{ "Event": { "analysis": "0", "date": "2016-07-21", "extends_uuid": "", "info": "Malspam 2016-07-21 .wsf (campaign: \"fixed invoice\")", "publish_timestamp": "1469115045", "published": true, "threat_level_id": "3", "timestamp": "1469114614", "uuid": "5790e667-46bc-453e-bb78-44d0950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#3a7300", "local": false, "name": "circl:incident-classification=\"malware\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113993", "to_ids": true, "type": "url", "uuid": "5790e689-6100-46a1-bbea-4cd8950d210f", "value": "http://forum-droid.16mb.com/e3zirnzl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113993", "to_ids": true, "type": "hostname", "uuid": "5790e689-9768-4ab7-88aa-4ea6950d210f", "value": "forum-droid.16mb.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113993", "to_ids": true, "type": "ip-dst", "uuid": "5790e689-030c-4e3c-a7e4-4cc5950d210f", "value": "31.220.16.180" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113994", "to_ids": true, "type": "url", "uuid": "5790e68a-3ee8-479f-a140-4ed6950d210f", "value": "http://vkt-rus.com/ylnsp9" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113994", "to_ids": true, "type": "domain", "uuid": "5790e68a-3200-4d65-9932-4996950d210f", "value": "vkt-rus.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113994", "to_ids": true, "type": "ip-dst", "uuid": "5790e68a-0b5c-4f9a-a167-423f950d210f", "value": "195.208.0.15" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113994", "to_ids": true, "type": "url", "uuid": "5790e68a-6a48-447b-b483-42be950d210f", "value": "http://kveldeil.no/yzky84" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113995", "to_ids": true, "type": "domain", "uuid": "5790e68b-1c98-473c-88df-4599950d210f", "value": "kveldeil.no" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113995", "to_ids": true, "type": "ip-dst", "uuid": "5790e68b-e264-44c8-bdb0-4a25950d210f", "value": "85.252.49.19" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113995", "to_ids": true, "type": "url", "uuid": "5790e68b-fa34-41ab-8df2-455e950d210f", "value": "http://wusromania.home.ro/usjhlho" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113995", "to_ids": true, "type": "hostname", "uuid": "5790e68b-0458-44d3-9135-49aa950d210f", "value": "wusromania.home.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113995", "to_ids": true, "type": "ip-dst", "uuid": "5790e68b-3150-4b8a-ae20-4fa3950d210f", "value": "81.196.20.133" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "url", "uuid": "5790e68c-70c0-4014-8c5b-44c1950d210f", "value": "http://premiuminformation.org/39qoqv" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "domain", "uuid": "5790e68c-9ed0-4828-a330-45a2950d210f", "value": "premiuminformation.org" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "ip-dst", "uuid": "5790e68c-74c4-4d6a-9681-47a8950d210f", "value": "192.254.188.66" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "url", "uuid": "5790e68c-51e4-4b5a-be71-455f950d210f", "value": "http://www.chipo.republika.pl/ndpoxv" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "hostname", "uuid": "5790e68c-25f4-4b04-ad02-425a950d210f", "value": "www.chipo.republika.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113996", "to_ids": true, "type": "ip-dst", "uuid": "5790e68c-93a4-4462-9a04-46e9950d210f", "value": "213.180.150.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113997", "to_ids": true, "type": "url", "uuid": "5790e68d-6014-4d34-8ff4-44e2950d210f", "value": "http://krisnela.50webs.com/w8vxr3" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113997", "to_ids": true, "type": "hostname", "uuid": "5790e68d-fd24-44a4-a018-49be950d210f", "value": "krisnela.50webs.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113997", "to_ids": true, "type": "ip-dst", "uuid": "5790e68d-45c4-47af-a977-4727950d210f", "value": "162.210.101.97" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113997", "to_ids": true, "type": "url", "uuid": "5790e68d-f41c-487d-b54b-4ddd950d210f", "value": "http://dou104.rybadm.ru/s0uc8cp" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113997", "to_ids": true, "type": "hostname", "uuid": "5790e68d-9f34-4da0-b2c5-4dab950d210f", "value": "dou104.rybadm.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113998", "to_ids": true, "type": "ip-dst", "uuid": "5790e68e-5eec-4f2c-a629-4cd1950d210f", "value": "91.201.210.24" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113998", "to_ids": true, "type": "url", "uuid": "5790e68e-8954-4183-a33c-4ca8950d210f", "value": "http://bizforward.ru/d6hsbm" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113998", "to_ids": true, "type": "domain", "uuid": "5790e68e-2200-4754-9b6b-4077950d210f", "value": "bizforward.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113998", "to_ids": true, "type": "ip-dst", "uuid": "5790e68e-96e8-4815-a117-4eea950d210f", "value": "193.232.240.10" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113998", "to_ids": true, "type": "url", "uuid": "5790e68e-0a98-45cf-8c7f-4e5c950d210f", "value": "http://choogo.net/ym104zez" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113999", "to_ids": true, "type": "domain", "uuid": "5790e68f-f650-4bef-82c3-48e9950d210f", "value": "choogo.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113999", "to_ids": true, "type": "ip-dst", "uuid": "5790e68f-27bc-403d-bb5b-4edf950d210f", "value": "112.171.173.157" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113999", "to_ids": true, "type": "url", "uuid": "5790e68f-d998-4f56-afc3-4dfc950d210f", "value": "http://strojdom33.ru/f31cfm2" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113999", "to_ids": true, "type": "domain", "uuid": "5790e68f-439c-4c14-a039-4b86950d210f", "value": "strojdom33.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469113999", "to_ids": true, "type": "ip-dst", "uuid": "5790e68f-b38c-4a89-ae90-49e9950d210f", "value": "141.8.194.9" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114000", "to_ids": true, "type": "url", "uuid": "5790e690-800c-48be-89d8-4adc950d210f", "value": "http://oldim.lviv.ua/1djr1" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114000", "to_ids": true, "type": "hostname", "uuid": "5790e690-92b0-4135-9c04-4256950d210f", "value": "oldim.lviv.ua" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114000", "to_ids": true, "type": "ip-dst", "uuid": "5790e690-cfa4-430b-a660-46ce950d210f", "value": "91.194.41.32" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114000", "to_ids": true, "type": "url", "uuid": "5790e690-3984-4515-8ddd-4c26950d210f", "value": "http://sealionnn.web.fc2.com/yf6kq5l" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114000", "to_ids": true, "type": "hostname", "uuid": "5790e690-0ad0-421f-bfe4-46e3950d210f", "value": "sealionnn.web.fc2.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114001", "to_ids": true, "type": "ip-dst", "uuid": "5790e691-2908-467d-94e4-4aab950d210f", "value": "208.71.106.49" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114001", "to_ids": true, "type": "url", "uuid": "5790e691-5c04-46c5-8a5d-41bb950d210f", "value": "http://klausschuster.at/jxchtnpd" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114001", "to_ids": true, "type": "domain", "uuid": "5790e691-06e8-470a-b875-4ee0950d210f", "value": "klausschuster.at" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114001", "to_ids": true, "type": "ip-dst", "uuid": "5790e691-970c-4cb7-8592-494c950d210f", "value": "86.59.107.231" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114001", "to_ids": true, "type": "url", "uuid": "5790e691-d774-47b2-aebc-4eb1950d210f", "value": "http://pixel.sportsontheweb.net/2yhk9qxf" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114002", "to_ids": true, "type": "hostname", "uuid": "5790e692-134c-469c-86c7-4e00950d210f", "value": "pixel.sportsontheweb.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114002", "to_ids": true, "type": "ip-dst", "uuid": "5790e692-dbe4-4cd7-8400-4788950d210f", "value": "83.125.22.208" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114002", "to_ids": true, "type": "url", "uuid": "5790e692-68d0-401c-878c-48a9950d210f", "value": "http://voisin-sa.com/~trumpf/kuul6u13" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114002", "to_ids": true, "type": "domain", "uuid": "5790e692-9a5c-4690-8bce-4b93950d210f", "value": "voisin-sa.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114002", "to_ids": true, "type": "ip-dst", "uuid": "5790e692-db00-4ec5-bc2a-4155950d210f", "value": "84.246.225.155" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114003", "to_ids": true, "type": "url", "uuid": "5790e693-13a4-4dab-bc0e-4927950d210f", "value": "http://mebel-bogatyr.ru/fg92gx" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114003", "to_ids": true, "type": "domain", "uuid": "5790e693-04cc-4547-abd8-4c38950d210f", "value": "mebel-bogatyr.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114003", "to_ids": true, "type": "ip-dst", "uuid": "5790e693-6084-47a0-97fb-4b0b950d210f", "value": "141.8.192.63" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114003", "to_ids": true, "type": "url", "uuid": "5790e693-9534-40d8-8481-481c950d210f", "value": "http://www.redimec.com/qsr3hnqk" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114003", "to_ids": true, "type": "hostname", "uuid": "5790e693-092c-4bf3-b431-4da2950d210f", "value": "www.redimec.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114004", "to_ids": true, "type": "ip-dst", "uuid": "5790e694-47e4-44c4-99a6-4aa6950d210f", "value": "213.205.40.169" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1469114004", "to_ids": true, "type": "url", "uuid": "5790e694-e28c-4642-8e33-45bf950d210f", "value": "http://vkt-rus.com/v9puv4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1469114049", "to_ids": false, "type": "user-agent", "uuid": "5790e6c1-c240-4ac7-8ce9-401d950d210f", "value": "User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1469114109", "to_ids": false, "type": "email-subject", "uuid": "5790e6fd-4c7c-4a96-825b-4617950d210f", "value": "fixed invoice" } ] } }