{ "Event": { "analysis": "0", "date": "2016-07-18", "extends_uuid": "", "info": "Malspam 2016-07-18 .wsf (campaign: \"bank account report\")", "publish_timestamp": "1468844734", "published": true, "threat_level_id": "3", "timestamp": "1468844704", "uuid": "578cca12-1490-4cee-85de-4c29950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#3a7300", "local": false, "name": "circl:incident-classification=\"malware\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844625", "to_ids": true, "type": "url", "uuid": "578cca51-f1ac-4ef8-a054-4f95950d210f", "value": "http://ecpi.ro/cqema" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844625", "to_ids": true, "type": "domain", "uuid": "578cca51-150c-4d19-93e2-4988950d210f", "value": "ecpi.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844626", "to_ids": true, "type": "ip-dst", "uuid": "578cca52-6480-4bde-9607-4d43950d210f", "value": "89.42.223.64" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844626", "to_ids": true, "type": "url", "uuid": "578cca52-be58-4b9e-8ac5-4a74950d210f", "value": "http://provincialpw.com/r0vaqf" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844627", "to_ids": true, "type": "domain", "uuid": "578cca53-e39c-4eb9-a7ee-434d950d210f", "value": "provincialpw.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844627", "to_ids": true, "type": "ip-dst", "uuid": "578cca53-b100-4f68-948c-4776950d210f", "value": "160.153.54.35" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844627", "to_ids": true, "type": "url", "uuid": "578cca53-1334-4097-97be-4563950d210f", "value": "http://matthewmccright.org/sl8wu" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844628", "to_ids": true, "type": "domain", "uuid": "578cca54-e8d0-4690-8540-43de950d210f", "value": "matthewmccright.org" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844628", "to_ids": true, "type": "ip-dst", "uuid": "578cca54-3d38-4815-a76a-4722950d210f", "value": "107.180.13.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844629", "to_ids": true, "type": "url", "uuid": "578cca55-4aa4-43ec-9836-4ecd950d210f", "value": "http://kouzoncorporation.com/jikkhl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844629", "to_ids": true, "type": "domain", "uuid": "578cca55-0174-4e64-b0b0-49e6950d210f", "value": "kouzoncorporation.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844629", "to_ids": true, "type": "ip-dst", "uuid": "578cca55-c288-4c80-a522-49d5950d210f", "value": "192.185.85.237" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844630", "to_ids": true, "type": "url", "uuid": "578cca56-e0ac-4d83-829d-4479950d210f", "value": "http://ahatv.com.au/twh7xv" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844630", "to_ids": true, "type": "hostname", "uuid": "578cca56-ab48-4e37-923b-49e9950d210f", "value": "ahatv.com.au" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844631", "to_ids": true, "type": "ip-dst", "uuid": "578cca57-479c-4495-950e-40a6950d210f", "value": "103.226.221.161" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844631", "to_ids": true, "type": "url", "uuid": "578cca57-1d70-4118-9708-4daa950d210f", "value": "http://davisdoherty.co.nz/g0vi70" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844631", "to_ids": true, "type": "hostname", "uuid": "578cca57-fa1c-45b0-ae8e-4668950d210f", "value": "davisdoherty.co.nz" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844632", "to_ids": true, "type": "ip-dst", "uuid": "578cca58-9e7c-41c7-9bbd-44e7950d210f", "value": "60.234.42.102" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844632", "to_ids": true, "type": "url", "uuid": "578cca58-6354-4c53-bfd3-4c0f950d210f", "value": "http://my-result.ru/0j1nlpj8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844633", "to_ids": true, "type": "domain", "uuid": "578cca59-02ec-4ec3-bc2e-4cf1950d210f", "value": "my-result.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844633", "to_ids": true, "type": "ip-dst", "uuid": "578cca59-8108-445f-829c-48ce950d210f", "value": "95.163.18.88" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844633", "to_ids": true, "type": "url", "uuid": "578cca59-09dc-4287-8922-4231950d210f", "value": "http://blackdildo.net/h9kyu" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844634", "to_ids": true, "type": "domain", "uuid": "578cca5a-4df4-466e-a74d-4a77950d210f", "value": "blackdildo.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844634", "to_ids": true, "type": "ip-dst", "uuid": "578cca5a-123c-450b-b601-4cba950d210f", "value": "50.31.160.94" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844635", "to_ids": true, "type": "url", "uuid": "578cca5b-3044-4e4d-846b-49df950d210f", "value": "http://gruposoluciomatica.com.br/ryi81" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844635", "to_ids": true, "type": "hostname", "uuid": "578cca5b-4a24-477f-908c-4ef1950d210f", "value": "gruposoluciomatica.com.br" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844635", "to_ids": true, "type": "ip-dst", "uuid": "578cca5b-04f0-4501-b319-4f16950d210f", "value": "187.17.98.182" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844636", "to_ids": true, "type": "url", "uuid": "578cca5c-7b90-4531-8939-4ce4950d210f", "value": "http://benavidezhoy.com/8zrg48k" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844636", "to_ids": true, "type": "domain", "uuid": "578cca5c-a1bc-476e-ab0f-4b61950d210f", "value": "benavidezhoy.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844637", "to_ids": true, "type": "ip-dst", "uuid": "578cca5d-9304-48b9-abfd-4959950d210f", "value": "69.16.243.28" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844637", "to_ids": true, "type": "url", "uuid": "578cca5d-8bbc-4f81-b8c7-4532950d210f", "value": "http://rsxxx.com/3vp8s83" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844637", "to_ids": true, "type": "domain", "uuid": "578cca5d-5e44-49a4-8a1b-490f950d210f", "value": "rsxxx.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844638", "to_ids": true, "type": "ip-dst", "uuid": "578cca5e-1684-426c-8944-4820950d210f", "value": "69.50.139.6" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844638", "to_ids": true, "type": "url", "uuid": "578cca5e-d7e0-4170-829a-4ab5950d210f", "value": "http://findmobileauto.com/gh8ft" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844639", "to_ids": true, "type": "domain", "uuid": "578cca5f-e8d0-4acd-870e-45de950d210f", "value": "findmobileauto.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844639", "to_ids": true, "type": "ip-dst", "uuid": "578cca5f-5438-4075-9f79-4710950d210f", "value": "192.185.196.208" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844639", "to_ids": true, "type": "url", "uuid": "578cca5f-3a24-47ff-baa0-4478950d210f", "value": "http://christian-view.com/rwe24t" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844640", "to_ids": true, "type": "domain", "uuid": "578cca60-e628-4e40-b77e-4bae950d210f", "value": "christian-view.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844640", "to_ids": true, "type": "ip-dst", "uuid": "578cca60-e1b8-43f8-8ee1-43d4950d210f", "value": "69.90.163.170" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844641", "to_ids": true, "type": "url", "uuid": "578cca61-9b84-42c2-b22a-4d66950d210f", "value": "http://deanstum.com/z9opr" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844641", "to_ids": true, "type": "domain", "uuid": "578cca61-2980-4693-8051-41e9950d210f", "value": "deanstum.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844641", "to_ids": true, "type": "ip-dst", "uuid": "578cca61-2a80-441a-82db-42e4950d210f", "value": "192.186.229.69" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844642", "to_ids": true, "type": "url", "uuid": "578cca62-b4bc-43cc-a918-41ad950d210f", "value": "http://eurasian.fc2web.com/18nws9" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844642", "to_ids": true, "type": "hostname", "uuid": "578cca62-22e4-4e13-8d6b-4800950d210f", "value": "eurasian.fc2web.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844643", "to_ids": true, "type": "ip-dst", "uuid": "578cca63-d4e8-4f89-b2ce-4b28950d210f", "value": "208.71.106.216" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844643", "to_ids": true, "type": "url", "uuid": "578cca63-86ec-44a2-be26-41b1950d210f", "value": "http://bigislandhawaiihilorealestate.com/16h9p" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844643", "to_ids": true, "type": "domain", "uuid": "578cca63-10b4-4b37-a268-4506950d210f", "value": "bigislandhawaiihilorealestate.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844644", "to_ids": true, "type": "ip-dst", "uuid": "578cca64-b7f0-4c8c-95e2-42f2950d210f", "value": "192.185.24.133" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844644", "to_ids": true, "type": "url", "uuid": "578cca64-ba44-43e4-a812-4510950d210f", "value": "http://ilkhaberadana.com/rmegjezz" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844644", "to_ids": true, "type": "domain", "uuid": "578cca64-60f4-4a1c-899c-47e1950d210f", "value": "ilkhaberadana.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844645", "to_ids": true, "type": "ip-dst", "uuid": "578cca65-0488-4b26-b2d2-4886950d210f", "value": "159.253.46.194" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844645", "to_ids": true, "type": "url", "uuid": "578cca65-81b4-4acd-a471-482e950d210f", "value": "http://aquatixbottle.com/ygyngc" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844646", "to_ids": true, "type": "domain", "uuid": "578cca66-3734-4f58-9248-45b1950d210f", "value": "aquatixbottle.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844646", "to_ids": true, "type": "ip-dst", "uuid": "578cca66-e268-4de1-bb44-4c5c950d210f", "value": "192.186.212.231" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844646", "to_ids": true, "type": "url", "uuid": "578cca66-f9cc-4ea7-b9ea-47ec950d210f", "value": "http://fusofrance.fr/nengga" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844647", "to_ids": true, "type": "domain", "uuid": "578cca67-9824-4a06-aa93-4462950d210f", "value": "fusofrance.fr" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844647", "to_ids": true, "type": "ip-dst", "uuid": "578cca67-1d44-4239-a8dc-4d9f950d210f", "value": "213.186.33.40" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844648", "to_ids": true, "type": "url", "uuid": "578cca68-62f8-403a-988f-45c0950d210f", "value": "http://bizconsulting.ro/bm8s7" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844648", "to_ids": true, "type": "domain", "uuid": "578cca68-9b84-4656-bcf7-4131950d210f", "value": "bizconsulting.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468844648", "to_ids": true, "type": "ip-dst", "uuid": "578cca68-80f4-46e7-921c-4b95950d210f", "value": "86.35.15.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1468844671", "to_ids": false, "type": "user-agent", "uuid": "578cca7f-8d90-44e1-9e17-43a0950d210f", "value": "User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1468844704", "to_ids": false, "type": "email-subject", "uuid": "578ccaa0-c950-47c4-b4f7-457d950d210f", "value": "bank account report" } ] } }