{ "Event": { "analysis": "0", "date": "2016-08-31", "extends_uuid": "", "info": "Malspam 2016-08-31 (.wsf in .zip) - campaign: \"Image|Picture|Photos|Photo|Document\"", "publish_timestamp": "1472638292", "published": true, "threat_level_id": "3", "timestamp": "1472638251", "uuid": "57c6ac4c-c60c-4f79-a38f-b666950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#3a7300", "local": false, "name": "circl:incident-classification=\"malware\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638204", "to_ids": true, "type": "hostname", "uuid": "57c6acfc-da4c-44de-9f5a-b667950d210f", "value": "gastrohurt.neostrada.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638205", "to_ids": true, "type": "ip-dst", "uuid": "57c6acfd-09ec-4d5d-8716-b667950d210f", "value": "217.97.216.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638205", "to_ids": true, "type": "domain", "uuid": "57c6acfd-5198-494d-8159-b667950d210f", "value": "alians-ekb.ru" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638205", "to_ids": true, "type": "ip-dst", "uuid": "57c6acfd-7a2c-4b14-a586-b667950d210f", "value": "85.12.197.61" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638205", "to_ids": true, "type": "domain", "uuid": "57c6acfd-c484-422b-a86d-b667950d210f", "value": "og-kaiserslautern-kft.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638205", "to_ids": true, "type": "ip-dst", "uuid": "57c6acfd-5910-4d48-9f0a-b667950d210f", "value": "109.237.140.28" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638206", "to_ids": true, "type": "hostname", "uuid": "57c6acfe-2f68-49c7-b4b8-b667950d210f", "value": "nihilismus.web.fc2.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638206", "to_ids": true, "type": "ip-dst", "uuid": "57c6acfe-f2f0-4ca5-a092-b667950d210f", "value": "208.71.106.62" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638206", "to_ids": true, "type": "hostname", "uuid": "57c6acfe-0cec-42d8-9f68-b667950d210f", "value": "chwiladlaciebie.cba.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638206", "to_ids": true, "type": "ip-dst", "uuid": "57c6acfe-9af4-4d0a-bdba-b667950d210f", "value": "95.211.144.65" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638206", "to_ids": true, "type": "hostname", "uuid": "57c6acfe-1e60-47eb-9410-b667950d210f", "value": "www.peritiassicurativi.org" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "ip-dst", "uuid": "57c6acff-06b8-46b9-b613-b667950d210f", "value": "213.205.40.169" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "url", "uuid": "57c6acff-2370-45f8-a45b-b667950d210f", "value": "http://rmpst.republika.pl/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "hostname", "uuid": "57c6acff-4210-4f6b-b572-b667950d210f", "value": "rmpst.republika.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "ip-dst", "uuid": "57c6acff-ba08-485e-b062-b667950d210f", "value": "213.180.150.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "hostname", "uuid": "57c6acff-43b4-43f7-961b-b667950d210f", "value": "arcziuuucity.y0.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638207", "to_ids": true, "type": "hostname", "uuid": "57c6acff-1218-44a4-b7c9-b667950d210f", "value": "www.dapaluda.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638208", "to_ids": true, "type": "url", "uuid": "57c6ad00-10ac-4cb9-b427-b667950d210f", "value": "http://www.lindenkapelle.de/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638208", "to_ids": true, "type": "hostname", "uuid": "57c6ad00-ee98-4ef6-b61c-b667950d210f", "value": "www.lindenkapelle.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638208", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad00-42dc-46b7-b802-b667950d210f", "value": "81.169.145.224" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638208", "to_ids": true, "type": "hostname", "uuid": "57c6ad00-c128-45ab-af25-b667950d210f", "value": "www.artx.strefa.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638208", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad00-a2a8-43b6-a941-b667950d210f", "value": "217.74.66.167" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638209", "to_ids": true, "type": "url", "uuid": "57c6ad01-4c60-40c3-bc12-b667950d210f", "value": "http://www.hiederer.de/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638209", "to_ids": true, "type": "hostname", "uuid": "57c6ad01-ab70-4333-a2b9-b667950d210f", "value": "www.hiederer.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638209", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad01-9be4-4bea-b194-b667950d210f", "value": "81.169.145.74" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638209", "to_ids": true, "type": "hostname", "uuid": "57c6ad01-4384-495e-8c51-b667950d210f", "value": "wolffram.homepage.t-online.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638209", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad01-f1a8-4997-9234-b667950d210f", "value": "80.150.6.138" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "hostname", "uuid": "57c6ad02-1244-4e95-9ff3-b667950d210f", "value": "www.shanty-chor-neuengoers.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "domain", "uuid": "57c6ad02-9a1c-448a-9f3c-b667950d210f", "value": "onlineportal-2012.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad02-5c30-4979-8643-b667950d210f", "value": "178.254.51.20" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "url", "uuid": "57c6ad02-e7a8-4556-9496-b667950d210f", "value": "http://stanflorin10.go.ro/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "hostname", "uuid": "57c6ad02-cefc-4e05-abb6-b667950d210f", "value": "stanflorin10.go.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638210", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad02-2dc4-49ec-a938-b667950d210f", "value": "81.196.20.134" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638211", "to_ids": true, "type": "url", "uuid": "57c6ad03-c744-4f83-a46c-b667950d210f", "value": "http://www.welt-weit.info/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638211", "to_ids": true, "type": "hostname", "uuid": "57c6ad03-f4d0-4def-9328-b667950d210f", "value": "www.welt-weit.info" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638211", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad03-f80c-463d-8bd8-b667950d210f", "value": "81.169.145.226" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638211", "to_ids": true, "type": "hostname", "uuid": "57c6ad03-b260-4570-be2a-b667950d210f", "value": "www.facturi.go.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638211", "to_ids": true, "type": "hostname", "uuid": "57c6ad03-6538-457a-be18-b667950d210f", "value": "muellerfalk.homepage.t-online.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638212", "to_ids": true, "type": "hostname", "uuid": "57c6ad04-3594-434b-b18a-b667950d210f", "value": "www.vilastefania.go.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638212", "to_ids": true, "type": "url", "uuid": "57c6ad04-d600-4d97-9c91-b667950d210f", "value": "http://www.auret.at/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638212", "to_ids": true, "type": "hostname", "uuid": "57c6ad04-a7d4-4b7f-a697-b667950d210f", "value": "www.auret.at" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638212", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad04-391c-4faf-ab7a-b667950d210f", "value": "62.116.84.99" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638212", "to_ids": true, "type": "url", "uuid": "57c6ad04-0204-4aa3-a08f-b667950d210f", "value": "http://www.roboticapc.com/987nkjh8" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638213", "to_ids": true, "type": "hostname", "uuid": "57c6ad05-3e14-4fdd-bb39-b667950d210f", "value": "www.roboticapc.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638213", "to_ids": true, "type": "hostname", "uuid": "57c6ad05-190c-46b6-a42e-b667950d210f", "value": "lacomete52.perso.sfr.fr" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472638213", "to_ids": true, "type": "ip-dst", "uuid": "57c6ad05-26f0-4336-8ede-b667950d210f", "value": "86.65.123.70" } ] } }