260 lines
7.6 KiB
JSON
260 lines
7.6 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2016-09-30",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Malspam 2016-09-30 (.wsf in .zip) - campaign: \"Parcel details\"",
|
||
|
"publish_timestamp": "1475243463",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1475243441",
|
||
|
"uuid": "57ee6d8c-0650-4c8a-9dfa-4f31950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b7500",
|
||
|
"name": "circl:incident-classification=\"malware\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243437",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dad-290c-4123-8016-4cea950d210f",
|
||
|
"value": "103.6.196.150"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243437",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dad-a9d4-4132-a115-48e9950d210f",
|
||
|
"value": "107.180.50.231"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243437",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dad-5aac-461c-802c-477d950d210f",
|
||
|
"value": "190.147.38.2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243438",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dae-9d28-44cc-9830-4145950d210f",
|
||
|
"value": "23.254.128.73"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243438",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dae-59b4-476d-8846-4e81950d210f",
|
||
|
"value": "31.210.120.156"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243438",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dae-a418-4f7e-8fdd-4164950d210f",
|
||
|
"value": "66.117.4.26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243438",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "57ee6dae-5318-4955-ad4d-4526950d210f",
|
||
|
"value": "85.9.63.225"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243438",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6dae-79b0-42c8-aa35-4fad950d210f",
|
||
|
"value": "drugvacoa.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243439",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6daf-bf6c-4433-9dd7-44bd950d210f",
|
||
|
"value": "greenshootmedia.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243439",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6daf-9788-4ce7-b4fd-469c950d210f",
|
||
|
"value": "http://drugvacoa.net/6n00x"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243439",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6daf-bac4-40a2-8029-405f950d210f",
|
||
|
"value": "http://greenshootmedia.com/w1zanty"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243439",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6daf-07e0-4e9b-9757-4264950d210f",
|
||
|
"value": "http://lust-vodka.com/fom7aof"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243439",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6daf-1d54-4a2a-aaa8-4dc2950d210f",
|
||
|
"value": "http://puchipuchivirus.com/vvkqo7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243440",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6db0-4814-4305-b92b-4530950d210f",
|
||
|
"value": "http://resboiu.ro/fpcmb"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243440",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6db0-4000-4f2f-b351-4f04950d210f",
|
||
|
"value": "http://room8008.com/g44ntci1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243440",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "57ee6db0-7d7c-4a67-a70e-449e950d210f",
|
||
|
"value": "http://unityquire.com/1nloic"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243440",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6db0-a2c4-4fdf-a57a-419f950d210f",
|
||
|
"value": "lust-vodka.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243441",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6db1-8edc-4932-8b75-4740950d210f",
|
||
|
"value": "puchipuchivirus.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243441",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6db1-a7f0-4039-881f-4c90950d210f",
|
||
|
"value": "resboiu.ro"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243441",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6db1-bca4-4371-b87b-4421950d210f",
|
||
|
"value": "room8008.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download location",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1475243441",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "57ee6db1-78f4-4ec2-97cc-4090950d210f",
|
||
|
"value": "unityquire.com"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|