902 lines
27 KiB
JSON
902 lines
27 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2017-05-26",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Jaff 2017-05-25 : \"Payment Receipt 1234\" - \"1234.pdf\"",
|
||
|
"publish_timestamp": "1495806413",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1495806395",
|
||
|
"uuid": "59281443-312c-4b77-aef7-447d950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#006c6c",
|
||
|
"name": "ecsirt:malicious-code=\"ransomware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"Jaff\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59281446-b440-4a1f-bbe1-4564950d210f",
|
||
|
"value": "9585bc2d5d63b189bf8455d2e05cfb5e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59281448-5fb0-4cb5-8947-44ea950d210f",
|
||
|
"value": "fc8c82354bbc40f2662d577863c6b20f"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928144a-5368-4e33-9a4c-4090950d210f",
|
||
|
"value": "http://benimkecim.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928144b-e848-4515-93fc-4242950d210f",
|
||
|
"value": "benimkecim.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "benimkecim.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928144c-050c-439e-a4a2-4225950d210f",
|
||
|
"value": "95.173.189.215"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928144c-b160-4179-94a7-450e950d210f",
|
||
|
"value": "http://better57toiuydof.net/af/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928144d-2364-40f8-bd8a-419a950d210f",
|
||
|
"value": "better57toiuydof.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "better57toiuydof.net",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928144f-d4b0-4902-9e5b-416a950d210f",
|
||
|
"value": "46.173.218.111"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281451-6310-4b31-8b46-495e950d210f",
|
||
|
"value": "http://bionorica.md/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281452-c164-4d7a-996e-4478950d210f",
|
||
|
"value": "bionorica.md"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "bionorica.md",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281454-3bcc-42e1-adfc-4345950d210f",
|
||
|
"value": "176.223.209.7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281455-57ac-4700-a036-49e8950d210f",
|
||
|
"value": "http://blackstoneconsultants.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281456-bc98-4998-b24f-48ef950d210f",
|
||
|
"value": "blackstoneconsultants.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "blackstoneconsultants.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281457-9e0c-48fb-b518-4cbd950d210f",
|
||
|
"value": "192.124.249.6"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281458-a294-4496-b8fa-417c950d210f",
|
||
|
"value": "http://danthegreat.athost.net/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281459-c67c-4581-84a8-4c22950d210f",
|
||
|
"value": "danthegreat.athost.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "danthegreat.athost.net",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928145c-29ec-4e88-ab66-42a8950d210f",
|
||
|
"value": "88.198.4.251"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928145d-1898-4496-ae26-4d72950d210f",
|
||
|
"value": "http://derossigroup.it/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928145f-24d4-42dc-9a8b-4930950d210f",
|
||
|
"value": "derossigroup.it"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "derossigroup.it",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281460-0f30-465b-91e7-46b5950d210f",
|
||
|
"value": "195.130.247.50"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281461-8144-4204-b00e-4c44950d210f",
|
||
|
"value": "http://dianagaertner.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281463-aac4-46e9-9f4f-4124950d210f",
|
||
|
"value": "dianagaertner.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dianagaertner.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281463-ae54-4c10-a75a-494c950d210f",
|
||
|
"value": "81.169.145.66"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281464-431c-40b2-9ffb-44fd950d210f",
|
||
|
"value": "http://dreamybean.de/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281465-a28c-4c77-8f28-4b41950d210f",
|
||
|
"value": "dreamybean.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dreamybean.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281466-6c50-4c9e-8a4a-4043950d210f",
|
||
|
"value": "81.169.145.160"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281467-9ed0-492a-adb2-46e5950d210f",
|
||
|
"value": "http://duktigaflickor.se/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281468-2890-4110-a2eb-43ec950d210f",
|
||
|
"value": "duktigaflickor.se"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "duktigaflickor.se",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928146a-214c-44dd-96a6-4048950d210f",
|
||
|
"value": "46.30.213.61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928146b-2d3c-43c6-8111-4a64950d210f",
|
||
|
"value": "http://enseling-gmbh.de/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928146c-10ec-4dd7-8ea4-4028950d210f",
|
||
|
"value": "enseling-gmbh.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "enseling-gmbh.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928146d-0604-4b71-bb95-4f36950d210f",
|
||
|
"value": "81.169.145.162"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928146e-6c10-44d2-b095-4d63950d210f",
|
||
|
"value": "http://enzler-elektro.ch/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928146f-0d24-4a49-a4cd-4184950d210f",
|
||
|
"value": "enzler-elektro.ch"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "enzler-elektro.ch",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281470-4050-4f7e-b23d-476b950d210f",
|
||
|
"value": "80.86.198.13"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281471-8b70-4816-bf67-48d9950d210f",
|
||
|
"value": "http://facecapsule.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281472-c81c-435b-b039-426a950d210f",
|
||
|
"value": "facecapsule.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "facecapsule.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281473-c478-4690-850f-4daa950d210f",
|
||
|
"value": "70.35.121.121"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281474-9950-4a03-b0f3-44de950d210f",
|
||
|
"value": "http://holidayhops.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281475-790c-4e0d-b640-4edd950d210f",
|
||
|
"value": "holidayhops.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "holidayhops.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281476-a230-41af-bdeb-4e59950d210f",
|
||
|
"value": "166.62.29.125"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281477-d734-4382-9133-4ec4950d210f",
|
||
|
"value": "http://hunter.cz/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281478-c9a0-4b5d-9d6c-4ce7950d210f",
|
||
|
"value": "hunter.cz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "hunter.cz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281479-0744-419f-b39f-4367950d210f",
|
||
|
"value": "83.167.255.182"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928147a-035c-4f27-8493-44b4950d210f",
|
||
|
"value": "http://operadorapuma.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928147a-8038-4e54-a86c-468c950d210f",
|
||
|
"value": "operadorapuma.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "operadorapuma.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928147b-871c-4e2b-9651-4438950d210f",
|
||
|
"value": "192.124.249.2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928147c-7938-4b38-afeb-4108950d210f",
|
||
|
"value": "http://orchideus.cz/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928147d-4644-4d6d-bd52-46c6950d210f",
|
||
|
"value": "orchideus.cz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "orchideus.cz",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928147e-8b08-44e7-93cb-421e950d210f",
|
||
|
"value": "81.31.42.12"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928147f-1e48-47fd-84c6-49bb950d210f",
|
||
|
"value": "http://pepmata.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281480-946c-4499-a3a5-448c950d210f",
|
||
|
"value": "pepmata.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "pepmata.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806349",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281481-58c4-4762-9d00-4d1a950d210f",
|
||
|
"value": "160.153.129.221"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281482-83f4-493e-9db3-4f29950d210f",
|
||
|
"value": "http://pixshoot.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281483-47f0-475b-9773-4065950d210f",
|
||
|
"value": "pixshoot.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "pixshoot.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281484-7858-4442-9586-4f6b950d210f",
|
||
|
"value": "104.156.51.239"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281485-61c4-4a98-a73e-4dce950d210f",
|
||
|
"value": "http://rejtjel.hu/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281486-aa6c-4587-9614-4e62950d210f",
|
||
|
"value": "rejtjel.hu"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "rejtjel.hu",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281488-da70-4ec5-8893-425b950d210f",
|
||
|
"value": "91.82.226.140"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281488-86cc-49a5-b908-41dc950d210f",
|
||
|
"value": "http://tropicalcoffeebreak.com/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281489-afa8-4910-a727-4706950d210f",
|
||
|
"value": "tropicalcoffeebreak.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "tropicalcoffeebreak.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928148a-2608-4290-a255-4f20950d210f",
|
||
|
"value": "162.144.143.109"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928148b-4b58-4318-aa1a-4f12950d210f",
|
||
|
"value": "http://vipmarketing.co.il/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5928148c-8448-4df1-9df9-4623950d210f",
|
||
|
"value": "vipmarketing.co.il"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "vipmarketing.co.il",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5928148e-dcac-472d-9c86-4322950d210f",
|
||
|
"value": "81.218.71.217"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5928148f-ffc8-4e76-8906-4ab2950d210f",
|
||
|
"value": "http://vsflot.ru/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281491-4698-485f-96d8-47c8950d210f",
|
||
|
"value": "vsflot.ru"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "vsflot.ru",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281492-b0b0-4364-8dbf-40a5950d210f",
|
||
|
"value": "81.177.135.191"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281493-f744-40ba-8f5d-48cc950d210f",
|
||
|
"value": "http://youtoolgrabeertorse.org/af/TrfHn4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281493-a0b4-442d-8d58-409c950d210f",
|
||
|
"value": "youtoolgrabeertorse.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59281495-7340-4d49-b253-48d1950d210f",
|
||
|
"value": "http://dorobratiohdtyszxwk.com/a5/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804752",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59281496-7040-40fa-8e43-4eb5950d210f",
|
||
|
"value": "dorobratiohdtyszxwk.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "dorobratiohdtyszxwk.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495806380",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59281497-6810-44b9-bcb2-492b950d210f",
|
||
|
"value": "34.225.214.20"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804782",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59282b6e-5a14-46b0-9569-4a0302de0b81",
|
||
|
"value": "2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804782",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59282b6e-e194-42d5-8536-433302de0b81",
|
||
|
"value": "27f095ac614baa7db8bcd1f5737cdefd8b0bb1ad"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: fc8c82354bbc40f2662d577863c6b20f",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804783",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59282b6f-8ff8-43ed-bb33-411202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569/analysis/1495782707/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804783",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59282b6f-044c-47c0-b2fe-4bfc02de0b81",
|
||
|
"value": "ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804784",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59282b70-5fd4-4cae-bdc9-4cce02de0b81",
|
||
|
"value": "09fcafdc65429b55087227f8942e787e10e1b73c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: 9585bc2d5d63b189bf8455d2e05cfb5e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1495804784",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59282b70-91c4-446f-92de-47e802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd/analysis/1495772587/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|