2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "1",
|
|
|
|
"date": "2017-05-26",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "Jaff 2017-05-26 : \"Scanned Image from a Xerox WorkCentre\" - \"Scan_0012_123456789.zip\"",
|
|
|
|
"publish_timestamp": "1495806528",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1495806520",
|
|
|
|
"uuid": "59282a08-aec8-49e7-932a-45d3950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#006c6c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:ransomware=\"Jaff\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "59282a09-7dd4-445a-8555-424c950d210f",
|
|
|
|
"value": "aace687d16706b05aa49c9b7fff7572b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "59282a0a-8e08-4872-8704-432f950d210f",
|
|
|
|
"value": "6708cc80916e838a9bbed09c91854230"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a0c-47ac-4f58-8de7-4959950d210f",
|
|
|
|
"value": "http://better57toiuydof.net/af/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a0c-dd14-493a-9bc5-4688950d210f",
|
|
|
|
"value": "better57toiuydof.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "better57toiuydof.net",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"value": "46.173.218.111"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a0e-9188-4a06-a98e-411e950d210f",
|
|
|
|
"value": "http://dsopro.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a0f-397c-4b05-9075-4c44950d210f",
|
|
|
|
"value": "dsopro.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "dsopro.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"value": "35.166.221.246"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a11-9070-49ce-ab6e-41d0950d210f",
|
|
|
|
"value": "http://easy2.cn/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a12-5f2c-4b10-9048-412e950d210f",
|
|
|
|
"value": "easy2.cn"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "easy2.cn",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"value": "47.89.53.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a14-4a64-41ae-b3e7-487f950d210f",
|
|
|
|
"value": "http://eisenerzgrube.de/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a15-ab14-494b-9a05-4913950d210f",
|
|
|
|
"value": "eisenerzgrube.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "eisenerzgrube.de",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"value": "81.169.145.88"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a16-f19c-4485-84b1-4640950d210f",
|
|
|
|
"value": "http://eselink.com.my/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a17-5e20-4228-b43a-4b19950d210f",
|
|
|
|
"value": "eselink.com.my"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "eselink.com.my",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"value": "124.150.140.96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a1a-46bc-48cd-bb32-456f950d210f",
|
|
|
|
"value": "http://e-snhv.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a1b-6340-4af5-8646-4267950d210f",
|
|
|
|
"value": "e-snhv.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "e-snhv.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"value": "61.106.62.37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a1e-60d8-4eee-a1ee-4450950d210f",
|
|
|
|
"value": "http://fabriquekorea.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a1f-4b1c-464a-b80f-47f2950d210f",
|
|
|
|
"value": "fabriquekorea.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "fabriquekorea.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"value": "211.174.62.52"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a21-d7e4-4524-bacb-4382950d210f",
|
|
|
|
"value": "http://jinqiaonkyy.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a22-6a4c-4b4e-ae98-484c950d210f",
|
|
|
|
"value": "jinqiaonkyy.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "jinqiaonkyy.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"value": "162.251.21.215"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a24-d2bc-49c5-8def-4aed950d210f",
|
|
|
|
"value": "http://orhangazitur.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a25-6ddc-47b1-a5b8-4a28950d210f",
|
|
|
|
"value": "orhangazitur.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "orhangazitur.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"value": "109.232.220.235"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a27-facc-4a43-b42b-4bc8950d210f",
|
|
|
|
"value": "http://paradigmenergycorp.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a27-a8b4-4fab-860b-46b0950d210f",
|
|
|
|
"value": "paradigmenergycorp.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "paradigmenergycorp.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"value": "107.180.40.126"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a29-77e8-4a70-b084-466d950d210f",
|
|
|
|
"value": "http://poltec.com.au/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a2a-e55c-47f4-9044-452f950d210f",
|
|
|
|
"value": "poltec.com.au"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "poltec.com.au",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"value": "27.54.86.236"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a2c-34d8-4d9a-b750-4340950d210f",
|
|
|
|
"value": "http://praktikum-marketing.de/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a2d-794c-4cc5-ab19-493a950d210f",
|
|
|
|
"value": "praktikum-marketing.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "praktikum-marketing.de",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"value": "76.74.235.244"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a30-7b88-40a9-8fa9-47d2950d210f",
|
|
|
|
"value": "http://pw-shop.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a31-0e64-4e00-a9bc-4f7d950d210f",
|
|
|
|
"value": "pw-shop.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "pw-shop.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"value": "93.170.136.50"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a32-36cc-4b99-86d2-4a15950d210f",
|
|
|
|
"value": "http://tasfirin-ustasi.net/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a33-b888-4322-a661-49b3950d210f",
|
|
|
|
"value": "tasfirin-ustasi.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "tasfirin-ustasi.net",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"value": "95.173.189.38"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a35-9d84-4cbd-97f0-4add950d210f",
|
|
|
|
"value": "http://thanprints.com/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a35-16a0-4f69-afcd-4c5a950d210f",
|
|
|
|
"value": "thanprints.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "thanprints.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"value": "61.19.251.181"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a38-da10-4718-b142-4035950d210f",
|
|
|
|
"value": "http://trade-unite.ru/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a39-61cc-4a85-a560-4331950d210f",
|
|
|
|
"value": "trade-unite.ru"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "trade-unite.ru",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"value": "80.78.245.178"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a3b-5c34-492a-accc-4c3f950d210f",
|
|
|
|
"value": "http://vigs.mx/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a3c-7528-4b92-bd56-41f4950d210f",
|
|
|
|
"value": "vigs.mx"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "vigs.mx",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"value": "192.185.48.180"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a3f-1ae4-4fcf-bf7f-498f950d210f",
|
|
|
|
"value": "http://www.buchenried.de/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a40-0b8c-4a97-b149-4a7f950d210f",
|
|
|
|
"value": "www.buchenried.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a41-e010-49b9-8b50-4495950d210f",
|
|
|
|
"value": "http://youtoolgrabeertorse.org/af/6gfh33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a41-6fec-4ac0-a04b-4178950d210f",
|
|
|
|
"value": "youtoolgrabeertorse.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59282a47-d4c4-4c25-b0a4-4723950d210f",
|
|
|
|
"value": "http://comboratiogferrdto.com/a5/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805631",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59282a47-a674-4fc4-a581-4d5d950d210f",
|
|
|
|
"value": "comboratiogferrdto.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "comboratiogferrdto.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495806480",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"value": "46.173.218.145"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805657",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "59282ed9-3cd8-4a48-b42a-406002de0b81",
|
|
|
|
"value": "375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805657",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "59282ed9-ad38-4ac8-ae12-46e502de0b81",
|
|
|
|
"value": "d4b86429537c3b1d9e15e96a965166fc053efbd0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805657",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59282eda-d98c-43d0-8c94-442002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f/analysis/1495799038/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805658",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "59282eda-fca4-4b2b-8583-444f02de0b81",
|
|
|
|
"value": "68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805658",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "59282eda-05ac-46fe-882e-4c1202de0b81",
|
|
|
|
"value": "124e4c77e52026c2de1a88be302c00a6db4f936b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1495805659",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59282edb-5dbc-4c23-9c2d-4fbd02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807/analysis/1495798709/"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|