421 lines
13 KiB
JSON
421 lines
13 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "0",
|
||
|
"date": "2016-10-17",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Spam week 43 (mule acquisition) - probably related to Locky resources",
|
||
|
"publish_timestamp": "1477059467",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1477059258",
|
||
|
"uuid": "58046227-00a0-47fb-a125-c025950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682389",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58046295-dae4-43f8-9802-4fb9950d210f",
|
||
|
"value": "http://bdgtest.bluedoor.com.cn/discuz/myfolder/nkrisl2/par/cg-bn/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682390",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "58046296-9cf8-41df-9bd1-4041950d210f",
|
||
|
"value": "bdgtest.bluedoor.com.cn"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682390",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "58046296-fcec-43d4-bfd4-4543950d210f",
|
||
|
"value": "121.46.0.100"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682391",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58046297-43f4-45ea-8fb1-4069950d210f",
|
||
|
"value": "http://benavent.cat/accionsenegal/wp-content/uploads/2016/09/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682392",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "58046298-8d08-44a4-bc99-4585950d210f",
|
||
|
"value": "benavent.cat"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682393",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "58046299-04d0-4911-994a-429a950d210f",
|
||
|
"value": "160.153.73.137"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682393",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58046299-e90c-4f3f-8ea6-45a0950d210f",
|
||
|
"value": "http://bestedates.com/wp-content/plugins/woocommerce/templates/checkout/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682394",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5804629a-cb54-4fe8-bf42-4fa0950d210f",
|
||
|
"value": "bestedates.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682394",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5804629a-bfe4-4102-b42d-4154950d210f",
|
||
|
"value": "160.153.162.16"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682395",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5804629b-af28-4df7-b562-485c950d210f",
|
||
|
"value": "http://canaryislands.website/media/editors/codemirror/mode/ttcn-cfg/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682396",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "5804629c-af78-4ace-92c0-4edf950d210f",
|
||
|
"value": "canaryislands.website"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476682396",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5804629c-9538-4c0b-bc11-4607950d210f",
|
||
|
"value": "160.153.16.30"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476804966",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58064166-63f8-4728-bcbf-bd57950d210f",
|
||
|
"value": "http://bbwsa.com/templates/beez3/html/com_content/article/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476804966",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "58064166-dfdc-4cb4-855a-bd57950d210f",
|
||
|
"value": "bbwsa.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476804966",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "58064166-de0c-470d-b7c0-bd57950d210f",
|
||
|
"value": "50.23.93.227"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476807444",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "58064b14-19dc-4426-8ee8-b516950d210f",
|
||
|
"value": "http://billfoundation.org/wp-includes/js/tinymce/plugins/wptextpattern/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476807445",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "58064b15-e7c4-415e-9edd-b516950d210f",
|
||
|
"value": "billfoundation.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476807445",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "58064b15-d08c-4b11-b655-b516950d210f",
|
||
|
"value": "52.202.112.204"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476887229",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580782bd-335c-464f-b96a-442f950d210f",
|
||
|
"value": "http://belevtsev.net/media/plugin_googlemap3/site/moodalbox/img/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476887230",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "580782be-7dac-42b7-983e-4ada950d210f",
|
||
|
"value": "belevtsev.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1476887230",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580782be-9dc0-4dde-9257-475f950d210f",
|
||
|
"value": "195.208.1.164"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059255",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580a22b7-d324-4933-91ea-41a9950d210f",
|
||
|
"value": "http://faithfulwebhosting.com/wp-content/themes/Divi/epanel/shortcodes/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059255",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "580a22b7-f8c0-4c6d-b969-4fba950d210f",
|
||
|
"value": "faithfulwebhosting.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059255",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580a22b7-a07c-460b-9e1a-40b9950d210f",
|
||
|
"value": "199.116.255.248"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059255",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580a22b7-4578-4772-9502-4b3d950d210f",
|
||
|
"value": "http://fazzini.missionline.org/newsletter/admin/FCKeditor/editor/skins/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059256",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "580a22b8-5228-4e35-9f52-4e2a950d210f",
|
||
|
"value": "fazzini.missionline.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059256",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580a22b8-fe78-4b32-8104-476f950d210f",
|
||
|
"value": "93.62.255.201"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059256",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580a22b8-409c-483c-8d48-4e72950d210f",
|
||
|
"value": "http://feeltohealfitness.com/wp-content/themes/CelebrityMag/images/socialicons/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059256",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "580a22b8-6d90-4e3c-8f76-452a950d210f",
|
||
|
"value": "feeltohealfitness.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059256",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580a22b8-c1a8-42ba-8fa4-430f950d210f",
|
||
|
"value": "50.63.100.1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059257",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580a22b9-9484-4a1f-a89a-4e00950d210f",
|
||
|
"value": "http://festiv-bras.com/wp-includes/js/tinymce/plugins/wpembed/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059257",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "580a22b9-2f50-4225-95df-42c9950d210f",
|
||
|
"value": "festiv-bras.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059257",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580a22b9-9680-4aa6-a594-467b950d210f",
|
||
|
"value": "149.202.56.129"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059257",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "580a22b9-c044-4f4f-ab66-4934950d210f",
|
||
|
"value": "http://getdeone.com/wp-content/uploads/2016/08/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059258",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "580a22ba-7970-4132-9668-47c8950d210f",
|
||
|
"value": "getdeone.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "compromised resource",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1477059258",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "580a22ba-0ee8-4d45-b64a-4ad1950d210f",
|
||
|
"value": "104.238.124.62"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|