2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-12-14 14:30:15 +00:00
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2016-08-18",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT Domains and IPs involved in JS ransomware delivered through email by burberry on AlienVault OTX",
|
|
|
|
"publish_timestamp": "1471529375",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1471529300",
|
|
|
|
"uuid": "57b5c11a-d2a0-455f-b409-4851950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2024-04-05 12:15:17 +00:00
|
|
|
"local": false,
|
2023-12-14 14:30:15 +00:00
|
|
|
"name": "OSINT",
|
|
|
|
"relationship_type": ""
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529276",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "57b5c13c-1a74-4661-9e19-4231950d210f",
|
|
|
|
"value": "https://otx.alienvault.com/pulse/57b5abbb89ca9f013545f833/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529276",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "57b5c13c-a658-4255-a582-4971950d210f",
|
|
|
|
"value": "https://virustotal.com/en/file/24f0ab28644c0b15b139ecd57afa87b03f88262a95aa4d48fb149ab53c17b998/analysis/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529299",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57b5c153-b1a0-4899-910c-4ad8950d210f",
|
|
|
|
"value": "oneviewcontrols.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529299",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57b5c153-a8e0-4f22-a09f-4c9b950d210f",
|
|
|
|
"value": "kianebime.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529300",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57b5c154-6100-4af9-845a-4285950d210f",
|
|
|
|
"value": "nedvigymost.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529300",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "domain",
|
|
|
|
"uuid": "57b5c154-61d0-43de-9b72-4b9a950d210f",
|
|
|
|
"value": "coonectio.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529300",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "57b5c154-3714-4920-b69a-43ba950d210f",
|
|
|
|
"value": "igniatest.azurewebsites.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1471529300",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-src",
|
|
|
|
"uuid": "57b5c154-6b1c-4f4f-9be5-45d0950d210f",
|
|
|
|
"value": "178.157.0.35"
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
2023-12-14 14:30:15 +00:00
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|