{ "Event": { "analysis": "0", "date": "2016-09-02", "extends_uuid": "", "info": "Malspam 2016-09-02 (.wsf in .zip) - campaign: \"icloud.com\"", "publish_timestamp": "1472826472", "published": true, "threat_level_id": "3", "timestamp": "1472825949", "uuid": "57c98935-5fdc-4632-8d61-4af1950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#3a7300", "local": false, "name": "circl:incident-classification=\"malware\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825698", "to_ids": true, "type": "url", "uuid": "57c98962-0d54-459c-b73e-498d950d210f", "value": "http://danzig.vtrbandaancha.net/djaokpj" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825698", "to_ids": true, "type": "hostname", "uuid": "57c98962-9c7c-4888-8247-4419950d210f", "value": "danzig.vtrbandaancha.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825698", "to_ids": true, "type": "ip-dst", "uuid": "57c98962-89f0-4326-9b06-423d950d210f", "value": "200.83.4.62" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825698", "to_ids": true, "type": "url", "uuid": "57c98962-0c8c-4911-9da8-49b7950d210f", "value": "http://www.rioual.com/dfduyax" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825698", "to_ids": true, "type": "hostname", "uuid": "57c98962-a3e4-4864-a9fd-4b8d950d210f", "value": "www.rioual.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "ip-dst", "uuid": "57c98963-1f34-4863-a731-451a950d210f", "value": "213.186.33.19" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "url", "uuid": "57c98963-636c-4380-a1e5-4a1f950d210f", "value": "http://www.bavaria-wein.de/kyisute" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "hostname", "uuid": "57c98963-0254-422a-a43c-4371950d210f", "value": "www.bavaria-wein.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "ip-dst", "uuid": "57c98963-c8dc-4613-af7f-4834950d210f", "value": "217.199.0.35" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "url", "uuid": "57c98963-6e60-4fe9-990c-4b5b950d210f", "value": "http://www.malicioso.net/ulndads" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825699", "to_ids": true, "type": "hostname", "uuid": "57c98963-3194-4def-b08d-47bb950d210f", "value": "www.malicioso.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825700", "to_ids": true, "type": "ip-dst", "uuid": "57c98964-dc18-4325-bf2a-42bb950d210f", "value": "62.42.230.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825700", "to_ids": true, "type": "url", "uuid": "57c98964-6764-4cf9-87cb-4af9950d210f", "value": "http://imex.atspace.com/sxqtddp" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825700", "to_ids": true, "type": "hostname", "uuid": "57c98964-93a4-4203-9e74-4d3d950d210f", "value": "imex.atspace.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825700", "to_ids": true, "type": "ip-dst", "uuid": "57c98964-bba8-4929-a25a-4fd3950d210f", "value": "82.197.131.109" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825700", "to_ids": true, "type": "url", "uuid": "57c98964-d658-4f68-a144-44e3950d210f", "value": "http://www.meallservice.it/mulccfi" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "hostname", "uuid": "57c98965-e9b0-4109-88d5-44e4950d210f", "value": "www.meallservice.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "ip-dst", "uuid": "57c98965-0bb4-427d-aeef-48c9950d210f", "value": "213.205.40.169" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "url", "uuid": "57c98965-471c-4160-af0f-4faa950d210f", "value": "http://www.empolio.com/bgfxwqs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "hostname", "uuid": "57c98965-0e20-4e46-a417-420b950d210f", "value": "www.empolio.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "ip-dst", "uuid": "57c98965-6528-41e1-b562-459b950d210f", "value": "213.204.1.56" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825701", "to_ids": true, "type": "url", "uuid": "57c98965-b430-446f-a749-4b37950d210f", "value": "http://www.association-julescatoire.fr/vdrnlnt" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "hostname", "uuid": "57c98966-50c4-488c-a117-4e9e950d210f", "value": "www.association-julescatoire.fr" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "ip-dst", "uuid": "57c98966-6534-4374-8db5-4700950d210f", "value": "93.184.47.165" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "url", "uuid": "57c98966-b028-4dd8-ac22-4c21950d210f", "value": "http://e-gmp.home.ro/ierssce" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "hostname", "uuid": "57c98966-0b74-4a47-8e53-418a950d210f", "value": "e-gmp.home.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "ip-dst", "uuid": "57c98966-ea60-4262-964b-478a950d210f", "value": "81.196.20.133" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825702", "to_ids": true, "type": "url", "uuid": "57c98966-3774-4844-87e7-4a8a950d210f", "value": "http://www.fenit.net/elckuqa" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825703", "to_ids": true, "type": "hostname", "uuid": "57c98967-b614-443f-9ad6-4271950d210f", "value": "www.fenit.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825703", "to_ids": true, "type": "url", "uuid": "57c98967-517c-497c-9079-4196950d210f", "value": "http://www.caminettilcd.it/ikpjqqt" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825703", "to_ids": true, "type": "hostname", "uuid": "57c98967-3638-4989-a360-49d4950d210f", "value": "www.caminettilcd.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825703", "to_ids": true, "type": "ip-dst", "uuid": "57c98967-f2d0-4a6f-92ec-4501950d210f", "value": "195.78.215.76" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825703", "to_ids": true, "type": "url", "uuid": "57c98967-b054-41d1-97fe-4df8950d210f", "value": "http://www.coseincredibili.it/gugpcpb" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "hostname", "uuid": "57c98968-ce9c-4cff-b3ed-40fd950d210f", "value": "www.coseincredibili.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "url", "uuid": "57c98968-b7fc-4e47-ab6d-45e0950d210f", "value": "http://www.mussystems.net/rhygtpe" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "hostname", "uuid": "57c98968-1364-4f77-95d2-4d1a950d210f", "value": "www.mussystems.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "ip-dst", "uuid": "57c98968-3aec-48e3-bd68-41b3950d210f", "value": "195.238.0.64" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "url", "uuid": "57c98968-9348-483d-8530-4441950d210f", "value": "http://158.195.68.10/porirue" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825704", "to_ids": true, "type": "ip-dst", "uuid": "57c98969-8b48-47a4-a000-41ec950d210f", "value": "158.195.68.10" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825705", "to_ids": true, "type": "url", "uuid": "57c98969-d9e4-44cb-ba1e-4a32950d210f", "value": "http://dcqoutlet.es/vcxyssl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825705", "to_ids": true, "type": "domain", "uuid": "57c98969-182c-410c-82c6-4520950d210f", "value": "dcqoutlet.es" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825705", "to_ids": true, "type": "ip-dst", "uuid": "57c98969-9b28-4bb1-92c3-4595950d210f", "value": "134.0.11.123" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825705", "to_ids": true, "type": "url", "uuid": "57c98969-c6b8-47f5-9c95-4537950d210f", "value": "http://www.dallaglio-nordin.com/cjkgjtl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825705", "to_ids": true, "type": "hostname", "uuid": "57c98969-1528-4420-9409-45df950d210f", "value": "www.dallaglio-nordin.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "url", "uuid": "57c9896a-966c-4791-b0e9-4b0b950d210f", "value": "http://www.alanmorgan.plus.com/yqjytxx" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "hostname", "uuid": "57c9896a-6784-4018-b994-4d84950d210f", "value": "www.alanmorgan.plus.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "ip-dst", "uuid": "57c9896a-3530-44d8-b839-4f51950d210f", "value": "212.159.9.91" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "url", "uuid": "57c9896a-eb38-45a3-9c25-414d950d210f", "value": "http://tpllaw.com/ctuphuv" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "domain", "uuid": "57c9896a-7118-40b0-8862-4832950d210f", "value": "tpllaw.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825706", "to_ids": true, "type": "ip-dst", "uuid": "57c9896a-63c4-4fe7-b6fc-44b1950d210f", "value": "216.87.186.90" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "url", "uuid": "57c9896b-c4a0-493d-b281-4db9950d210f", "value": "http://www.archiviestoria.it/waotorf" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "hostname", "uuid": "57c9896b-6988-4222-8159-45cb950d210f", "value": "www.archiviestoria.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "url", "uuid": "57c9896b-f710-4d07-8ffe-4952950d210f", "value": "http://maxshoppppsr.biz/js/vf3gt4b4" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "domain", "uuid": "57c9896b-a7cc-4fa6-879e-423d950d210f", "value": "maxshoppppsr.biz" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "ip-dst", "uuid": "57c9896b-2c10-47c2-a32c-4e11950d210f", "value": "167.114.138.3" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472825707", "to_ids": true, "type": "url", "uuid": "57c9896c-3f1c-46bf-aafb-4b78950d210f", "value": "http://maxshoppppsr.biz/js/y54g3tr" }, { "category": "Payload delivery", "comment": "email address", "deleted": false, "disable_correlation": false, "timestamp": "1472825949", "to_ids": false, "type": "text", "uuid": "57c98a5d-0edc-416c-b424-4da5950d210f", "value": "[NAME]_[NUMBER]@icloud.com" } ] } }