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-aba8-45bf-b05f-1e09950d210b",
|
|
|
|
"value": "98613ecb3afde5fc48ca4204f8363f1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-c450-48f3-a2e2-1e09950d210b",
|
|
|
|
"value": "e00bf9b8261410744c10ae3fe2ce9049"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128834",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d882-90a8-4a2c-803b-1e09950d210b",
|
|
|
|
"value": "51ea28f4f3fa794d5b207475897b1eef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128835",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "55a8d883-95ec-4b82-81ce-1e09950d210b",
|
|
|
|
"value": "3195110045f64a3c83fc3e043c46d253"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128835",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "55a8d883-4e34-4bc9-a3a6-1e09950d210b",
|
|
|
|
"value": "connectads.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128835",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "55a8d883-4340-4526-9fba-1e09950d210b",
|
|
|
|
"value": "kane-consulting.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1437128835",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "55a8d883-fbec-4b6e-98da-1e09950d210b",
|
|
|
|
"value": "edadmin.kearsney.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841689",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c66199-f660-442d-a56f-4018950d210f",
|
|
|
|
"value": "890b943ba5c43b74ad2965874a21c7ef4ba896ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841691",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c6619b-364c-483a-a98c-5f51950d210f",
|
|
|
|
"value": "6c95cdbe7d3c65104abd0912aa7dc99099887030"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841693",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c6619d-dd70-4f78-a6df-c654950d210f",
|
|
|
|
"value": "84ba6b6a0a3999c0932f35298948f149ee05bc02"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841695",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c6619f-0140-465a-b935-46c4950d210f",
|
|
|
|
"value": "47f26990d063c947debbde0e10bd267fb0f32719"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841697",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661a1-c460-4e63-a598-c654950d210f",
|
|
|
|
"value": "f19873b6d0db1d2dde9134d69f5e2d5f6b939aa7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841699",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661a3-ad2c-4aa9-8031-449f950d210f",
|
|
|
|
"value": "cc15924d37e36060faa405e5fa8f6ca15a3cace2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841701",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661a5-2f24-4f16-b1f8-59a0950d210f",
|
|
|
|
"value": "7b8851f98f765038f275489c69a485e1bed4f82d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841703",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661a7-1cd8-42a2-96bf-c650950d210f",
|
|
|
|
"value": "9eae02e8d4bc405afd78dd364e96650f3608bf3b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841704",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661a8-987c-466c-bb08-4061950d210f",
|
|
|
|
"value": "4f977debaa25925e82f254080e8f7c42b70cb669"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841706",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661aa-4af8-44cd-89fc-44f9950d210f",
|
|
|
|
"value": "71031ebb535923722c8fcfdcba127e4fdef24f49"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841708",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661ac-0bc8-47b1-b16e-5f51950d210f",
|
|
|
|
"value": "38dd05b9cc892491347f4347870a6b77d9aea856"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841709",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661ad-50e4-40bc-86ff-4c1e950d210f",
|
|
|
|
"value": "10b31a17449705be20890ddd8ad97a2feb093674"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 9018fa0826f237342471895f315dbf39)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841711",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661af-bedc-4409-b7aa-59a3950d210f",
|
|
|
|
"value": "910dfe45905b63c12c6f93193f5dc08f5b012bc3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841713",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661b1-73dc-43df-8956-599c950d210f",
|
|
|
|
"value": "5875e9e27607aab5d39e312cd141d8941b077462"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841715",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661b3-c16c-46ec-aa81-413e950d210f",
|
|
|
|
"value": "44403a3e51e337c1372b0becdab74313125452c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841716",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661b4-cec0-4654-8680-c650950d210f",
|
|
|
|
"value": "9eef49fc724b9f40be795a80bc6363eb0c6b6dd6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841718",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "56c661b6-a010-4c3b-a8e1-5f51950d210f",
|
|
|
|
"value": "d7f7aef824265136ad077ae4f874d265ae45a6b0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 0f9534b63cb7af1e3aa34839d7d6e632)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841691",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c6619b-541c-4004-b18c-59a1950d210f",
|
|
|
|
"value": "08b410d359ec2d6cab73bd6c0be138d9bdc475e3f63fec65794a74e5d5958b3b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 2e64131c0426a18c1c363ec69ae6b5f2)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841692",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c6619c-dd34-4525-9a1f-599f950d210f",
|
|
|
|
"value": "26fdc7682cf367d4d1e635a40beab0762cee43978a0f86867be03aab81244107"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 70f5574e4e7ad360f4f5c2117a7a1ca7)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841694",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c6619e-e154-4934-9b79-59a0950d210f",
|
|
|
|
"value": "a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 42ffc84c6381a18b1f6d000b94c74b09)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841696",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a0-a904-4b8f-bea4-599d950d210f",
|
|
|
|
"value": "c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 719cf63a3922953ceaca6fb4dbed6584)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841698",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a2-f110-4175-982b-59a1950d210f",
|
|
|
|
"value": "a544aa392c1f519aebdb2a7b6dc23290082b7f7103c7e3022af35dfd6bc10dde"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via b0a9a175e2407352214b2d005253bc0c)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841700",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a4-7468-4e15-b617-599c950d210f",
|
|
|
|
"value": "6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via a9c045c401afb9766e2ca838dc6f47a4)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841702",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a6-9430-40a4-bf62-c654950d210f",
|
|
|
|
"value": "d3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via c8b49b42e6ebb6b977ce7001b6bd96c8)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841704",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a8-5908-4640-9e06-59a2950d210f",
|
|
|
|
"value": "93ecd67c6102802e2e058eac512a2c75434912c28dc2eae6c108451272008bc5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 030da7510113c28ee68df8a19c643bb0)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841705",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661a9-ccd0-498e-8683-59a0950d210f",
|
|
|
|
"value": "7b3e344ea44a9b5fdcee89818435d377b4413e704f8c2ef5522a0255bd4eca74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via e07ef8ffe965ec8b72041ddf9527cac4)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841707",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661ab-a3c4-4e42-aa11-599c950d210f",
|
|
|
|
"value": "502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 4cbd9a0832dcf23867b092de37c10d9d)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841708",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661ac-cb0c-4467-8401-599f950d210f",
|
|
|
|
"value": "2a36823323b857921d056c0161fc15d47f29b7513443346a0aeb537cbf437f0d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 3a04a5d7ed785daa16f4ebfd3acf0867)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841710",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661ae-d8c4-4040-a829-59a1950d210f",
|
|
|
|
"value": "ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 9018fa0826f237342471895f315dbf39)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841712",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661b0-91ec-4b98-a0d3-47f2950d210f",
|
|
|
|
"value": "ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 98613ecb3afde5fc48ca4204f8363f1d)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841714",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661b2-b4b8-45a2-9a03-59a0950d210f",
|
|
|
|
"value": "7f8d8992dda6a48c54234e76cf0a0f445842aea1cd91d3252185c7b436e51cde"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via e00bf9b8261410744c10ae3fe2ce9049)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841716",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661b4-b8e0-4a13-a360-599e950d210f",
|
|
|
|
"value": "56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 51ea28f4f3fa794d5b207475897b1eef)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841717",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661b5-f4cc-4409-91a3-59a2950d210f",
|
|
|
|
"value": "ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Automatically added (via 3195110045f64a3c83fc3e043c46d253)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455841719",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c661b7-ceb0-46b5-9f45-5ca1950d210f",
|
|
|
|
"value": "88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f"
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|