{ "Event": { "analysis": "2", "date": "2016-04-27", "extends_uuid": "", "info": "OSINT - Malware Campaign Using Google Docs Intercepted, Thousands of Users Affected", "publish_timestamp": "1461738802", "published": true, "threat_level_id": "3", "timestamp": "1461738768", "uuid": "57205b50-c19c-4411-ae0e-4414950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1461738351", "to_ids": false, "type": "link", "uuid": "57205b6f-c7b4-41ee-8106-4c9d950d210f", "value": "http://ddanchev.blogspot.com/2016/04/google-docs-malware-serving-campaign.htm" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)", "deleted": false, "disable_correlation": false, "timestamp": "1461738412", "to_ids": true, "type": "md5", "uuid": "57205bac-01ac-4e84-ae00-4fee950d210f", "value": "495f05d7ebca1022da2cdd1700aeac39" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)", "deleted": false, "disable_correlation": false, "timestamp": "1461738412", "to_ids": true, "type": "md5", "uuid": "57205bac-2254-455c-aa7c-471a950d210f", "value": "68abd8a3a8c18c59f638e50ab0c386a4" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)", "deleted": false, "disable_correlation": false, "timestamp": "1461738412", "to_ids": true, "type": "md5", "uuid": "57205bac-c15c-4a44-8959-4aa1950d210f", "value": "65b4bdba2d3b3e92b8b96d7d9ba7f88e" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)", "deleted": false, "disable_correlation": false, "timestamp": "1461738413", "to_ids": true, "type": "md5", "uuid": "57205bad-8330-433b-ab79-4f70950d210f", "value": "64b5c6b20e2d758a008812df99a5958e" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)", "deleted": false, "disable_correlation": false, "timestamp": "1461738413", "to_ids": true, "type": "md5", "uuid": "57205bad-daa0-4453-9005-4f2a950d210f", "value": "a0869b751e4a0bf27685f2f8677f9c62" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738455", "to_ids": true, "type": "url", "uuid": "57205bd7-ffec-455c-87b9-4073950d210f", "value": "http://smartoptionsinc.com" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738455", "to_ids": true, "type": "ip-dst", "uuid": "57205bd7-cc08-4eed-aa4a-4576950d210f", "value": "216.70.228.110" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738456", "to_ids": true, "type": "url", "uuid": "57205bd8-0054-484f-8d00-4b6a950d210f", "value": "http://ppc.cba.pl" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738456", "to_ids": true, "type": "ip-dst", "uuid": "57205bd8-0524-47ca-b34d-44ba950d210f", "value": "95.211.80.4" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738456", "to_ids": true, "type": "url", "uuid": "57205bd8-8554-4dc0-a3c6-4347950d210f", "value": "http://apps.identrust.com" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738457", "to_ids": true, "type": "ip-dst", "uuid": "57205bd9-5b08-421f-8063-4972950d210f", "value": "192.35.177.64" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738457", "to_ids": true, "type": "url", "uuid": "57205bd9-d1b4-4bbe-a480-468f950d210f", "value": "http://cargol.cat" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738458", "to_ids": true, "type": "ip-dst", "uuid": "57205bda-46ec-49bb-96c1-462c950d210f", "value": "217.149.7.213" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738458", "to_ids": true, "type": "url", "uuid": "57205bda-74e4-44d3-b55b-45cc950d210f", "value": "http://bikeceuta.com" }, { "category": "Network activity", "comment": "Once executed the sample phones back to the following C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1461738458", "to_ids": true, "type": "ip-dst", "uuid": "57205bda-e268-49af-8607-4903950d210f", "value": "91.142.215.77" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738529", "to_ids": true, "type": "url", "uuid": "57205c21-023c-481a-afda-4114950d210f", "value": "http://barbedosgroup.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738530", "to_ids": true, "type": "url", "uuid": "57205c22-a168-4167-9a7e-4fa8950d210f", "value": "http://brutalforce.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738530", "to_ids": true, "type": "url", "uuid": "57205c22-1398-4cbd-9ac3-4d00950d210f", "value": "http://christophar-hacker.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738530", "to_ids": true, "type": "url", "uuid": "57205c22-233c-4985-b975-4a9d950d210f", "value": "http://moto-przestrzen.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738531", "to_ids": true, "type": "url", "uuid": "57205c23-31d0-4046-b5ad-407d950d210f", "value": "http://eturva.y0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738531", "to_ids": true, "type": "url", "uuid": "57205c23-3620-4a83-a688-4ccc950d210f", "value": "http://lingirlie.com" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738532", "to_ids": true, "type": "url", "uuid": "57205c24-da7c-4484-af22-462d950d210f", "value": "http://ogladajmecz.com.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738532", "to_ids": true, "type": "url", "uuid": "57205c24-b574-4ed2-92ba-478a950d210f", "value": "http://oriflamekonkurs2l16.c0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738533", "to_ids": true, "type": "url", "uuid": "57205c25-5c68-4b45-8315-4ffe950d210f", "value": "http://umeblowani.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738533", "to_ids": true, "type": "url", "uuid": "57205c25-3b24-4f3e-a00b-4561950d210f", "value": "http://webadminvalidation.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738533", "to_ids": true, "type": "url", "uuid": "57205c25-f728-401e-8b9c-44c2950d210f", "value": "http://adamr.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738534", "to_ids": true, "type": "url", "uuid": "57205c26-4810-4a03-b0e9-4742950d210f", "value": "http://alea.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738534", "to_ids": true, "type": "url", "uuid": "57205c26-3344-4069-9bc3-4aa0950d210f", "value": "http://artbymachonis.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738535", "to_ids": true, "type": "url", "uuid": "57205c27-189c-4dc4-9eda-47c9950d210f", "value": "http://beqwqgdu.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738535", "to_ids": true, "type": "url", "uuid": "57205c27-4dd0-48db-9bd7-4067950d210f", "value": "http://bleachonline.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738536", "to_ids": true, "type": "url", "uuid": "57205c28-4920-4b79-ba19-45c8950d210f", "value": "http://facebook-profile-natalia9320.j.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738536", "to_ids": true, "type": "url", "uuid": "57205c28-da34-43a2-a251-4803950d210f", "value": "http://fllrev1978.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738537", "to_ids": true, "type": "url", "uuid": "57205c29-f698-4d8a-8091-458a950d210f", "value": "http://gotowesms.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738537", "to_ids": true, "type": "url", "uuid": "57205c29-5e94-4235-9d4b-42c3950d210f", "value": "http://kbvdfuh.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738537", "to_ids": true, "type": "url", "uuid": "57205c29-cfa0-4029-bef1-4309950d210f", "value": "http://maplka1977.c0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738538", "to_ids": true, "type": "url", "uuid": "57205c2a-e428-48ae-996e-40ba950d210f", "value": "http://nagrobkiartek.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738538", "to_ids": true, "type": "url", "uuid": "57205c2a-834c-42fd-be1a-4eff950d210f", "value": "http://nyzusbojpxnl.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738539", "to_ids": true, "type": "url", "uuid": "57205c2b-4940-40ae-8a69-43cd950d210f", "value": "http://okilh1973.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738539", "to_ids": true, "type": "url", "uuid": "57205c2b-8fb8-4043-810e-4ac4950d210f", "value": "http://pucusej.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738540", "to_ids": true, "type": "url", "uuid": "57205c2c-6da4-4afb-a957-47f7950d210f", "value": "http://sajtom.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738540", "to_ids": true, "type": "url", "uuid": "57205c2c-d7bc-41fe-968a-421c950d210f", "value": "http://tarnowiec.net.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738540", "to_ids": true, "type": "url", "uuid": "57205c2c-985c-4924-8599-47a3950d210f", "value": "http://techtell.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738541", "to_ids": true, "type": "url", "uuid": "57205c2d-6140-4a0b-a246-449a950d210f", "value": "http://testujemypl.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738541", "to_ids": true, "type": "url", "uuid": "57205c2d-ef20-47f6-b090-4dd5950d210f", "value": "http://lawendowawyspa.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738542", "to_ids": true, "type": "url", "uuid": "57205c2e-f4c0-4073-b330-4f74950d210f", "value": "http://younglean.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738542", "to_ids": true, "type": "url", "uuid": "57205c2e-2e70-4277-a3fa-4fd2950d210f", "value": "http://delegaturaszczecin.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738543", "to_ids": true, "type": "url", "uuid": "57205c2f-2098-407f-94de-417c950d210f", "value": "http://metzmoerex.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738543", "to_ids": true, "type": "url", "uuid": "57205c2f-dfc4-4dbf-8d0a-4e3d950d210f", "value": "http://kmpk.c0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738543", "to_ids": true, "type": "url", "uuid": "57205c2f-a484-4078-80e0-4168950d210f", "value": "http://500plus.c0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738544", "to_ids": true, "type": "url", "uuid": "57205c30-6fb0-4205-b015-41f8950d210f", "value": "http://erxhxrrb1981.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738544", "to_ids": true, "type": "url", "uuid": "57205c30-5020-4fea-af7c-4832950d210f", "value": "http://exztwsl.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738545", "to_ids": true, "type": "url", "uuid": "57205c31-baac-464a-b87e-4386950d210f", "value": "http://fafrvfa.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738545", "to_ids": true, "type": "url", "uuid": "57205c31-a74c-4ada-9b62-4645950d210f", "value": "http://fastandfurios.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738546", "to_ids": true, "type": "url", "uuid": "57205c32-c28c-429c-9d14-4a39950d210f", "value": "http://filmonline.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738546", "to_ids": true, "type": "url", "uuid": "57205c32-5a00-4a19-a073-40e0950d210f", "value": "http://fragcraft.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738546", "to_ids": true, "type": "url", "uuid": "57205c32-95ec-4196-b201-433e950d210f", "value": "http://fryzjer.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738547", "to_ids": true, "type": "url", "uuid": "57205c33-1df4-4ee4-9d38-48b9950d210f", "value": "http://hgedkom1973.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738547", "to_ids": true, "type": "url", "uuid": "57205c33-c1bc-420f-a1f5-4e0d950d210f", "value": "http://luyfiv1972.cba.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738548", "to_ids": true, "type": "url", "uuid": "57205c34-f7dc-4e0e-8fcb-47e2950d210f", "value": "http://oliviasekulska.com" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738548", "to_ids": true, "type": "url", "uuid": "57205c34-3ef8-403e-86d4-4464950d210f", "value": "http://opziwr-zamosc.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738549", "to_ids": true, "type": "url", "uuid": "57205c35-d224-42db-8751-4254950d210f", "value": "http://ostro.ga" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738549", "to_ids": true, "type": "url", "uuid": "57205c35-36d4-4ce6-8027-4567950d210f", "value": "http://rodzina500plus.c0.pl" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738549", "to_ids": true, "type": "url", "uuid": "57205c35-f1fc-429d-876a-4213950d210f", "value": "http://roknasilowni.tk" }, { "category": "Network activity", "comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains", "deleted": false, "disable_correlation": false, "timestamp": "1461738550", "to_ids": true, "type": "url", "uuid": "57205c36-b78c-4b94-8122-48d2950d210f", "value": "http://vfqqgr1971.cba.pl" }, { "category": "Network activity", "comment": "Sample malicious URL hosting location", "deleted": false, "disable_correlation": false, "timestamp": "1461738732", "to_ids": true, "type": "url", "uuid": "57205cec-06ac-4da2-bddc-495a950d210f", "value": "http://ecku.cba.pl/js/bin.exe" }, { "category": "Network activity", "comment": "Sample malicious URL hosting location", "deleted": false, "disable_correlation": false, "timestamp": "1461738733", "to_ids": true, "type": "url", "uuid": "57205ced-af5c-4f92-a38b-4098950d210f", "value": "http://mondeodoslubu.cba.pl/js/bin.exe" }, { "category": "Network activity", "comment": "Sample malicious URL hosting location", "deleted": false, "disable_correlation": false, "timestamp": "1461738733", "to_ids": true, "type": "url", "uuid": "57205ced-e3f0-4316-90c4-4e57950d210f", "value": "http://piotrkochanski.cba.pl/js/bin.exe" }, { "category": "Network activity", "comment": "Sample malicious URL hosting location", "deleted": false, "disable_correlation": false, "timestamp": "1461738734", "to_ids": true, "type": "url", "uuid": "57205cee-5bc4-46c8-9b51-47c6950d210f", "value": "http://szczuczynsp.cba.pl/122/091.exe" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62", "deleted": false, "disable_correlation": false, "timestamp": "1461738769", "to_ids": true, "type": "sha256", "uuid": "57205d11-9314-4d11-8dac-454202de0b81", "value": "34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62", "deleted": false, "disable_correlation": false, "timestamp": "1461738769", "to_ids": true, "type": "sha1", "uuid": "57205d11-f4a8-45c5-9395-4eed02de0b81", "value": "3b5417b1a045e382658fcf6c4d46b79265ab0d61" }, { "category": "External analysis", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62", "deleted": false, "disable_correlation": false, "timestamp": "1461738769", "to_ids": false, "type": "link", "uuid": "57205d11-2f34-4150-bef4-4f8102de0b81", "value": "https://www.virustotal.com/file/34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07/analysis/1459233130/" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e", "deleted": false, "disable_correlation": false, "timestamp": "1461738770", "to_ids": true, "type": "sha256", "uuid": "57205d12-9f80-432a-b9de-4f5f02de0b81", "value": "1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e", "deleted": false, "disable_correlation": false, "timestamp": "1461738770", "to_ids": true, "type": "sha1", "uuid": "57205d12-82bc-49ad-a42e-4c0e02de0b81", "value": "ae1caf7ed76f4f412ff5c469cd61379d911a1da6" }, { "category": "External analysis", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e", "deleted": false, "disable_correlation": false, "timestamp": "1461738771", "to_ids": false, "type": "link", "uuid": "57205d13-6748-4b8a-a367-446e02de0b81", "value": "https://www.virustotal.com/file/1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d/analysis/1460771233/" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e", "deleted": false, "disable_correlation": false, "timestamp": "1461738771", "to_ids": true, "type": "sha256", "uuid": "57205d13-4448-43bd-b7a4-4d2c02de0b81", "value": "16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e", "deleted": false, "disable_correlation": false, "timestamp": "1461738771", "to_ids": true, "type": "sha1", "uuid": "57205d13-4c60-417f-903b-4ac702de0b81", "value": "dc2f8e277d45446077e6891bec2530317d8dbbfd" }, { "category": "External analysis", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e", "deleted": false, "disable_correlation": false, "timestamp": "1461738772", "to_ids": false, "type": "link", "uuid": "57205d14-485c-48ba-b8f2-4eab02de0b81", "value": "https://www.virustotal.com/file/16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d/analysis/1460857119/" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4", "deleted": false, "disable_correlation": false, "timestamp": "1461738772", "to_ids": true, "type": "sha256", "uuid": "57205d14-3510-4769-979c-485d02de0b81", "value": "8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4", "deleted": false, "disable_correlation": false, "timestamp": "1461738773", "to_ids": true, "type": "sha1", "uuid": "57205d15-b7bc-4b31-b7de-434d02de0b81", "value": "9cf70b8ba95e606e7e3fff44230c4d014688396e" }, { "category": "External analysis", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4", "deleted": false, "disable_correlation": false, "timestamp": "1461738773", "to_ids": false, "type": "link", "uuid": "57205d15-feb0-439b-a6d9-4b2202de0b81", "value": "https://www.virustotal.com/file/8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7/analysis/1460972860/" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39", "deleted": false, "disable_correlation": false, "timestamp": "1461738773", "to_ids": true, "type": "sha256", "uuid": "57205d15-a5ec-4e07-8c09-49fb02de0b81", "value": "c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36" }, { "category": "Payload delivery", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39", "deleted": false, "disable_correlation": false, "timestamp": "1461738774", "to_ids": true, "type": "sha1", "uuid": "57205d16-af14-4474-bd1b-4ed302de0b81", "value": "f476d4197ec7c59b1ecb25362f00a8fb2f4c93b7" }, { "category": "External analysis", "comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39", "deleted": false, "disable_correlation": false, "timestamp": "1461738774", "to_ids": false, "type": "link", "uuid": "57205d16-6e60-4f83-b2f9-4b2502de0b81", "value": "https://www.virustotal.com/file/c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36/analysis/1461280641/" } ] } }