2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
|
"analysis": "2",
|
|
|
|
|
"date": "2019-06-26",
|
|
|
|
|
"extends_uuid": "5d13bc95-ecbc-4af9-b684-423602de0b81",
|
|
|
|
|
"info": "Soft Cell case - Related indicators from correlations",
|
|
|
|
|
"publish_timestamp": "1594387629",
|
|
|
|
|
"published": true,
|
|
|
|
|
"threat_level_id": "3",
|
|
|
|
|
"timestamp": "1594387608",
|
|
|
|
|
"uuid": "5d13be9e-bb04-4946-899d-409e02de0b81",
|
|
|
|
|
"Orgc": {
|
|
|
|
|
"name": "CIRCL",
|
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
|
},
|
|
|
|
|
"Tag": [
|
|
|
|
|
{
|
|
|
|
|
"colour": "#004646",
|
|
|
|
|
"local": "0",
|
|
|
|
|
"name": "type:OSINT",
|
|
|
|
|
"relationship_type": ""
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"colour": "#0071c3",
|
|
|
|
|
"local": "0",
|
|
|
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
|
|
|
"relationship_type": ""
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"colour": "#0087e8",
|
|
|
|
|
"local": "0",
|
|
|
|
|
"name": "osint:certainty=\"50\"",
|
|
|
|
|
"relationship_type": ""
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"colour": "#ffffff",
|
|
|
|
|
"local": "0",
|
|
|
|
|
"name": "tlp:white",
|
|
|
|
|
"relationship_type": ""
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"Attribute": [
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-9aac-47bd-b831-479802de0b81",
|
|
|
|
|
"value": "asyspy256.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13beb9-0aa4-4139-bb10-4c0302de0b81",
|
|
|
|
|
"value": "177fcb8c089ad981fd1353d74fce5d13f26a6db78224c96209162cc145cf5ee8"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13beb9-f780-4a83-8682-4a7a02de0b81",
|
|
|
|
|
"value": "40d6a2f0e12cbaa34db35bf2bac713cb3ab26e01c26289ad74fd88391ff33a84"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13beb9-bbcc-473f-a1df-480402de0b81",
|
|
|
|
|
"value": "https://asyspy256.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13beb9-e288-4d7d-b564-420902de0b81",
|
|
|
|
|
"value": "http://asyspy256.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13beb9-4184-4585-b676-4d6502de0b81",
|
|
|
|
|
"value": "56620a8035dc7244ccd525f11ed4b1b683794e9d72076363c6a8424ccfe64dd5"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13beb9-a71c-4126-be17-4d2b02de0b81",
|
|
|
|
|
"value": "210.56.60.240"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13beb9-e17c-4690-aff5-444902de0b81",
|
|
|
|
|
"value": "45.121.48.106"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13beb9-b1f8-4716-8d89-419402de0b81",
|
|
|
|
|
"value": "112.213.106.148"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13beb9-0ca0-447f-838f-458102de0b81",
|
|
|
|
|
"value": "211.21.23.69"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13beb9-89b0-4419-8775-483f02de0b81",
|
|
|
|
|
"value": "118.184.15.106"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-91d0-4529-8b77-4bf902de0b81",
|
|
|
|
|
"value": "sz2016rose.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-43dc-44b7-acdd-484f02de0b81",
|
|
|
|
|
"value": "hotkillmail9sddcc.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-c44c-4108-b934-456802de0b81",
|
|
|
|
|
"value": "rosaf112.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-0c18-4438-9e15-4e7102de0b81",
|
|
|
|
|
"value": "cvdfhjh1231.myftp.biz"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-15a4-411b-9cc6-49ff02de0b81",
|
|
|
|
|
"value": "211-21-23-69.hinet-ip.hinet.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-8610-477d-b3d0-4d5902de0b81",
|
|
|
|
|
"value": "dffwescwer4325.myftp.biz"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-4eec-45e1-a1aa-4ece02de0b81",
|
|
|
|
|
"value": "cvdfhjh12311.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-872c-4027-a62f-4c5302de0b81",
|
|
|
|
|
"value": "cvdfhjh1231.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-71f0-47e1-99ae-424002de0b81",
|
|
|
|
|
"value": "www.zhonglic.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13beb9-2278-4f6d-8a57-485402de0b81",
|
|
|
|
|
"value": "8993327.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-df1c-4ac8-927a-4a5b02de0b81",
|
|
|
|
|
"value": "ns1.hostgamma.asia"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13beb9-240c-4205-8ba4-497002de0b81",
|
|
|
|
|
"value": "bm999999.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-55ac-475c-b1fa-43aa02de0b81",
|
|
|
|
|
"value": "www.bm999999.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-3fbc-426e-b402-41cd02de0b81",
|
|
|
|
|
"value": "15e752e3e1a29b41.cdn.jiashule.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13beb9-0c88-419a-9bd6-4ad002de0b81",
|
|
|
|
|
"value": "ns11.kowloonhosting.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13beb9-5b8c-40a3-af8f-493502de0b81",
|
|
|
|
|
"value": "swisspatentlaw.cn"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13beb9-dfa4-4247-8e37-45a502de0b81",
|
|
|
|
|
"value": "prescottarts.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13beb9-4a58-4a2b-8672-47de02de0b81",
|
|
|
|
|
"value": "ressya-hiroba.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13beb9-0390-4b7f-ac78-46c602de0b81",
|
|
|
|
|
"value": "https://hotkillmail9sddcc.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575097",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13beb9-e888-4872-8da7-4c6f02de0b81",
|
|
|
|
|
"value": "http://hotkillmail9sddcc.ddns.net/84efbd38001399bd"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf36-34b0-463c-94c4-47e302de0b81",
|
|
|
|
|
"value": "fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf36-1918-4d1d-a293-4ead02de0b81",
|
|
|
|
|
"value": "12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-0018-454b-ae78-4c8802de0b81",
|
|
|
|
|
"value": "http://rosaf112.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-9240-415f-a057-443602de0b81",
|
|
|
|
|
"value": "http://sz2016rose.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-d01c-41ff-9a8e-4f1202de0b81",
|
|
|
|
|
"value": "http://hotkillmail9sddcc.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-2c4c-4778-86b8-485d02de0b81",
|
|
|
|
|
"value": "https://sz2016rose.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-0940-4c62-95f0-442502de0b81",
|
|
|
|
|
"value": "https://cvdfhjh1231.myftp.biz/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-c440-46dd-93db-491302de0b81",
|
|
|
|
|
"value": "http://cvdfhjh1231.myftp.biz/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-f87c-4312-923f-4f9602de0b81",
|
|
|
|
|
"value": "https://rosaf112.ddns.net/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575222",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf36-e3f4-424a-86b6-4b5a02de0b81",
|
|
|
|
|
"value": "http://rosaf112.ddns.net/rosaf112.ddns.net/65afed00000000ca"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "SINKHOLE",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1594387607",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "ip-dst",
|
|
|
|
|
"uuid": "5d13bf99-1430-4f9d-98d5-bf3202de0b81",
|
|
|
|
|
"value": "45.77.226.209"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-252c-45cb-b663-bf3202de0b81",
|
|
|
|
|
"value": "ca297d004b32a058b56a2360a38b8841483c97642b243b97c3e2a26386665f5c"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-294c-45ab-9bd1-bf3202de0b81",
|
|
|
|
|
"value": "60faca782fa4be9366714d63f581afe5e3bec28968e4d8bf13ddb27cbf69308e"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-f418-4199-9ba8-bf3202de0b81",
|
|
|
|
|
"value": "e1eedf55a76696735ca11ae38bfb8079fd9870dd823b8e0510704fd1c3877cd4"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-6eac-4a22-8ac1-bf3202de0b81",
|
|
|
|
|
"value": "430683d033fe8d97300fa5dfac139f9b407d930a2f05455a24433192e1034eab"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-2230-4c4d-8d5f-bf3202de0b81",
|
|
|
|
|
"value": "57baf7f8092fc10b488271603fadb80e8d73b2944ddbf9868441d54c730b607e"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13bf99-8ac4-4937-b48f-bf3202de0b81",
|
|
|
|
|
"value": "gokeenakte.top"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13bf99-b308-4963-a36f-bf3202de0b81",
|
|
|
|
|
"value": "ciscoupdate2019.gotdns.ch"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13bf99-c720-4faf-b302-bf3202de0b81",
|
|
|
|
|
"value": "zstoreshoping.ddns.net"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13bf99-78bc-472a-90af-bf3202de0b81",
|
|
|
|
|
"value": "booomaahuuoooapl.ru"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13bf99-ffc4-4388-886d-bf3202de0b81",
|
|
|
|
|
"value": "tashdqdxp.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13bf99-8148-49d0-9633-bf3202de0b81",
|
|
|
|
|
"value": "download311a7g5117main.booomaahuuoooapl.ru"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13bf99-1e48-473f-80e8-bf3202de0b81",
|
|
|
|
|
"value": "joshel.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "hostname",
|
|
|
|
|
"uuid": "5d13bf99-960c-4884-b932-bf3202de0b81",
|
|
|
|
|
"value": "www.tashdqdxp.com"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "domain",
|
|
|
|
|
"uuid": "5d13bf99-fa48-4773-9bbd-bf3202de0b81",
|
|
|
|
|
"value": "buygearnow.xyz"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-7c18-450a-b719-bf3202de0b81",
|
|
|
|
|
"value": "b32c619e1976f425192f50bd9c0a345c62695221142c9803d180d769c3a138da"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-cfc0-46a7-b030-bf3202de0b81",
|
|
|
|
|
"value": "d87997a5749f699e77e56aa651c076f408aaa1e906f165bc33f7239f90d6b0fd"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-2938-4dcc-b9e4-bf3202de0b81",
|
|
|
|
|
"value": "fd20b7afc3581173c7e80fa67bd7bf3962fe8e757dc131315c4932dc4dce7c83"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81",
|
|
|
|
|
"value": "074cc53b54be2de8ca4900dd2d7821fb09c2025fb399400835db4936d5b3e819"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-a5e4-43bd-8be5-bf3202de0b81",
|
|
|
|
|
"value": "d52375f8ab4333175944299d6bf8362956f2336ac02f3f657601939a2e1b860b"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-d680-4508-b545-bf3202de0b81",
|
|
|
|
|
"value": "cf24b8da54c9736afe16c89271381df6586d20c4594f08211a2a9327a548f0ad"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-d134-4529-92ab-bf3202de0b81",
|
|
|
|
|
"value": "d85f1a383fd80fe3fcd4acbbc24b21e21eda4f35b63378fd6853d583eff14f4c"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-83e4-49d8-9a21-bf3202de0b81",
|
|
|
|
|
"value": "4601d9af39d22b5e9d6e6afcd36e594b10b43942b4f8fa60da1a4f4660264490"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-213c-4b63-8b42-bf3202de0b81",
|
|
|
|
|
"value": "25750861d22973ea96d028ba89d0c92cc7ab7cff313df87f787fe87746ce8f63"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Payload delivery",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "sha256",
|
|
|
|
|
"uuid": "5d13bf99-f8c8-4768-bf68-bf3202de0b81",
|
|
|
|
|
"value": "01299f05e555230f617d04867414c261eee9d26d215835e56cef7f252c9a9bd2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-bf00-4afd-ac6c-bf3202de0b81",
|
|
|
|
|
"value": "https://dffwescwer4325.myftp.biz/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-1198-42a3-a4ad-bf3202de0b81",
|
|
|
|
|
"value": "http://gokeenakte.top/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-0608-4d2e-95de-bf3202de0b81",
|
|
|
|
|
"value": "http://ciscoupdate2019.gotdns.ch/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-cf84-4700-a457-bf3202de0b81",
|
|
|
|
|
"value": "http://45.77.226.209/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-c1c4-485d-acfb-bf3202de0b81",
|
|
|
|
|
"value": "http://zstoreshoping.ddns.net/data"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-7594-4dde-8981-bf3202de0b81",
|
|
|
|
|
"value": "http://tashdqdxp.com/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-eec0-40fd-abb6-bf3202de0b81",
|
|
|
|
|
"value": "http://booomaahuuoooapl.ru/t.exe"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-8490-4d7f-8c05-bf3202de0b81",
|
|
|
|
|
"value": "http://booomaahuuoooapl.ru/m.exe"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575321",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf99-9884-4140-9ab3-bf3202de0b81",
|
|
|
|
|
"value": "http://joshel.com/"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"category": "Network activity",
|
|
|
|
|
"comment": "",
|
|
|
|
|
"deleted": false,
|
|
|
|
|
"disable_correlation": false,
|
|
|
|
|
"timestamp": "1561575322",
|
|
|
|
|
"to_ids": true,
|
|
|
|
|
"type": "url",
|
|
|
|
|
"uuid": "5d13bf9a-4028-460d-a9cb-bf3202de0b81",
|
|
|
|
|
"value": "http://booomaahuuoooapl.ru/"
|
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
