931 lines
29 KiB
JSON
931 lines
29 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2015-05-31",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT 'Paying-Days' CryptoWall 3.0 Campaign via Magnitude EK report by malwarefor.me",
|
||
|
"publish_timestamp": "1433232369",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1433231822",
|
||
|
"uuid": "556d5db3-e464-477f-96de-adf2950d210b",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "Original post",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231696",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d5ed7-b2b0-46c5-b31d-a0e9950d210b",
|
||
|
"value": "http://malwarefor.me/paying-days-cryptowall-3-0-campaign-via-magnitude-ek/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d5fab-035c-4891-906c-a71c950d210b",
|
||
|
"value": "31.3.242.0/19"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d5fab-8e6c-4682-95d2-a71c950d210b",
|
||
|
"value": "217.172.189.0/24"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d5fab-be34-46a5-9e39-a71c950d210b",
|
||
|
"value": "95.215.60.0/22"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d5fab-15a8-421d-bec7-a71c950d210b",
|
||
|
"value": "136.243.241.21"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6002-7230-4a3f-b79d-ae06950d210b",
|
||
|
"value": "31.3.242.103"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6002-3608-4524-b910-ae06950d210b",
|
||
|
"value": "payingdays.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6003-c79c-40a9-b4f8-ae06950d210b",
|
||
|
"value": "31.3.242.101"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6003-8f2c-4890-b60c-ae06950d210b",
|
||
|
"value": "payingdays.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6003-2fc8-4b97-b2e9-ae06950d210b",
|
||
|
"value": "payingdays.me"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6003-60f0-4df4-97a0-ae06950d210b",
|
||
|
"value": "31.3.242.100"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6003-3600-4228-801c-ae06950d210b",
|
||
|
"value": "payingday.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6003-f2fc-4c04-a5ba-ae06950d210b",
|
||
|
"value": "payingday.biz"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6003-2058-4f8c-a896-ae06950d210b",
|
||
|
"value": "31.3.242.106"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6004-c314-4ddd-afac-ae06950d210b",
|
||
|
"value": "paying-days.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6004-85f8-4e74-8a1b-ae06950d210b",
|
||
|
"value": "paying-days.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231412",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d6034-d3f8-432f-b5c7-c95d950d210b",
|
||
|
"value": "https://www.dropbox.com/s/27ux5o4wblh896e/2015-04-03-paying-days-net.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231412",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d6034-fa34-4dfe-914f-c95d950d210b",
|
||
|
"value": "https://www.dropbox.com/s/6ydlxsly0v9i0w7/2015-04-03-paying-days-net-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231412",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d6034-d12c-41fe-878c-c95d950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/b6d333814ce4792ca01be3be5ef6d83864c584a003da4e1ed14d310f45794e5f/analysis/1433112993/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231412",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d6034-ef50-4a3d-901b-c95d950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/11c64ffa432ae10650f8661bc9a3e0b5e18f93539faa5f24e79fc217f7248d29/analysis/1433113002/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d605f-4b04-402f-b71b-c95e950d210b",
|
||
|
"value": "217.172.189.239"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d605f-bf7c-4acc-ac62-c95e950d210b",
|
||
|
"value": "6e552d8.7f2.fe.477fc.58.d6.c8.6e6c.df3.7b.aiqk05syj176.monthsacts.pw"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d605f-ce88-4587-b93d-c95e950d210b",
|
||
|
"value": "188.165.164.184"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d605f-ed10-414b-a44a-c95e950d210b",
|
||
|
"value": "ip-addr.es"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d605f-65c8-4a7e-9cc8-c95e950d210b",
|
||
|
"value": "85.92.144.16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d605f-71ec-4a18-837c-c95e950d210b",
|
||
|
"value": "sloeponline.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6060-0e18-4006-911e-c95e950d210b",
|
||
|
"value": "150.107.31.55"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6060-2178-408b-9126-c95e950d210b",
|
||
|
"value": "chonburipalms.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6060-aa10-450c-b653-c95e950d210b",
|
||
|
"value": "49.50.8.213"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6060-b980-4809-a056-c95e950d210b",
|
||
|
"value": "hicoop.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6060-3550-42dc-aa8b-c95e950d210b",
|
||
|
"value": "103.31.233.237"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6060-0704-44e1-9514-c95e950d210b",
|
||
|
"value": "katadata.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d6060-e58c-45e8-8c76-c95e950d210b",
|
||
|
"value": "46.242.145.92"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d6060-3958-4f92-b967-c95e950d210b",
|
||
|
"value": "uaru.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231521",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60a1-1f18-4ff4-8575-adf1950d210b",
|
||
|
"value": "https://www.dropbox.com/s/lah20ol4wtf1i4s/2015-04-02-paying-days-com.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231521",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60a1-c66c-474c-a7c5-adf1950d210b",
|
||
|
"value": "https://www.dropbox.com/s/e4wirq0yxrztd46/2015-04-02-paying-days-com-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231522",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60a2-1944-4137-93d3-adf1950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/9467156ef5d22e2620e0d643f36213e1d5e53d77e5c23cb8287a77617e5118d7/analysis/1433112868/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231522",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60a2-8c34-4245-a0b0-adf1950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/1a509c2cc4f993cc44c93e4a6e5cffc7e6211db1f38a2e09a8327a425e9f644b/analysis/1433112877/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231580",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60dc-e568-401e-91ce-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/u5kdpoqiregzo6m/2015-03-21-payingday-biz.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231580",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60dc-3724-4f74-88c7-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/h2fvwzu43me3ieo/2015-03-21-payingday-biz-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231580",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60dc-ef1c-4c28-a40c-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/0b8e15124cb0365e16e837f76a6640fe1417e59d89d95c4a4438caed432dd280/analysis/1433112756/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231580",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d60dc-f07c-4baf-8458-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/db5cbba38280afd4485def523de91cd324b070485fd28f90c2e69090b6bc7460/analysis/1433112766/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231676",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613c-5fdc-4ece-9e13-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/wvjq6sy6es1uklq/2015-03-10-payingday-net.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-455c-4da7-9a85-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/accjal4opyc8hgb/2015-03-10-payingday-net-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-2c98-4193-bc25-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/64913180a734e0127611104941f24cd2e454d80eca0c993a57287687e432bd18/analysis/1433112466/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-875c-4bf7-a19f-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/461c6f76b9f9a4804558559b0207aef96e0cd6faaaa1aeb51ec6031524809e3d/analysis/1433112475/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-c820-45fb-a6b7-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/w4akuoibm8h22nk/2015-03-06-payingdays-me.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-658c-446f-a083-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/qqx4d7k1se6v3fu/2015-03-06-payingdays-me-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-5854-4782-82c7-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/31a82064ac010cbd7ec75d02a8925df5a3351dea066a973ed480f47f0d843673/analysis/1433112355/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-6aa4-4d5b-8be4-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/11d111ea0068865d6b29b0952592dc36a3061878f9bcfa11512c3f7c8a7d8910/analysis/1433112352/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231677",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613d-f170-43e7-9080-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/ti2i9w95dqm3fj5/2015-03-05-payingdays-net.pcap?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231678",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613e-b63c-4623-86d3-ae06950d210b",
|
||
|
"value": "https://www.dropbox.com/s/xwrxr0kbs05ku3j/2015-03-05-payingdays-net-malware-exploits.zip?dl=0"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231678",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613e-7534-401b-b2da-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/c17cc9c8cde83f2e8eca8c150dbb53bf3c21ea2f6f8d52fc3106a0d27ee54387/analysis/1433111134/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231678",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613e-56b8-4056-8569-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/9075693563391ceb6625607066c72c520b8c692fd5381555fadffbe783a672c0/analysis/1433111146/"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231678",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "556d613e-cc40-4677-bb57-ae06950d210b",
|
||
|
"value": "https://www.virustotal.com/en/file/1a1354dfa543dc52472656891cd100e61f1a4e3cb1b6f9ed224286372182522c/analysis/1433111177/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61ca-b484-4678-aca0-c95a950d210b",
|
||
|
"value": "95.215.60.68"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61ca-1da8-4bea-bf45-c95a950d210b",
|
||
|
"value": "ff.9e155ed.25ed.710.9683e.0b.ffe5d93.b6.ze46v5aetp.comparingcup.in"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cb-4d2c-42dd-a3a4-c95a950d210b",
|
||
|
"value": "37.221.161.69"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cb-3374-45a9-89a8-c95a950d210b",
|
||
|
"value": "filemade.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cb-ebd4-49f6-8842-c95a950d210b",
|
||
|
"value": "217.23.6.131"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61cb-c86c-43eb-ba76-c95a950d210b",
|
||
|
"value": "report.93u79i1793qgm31ws3e.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cb-f65c-4b06-989f-c95a950d210b",
|
||
|
"value": "94.242.253.106"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61cb-0180-4492-bfba-c95a950d210b",
|
||
|
"value": "update2.ott3m4lh7.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cc-58d0-4227-8908-c95a950d210b",
|
||
|
"value": "95.215.60.69"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61cc-6e78-4bcc-ace1-c95a950d210b",
|
||
|
"value": "3db1488.e9fa7.a0.23.d726.4909e.99.494a.4.ccgxn328.callheads.in"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cc-d48c-4365-8bad-c95a950d210b",
|
||
|
"value": "150.107.31.61"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cc-63e8-4c3e-8458-c95a950d210b",
|
||
|
"value": "azquasoft.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cc-b598-49bb-97d2-c95a950d210b",
|
||
|
"value": "95.215.60.75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61cc-92c8-4d53-8241-c95a950d210b",
|
||
|
"value": "8c521.8a03680.af2411.c3788c.eb8eba8.c.e5rxa5b3.linesadded.in"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231820",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cc-b3ac-471a-a920-c95a950d210b",
|
||
|
"value": "66.147.242.171"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cc-f698-4e88-9566-c95a950d210b",
|
||
|
"value": "judora-ng.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231821",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cd-d3ec-4636-8d5c-c95a950d210b",
|
||
|
"value": "217.195.198.180"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cd-de60-48cf-85c1-c95a950d210b",
|
||
|
"value": "tryea.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231821",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cd-26a8-4cb3-a5ba-c95a950d210b",
|
||
|
"value": "27.254.81.96"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cd-b0b0-4952-a0c2-c95a950d210b",
|
||
|
"value": "aseanian.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61cd-3ebc-455e-a535-c95a950d210b",
|
||
|
"value": "a10.04854f.a9d.01d9.74ecbb.fbc.2883.f52.j77ea490.inchstraining.in"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231821",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61cd-11a0-4b3b-8706-c95a950d210b",
|
||
|
"value": "182.92.74.222"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "556d61cd-b01c-449c-ba7b-c95a950d210b",
|
||
|
"value": "geiliyou.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231822",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61ce-6a4c-4aef-9e4d-c95a950d210b",
|
||
|
"value": "217.172.189.238"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": false,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61ce-5d28-4d1e-b280-c95a950d210b",
|
||
|
"value": "23bc.f1e.8198117.4140.640.e6.1c836.aa5a.y4p52s21bnb.adoptsmaterial.pw"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "Imported via the freetext import.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231822",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "556d61ce-0130-4c17-ae26-c95a950d210b",
|
||
|
"value": "64.34.157.174"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1433231996",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "556d61ce-e288-47bf-b413-c95a950d210b",
|
||
|
"value": "alimco.com.co"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|