{ "Event": { "analysis": "2", "date": "2014-10-27", "extends_uuid": "", "info": "OSINT ScanBox framework \u00e2\u20ac\u201c who\u00e2\u20ac\u2122s affected, and who\u00e2\u20ac\u2122s using it? by PWC", "publish_timestamp": "1456151044", "published": true, "threat_level_id": "2", "timestamp": "1416347276", "uuid": "546bba61-69d0-4c0e-8066-4942950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#33FF00", "local": false, "name": "tlp:green", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346219", "to_ids": false, "type": "link", "uuid": "546bba6b-9a8c-4bf5-89d1-f2ea950d210b", "value": "http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346230", "to_ids": false, "type": "text", "uuid": "546bba76-3cc8-4b33-9dfe-4606950d210b", "value": "Scanbox" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346430", "to_ids": true, "type": "hostname", "uuid": "546bbb3e-4368-4df5-9ac8-c1e7950d210b", "value": "js.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346430", "to_ids": true, "type": "hostname", "uuid": "546bbb3e-8954-4180-949f-c1e7950d210b", "value": "code.googlecaches.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346430", "to_ids": true, "type": "hostname", "uuid": "546bbb3e-ce9c-4de3-b97a-c1e7950d210b", "value": "news.foundationssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346430", "to_ids": true, "type": "hostname", "uuid": "546bbb3e-ee6c-4306-a2fa-c1e7950d210b", "value": "qoog1e.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-7f98-47cd-bd6f-f2ea950d210b", "value": "103.246.247.246" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-432c-4bf0-9de9-f2ea950d210b", "value": "103.255.61.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-20c4-4db3-80c2-f2ea950d210b", "value": "103.255.61.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-7060-4d50-a1c3-f2ea950d210b", "value": "113.10.201.124" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-0054-49a2-b302-f2ea950d210b", "value": "118.193.153.201" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-3404-4f9a-9be1-f2ea950d210b", "value": "122.10.10.210" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-6ad4-4729-bc19-f2ea950d210b", "value": "122.10.9.109" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-8698-46a1-ad1d-f2ea950d210b", "value": "123.108.111.209" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-4268-4365-a097-f2ea950d210b", "value": "176.53.22.143" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-bccc-4495-9216-f2ea950d210b", "value": "180.210.206.225" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-dc2c-43ea-9eed-f2ea950d210b", "value": "184.22.163.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-ec50-4d76-8c49-f2ea950d210b", "value": "184.82.123.222" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-0e94-478d-94c4-f2ea950d210b", "value": "184.82.46.5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346820", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc4-3ccc-4472-992d-f2ea950d210b", "value": "192.161.61.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-e058-44ce-935f-f2ea950d210b", "value": "198.96.92.108" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-7f6c-4d20-8dd0-f2ea950d210b", "value": "204.152.198.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-ad04-44ff-b103-f2ea950d210b", "value": "210.0.176.21" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-57ec-447c-b898-f2ea950d210b", "value": "210.0.176.23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-ac40-409f-871d-f2ea950d210b", "value": "210.209.127.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-fe4c-46e5-90eb-f2ea950d210b", "value": "210.209.127.32" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-2270-4453-972e-f2ea950d210b", "value": "210.209.127.39" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-48b0-430f-b8ae-f2ea950d210b", "value": "210.209.127.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-2f78-4bbe-b20f-f2ea950d210b", "value": "210.209.86.145" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-9a3c-45ce-8c7a-f2ea950d210b", "value": "58.96.172.209" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-4a1c-4230-8080-f2ea950d210b", "value": "66.197.231.62" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-3968-4998-a10e-f2ea950d210b", "value": "69.197.146.80" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-0054-4e5b-b4e9-f2ea950d210b", "value": "69.197.183.142" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-e040-4cb5-b7b9-f2ea950d210b", "value": "69.197.183.152" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-c16c-4b4a-9c65-f2ea950d210b", "value": "69.197.183.159" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346821", "to_ids": true, "type": "ip-dst", "uuid": "546bbcc5-631c-4c8b-9b12-f2ea950d210b", "value": "69.197.183.189" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346850", "to_ids": false, "type": "comment", "uuid": "546bbce2-d558-4d16-936a-40b5950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346870", "to_ids": true, "type": "md5", "uuid": "546bbcf6-4424-45e3-8311-c1e7950d210b", "value": "ef498ea09bf51b002fc7eb3dfd0d19d3" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346870", "to_ids": true, "type": "md5", "uuid": "546bbcf6-c62c-4f4e-ba03-c1e7950d210b", "value": "409ae279d7c44b11156318848ddb4a3f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346870", "to_ids": true, "type": "md5", "uuid": "546bbcf6-fc9c-41ae-a644-c1e7950d210b", "value": "9cf5523da799277a4d40881199eb8325" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346870", "to_ids": true, "type": "md5", "uuid": "546bbcf7-ef90-4599-83e3-c1e7950d210b", "value": "9d1f8822b92ad3224db1c9ec89b529ca" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346871", "to_ids": true, "type": "md5", "uuid": "546bbcf7-5688-4d06-a32a-c1e7950d210b", "value": "be3a3daa7d0d11df2380d3401696624a" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-8f78-4624-94a5-4549950d210b", "value": "james_boodle@yahoo.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-a0c8-4f0f-8907-4b0e950d210b", "value": "li2384826402@yahoo.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-acc4-48dd-9b77-4d9a950d210b", "value": "networkedu@hotmail.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b", "value": "qinyz001@163.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-ccb0-4125-934c-4d79950d210b", "value": "some.trouble@yahoo.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-f8f8-4b00-9d87-4fb6950d210b", "value": "wangsongxu@gmail.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-1e74-4c4e-9270-438a950d210b", "value": "xingyadi2008@gmail.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416346958", "to_ids": false, "type": "text", "uuid": "546bbd4e-11f0-4f71-8e09-484c950d210b", "value": "yuming@yinsibaohu.aliyun.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-cfe4-4981-a196-427b950d210b", "value": "9aaa.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-3350-4dcd-a976-4613950d210b", "value": "educationel.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-105c-45b3-8d3d-44f4950d210b", "value": "foundationssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-a580-4fc3-9500-40ab950d210b", "value": "googlecaches.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-77c8-4316-80b3-443f950d210b", "value": "googlewebcache.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-42c0-41ab-8658-4651950d210b", "value": "hudsononlinenews.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-cf38-4e46-b166-4361950d210b", "value": "lifewalden.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdd9-09e8-441e-8ce3-43ca950d210b", "value": "mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347097", "to_ids": true, "type": "domain", "uuid": "546bbdda-39c8-4b05-82f6-4974950d210b", "value": "msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347098", "to_ids": true, "type": "domain", "uuid": "546bbdda-3ce8-4279-a9d8-4c0b950d210b", "value": "outlookssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347098", "to_ids": true, "type": "domain", "uuid": "546bbdda-d4a4-43cd-a0d7-42b1950d210b", "value": "qoog1e.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347098", "to_ids": true, "type": "domain", "uuid": "546bbdda-7a08-4763-a01e-40e6950d210b", "value": "webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347098", "to_ids": true, "type": "domain", "uuid": "546bbdda-3610-4dca-ae68-482e950d210b", "value": "windowsautoupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347124", "to_ids": true, "type": "hostname", "uuid": "546bbdf4-7fd4-4468-8b42-48d8950d210b", "value": "blog.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347124", "to_ids": true, "type": "hostname", "uuid": "546bbdf4-58bc-4c7f-9c82-42cf950d210b", "value": "blog.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347124", "to_ids": true, "type": "hostname", "uuid": "546bbdf4-a8d4-41c5-9605-4022950d210b", "value": "blogs.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347124", "to_ids": true, "type": "hostname", "uuid": "546bbdf4-738c-4064-a280-4610950d210b", "value": "boxun.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347124", "to_ids": true, "type": "hostname", "uuid": "546bbdf4-78b8-4695-ba4b-46a3950d210b", "value": "ccac.dyndns-web.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-d00c-488f-9f54-488b950d210b", "value": "dns.symantec-sync.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-8da8-431a-8e6d-4cab950d210b", "value": "download.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-69b8-4be7-a1d7-4b7a950d210b", "value": "download.symantec-sync.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-4f44-4b35-8668-47b7950d210b", "value": "email.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-3e18-40da-814d-47c1950d210b", "value": "files.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-c948-4282-9089-4833950d210b", "value": "flash0day.4pu.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-25d0-487f-9cd1-4f32950d210b", "value": "flashplayer.proxydns.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-83fc-4077-a35d-4319950d210b", "value": "ftp.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-e768-4f05-ad93-4a80950d210b", "value": "googlebot1.dyndns-office.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-decc-4e66-a846-4887950d210b", "value": "googlebot5.dyndns-office.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-62d0-4e9f-8e06-45d9950d210b", "value": "image.googlecaches.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-93f4-440e-aeb1-4a9f950d210b", "value": "image.symantec-sync.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-36f4-4098-8327-4437950d210b", "value": "images.googlewebcache.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-9568-4717-8c9a-46b9950d210b", "value": "imap.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-c33c-4cc2-addd-4476950d210b", "value": "inbox.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347125", "to_ids": true, "type": "hostname", "uuid": "546bbdf5-6210-425a-87cc-4bc5950d210b", "value": "inbox.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-57a8-4218-bc08-4746950d210b", "value": "lenovocn.dyndns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-7190-4839-a303-4142950d210b", "value": "mail.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-d510-4776-bc3f-42c3950d210b", "value": "news.educationel.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-edb4-415a-be1b-45f3950d210b", "value": "news.googlecaches.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-e4ac-470f-85f8-4522950d210b", "value": "news.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-7df8-405b-a3a5-4b20950d210b", "value": "news.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-5c80-480d-a5e5-4de5950d210b", "value": "pop.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-60a4-4ec3-a5a9-4ea3950d210b", "value": "proxy.otzo.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-fff0-4482-8e4e-4aa8950d210b", "value": "remote.googlewebcache.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-0988-4b57-9817-409d950d210b", "value": "shared.images.googlewebcache.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-f7b4-40b1-bf9b-4f19950d210b", "value": "smtp.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-691c-414a-8a4a-4544950d210b", "value": "smtp.outlookssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-cc5c-4130-8069-4b57950d210b", "value": "smtp.windowsautoupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-9604-437e-b5a3-4c1a950d210b", "value": "socks5.proxydns.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-ad20-4d88-97b8-42ba950d210b", "value": "symantec-sync.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-ae10-4d34-b1b6-4f55950d210b", "value": "tem.dyndns.tv" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347126", "to_ids": true, "type": "hostname", "uuid": "546bbdf6-5de8-407d-89c7-4981950d210b", "value": "test.googlecaches.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-b6ec-4578-a13f-422d950d210b", "value": "update.windowsautoupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-906c-47dd-9451-4022950d210b", "value": "upload.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-73c4-489e-9934-4af3950d210b", "value": "vpn.foundationssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-e34c-4b8a-9f8b-46c7950d210b", "value": "vpn.ssl443.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-0b60-4dc1-9ad9-4f32950d210b", "value": "web.windowsautoupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-dc60-4584-ae1e-4e4e950d210b", "value": "www.educationel.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-e2f8-452a-920e-4de6950d210b", "value": "www.foundationssl.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-8a14-4832-bf9d-4568950d210b", "value": "www.hudsononlinenews.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-4424-4ef2-8734-45ba950d210b", "value": "www.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-fd88-4ffc-b261-484f950d210b", "value": "www.msdnblog.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-a440-4b39-89ae-4136950d210b", "value": "www.qoog1e.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-0cac-41d4-80b7-4dc7950d210b", "value": "www.webmailgoogle.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-bddc-4690-b3cd-435f950d210b", "value": "www.windowsautoupdate.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-8f14-46eb-8eb9-4ca2950d210b", "value": "yahoo.mailaunch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347127", "to_ids": true, "type": "hostname", "uuid": "546bbdf7-e5e4-4414-a817-45ad950d210b", "value": "zhfdc.dyndns.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347276", "to_ids": true, "type": "snort", "uuid": "546bbe8c-2b00-4cd0-b6b0-467c950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Plugin used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"=scanbox.info.\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347276", "to_ids": true, "type": "snort", "uuid": "546bbe8c-af58-4742-808c-435c950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Java Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"\\\"No Java or Disable\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347277", "to_ids": true, "type": "snort", "uuid": "546bbe8d-4bf4-4563-84f4-42a2950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework AV Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"avg2012check()\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347277", "to_ids": true, "type": "snort", "uuid": "546bbe8d-fbb8-4283-a2b7-4755950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework and legitimate websites Flash Detection\"; flow:from_server,established; file_data; content:\"var flash=function(){}\\;flash.prototype.controlVersion=function\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347277", "to_ids": true, "type": "snort", "uuid": "546bbe8d-a95c-47dc-a98c-4d6d950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Local IP Detection\"; flow:from_server,established; file_data; content:\"if (evt.candidate) grepSDP(evt.candidate.candidate)\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347277", "to_ids": true, "type": "snort", "uuid": "546bbe8d-4934-48e1-9f52-4b0d950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Javscript Keylogging\"; flow:from_server,established; file_data; content:\"CapsLock=currKey>=65&&currKey<=90\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1416347277", "to_ids": true, "type": "snort", "uuid": "546bbe8d-461c-4be5-9121-45ff950d210b", "value": "alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Navigator Plugin Detection\"; flow:from_server,established; file_data; content:\"navigator.plugins[x].filename.replace(/,/g,\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)" }, { "category": "External analysis", "comment": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)", "deleted": false, "disable_correlation": false, "timestamp": "1455834595", "to_ids": true, "type": "sha1", "uuid": "56c645e3-80e8-4b89-bbbf-599e950d210f", "value": "e8a8ffe39040fe36e95217b4e4f1316177d675ed" }, { "category": "External analysis", "comment": "Automatically added (via 9cf5523da799277a4d40881199eb8325)", "deleted": false, "disable_correlation": false, "timestamp": "1455834597", "to_ids": true, "type": "sha1", "uuid": "56c645e5-ed90-41b7-98dc-59a0950d210f", "value": "809959f390d5a49c8999ad6fff27fdc92ff1b2b0" }, { "category": "External analysis", "comment": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)", "deleted": false, "disable_correlation": false, "timestamp": "1455834599", "to_ids": true, "type": "sha1", "uuid": "56c645e7-596c-4636-bce9-59a3950d210f", "value": "f1890cc9d6dc84021426834063394539414f68d8" }, { "category": "External analysis", "comment": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)", "deleted": false, "disable_correlation": false, "timestamp": "1455834596", "to_ids": true, "type": "sha256", "uuid": "56c645e4-8bec-477d-805a-44b8950d210f", "value": "ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2" }, { "category": "External analysis", "comment": "Automatically added (via 9cf5523da799277a4d40881199eb8325)", "deleted": false, "disable_correlation": false, "timestamp": "1455834598", "to_ids": true, "type": "sha256", "uuid": "56c645e6-a24c-4f4c-912a-599f950d210f", "value": "4639c30b3666cb11b3927d5579790a88bff68e8137f18241f4693e0d4539c608" }, { "category": "External analysis", "comment": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)", "deleted": false, "disable_correlation": false, "timestamp": "1455834600", "to_ids": true, "type": "sha256", "uuid": "56c645e8-20e0-4063-8968-4832950d210f", "value": "3112420afeb829a575ba46512314c0fab2fc80870c153de35cde4d3140a2dd26" } ] } }