{
"Event": {
"analysis": "0",
"date": "2017-09-08",
"extends_uuid": "",
"info": "Malspam 2017-09-08 - 'Emailed Invoice -' - .html attachment",
"publish_timestamp": "1504882335",
"published": true,
"threat_level_id": "3",
"timestamp": "1504882325",
"uuid": "59b2ada6-f428-4476-b218-7c5a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": false,
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "old.tsg-upravdom.ru",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504882167",
"to_ids": true,
"type": "ip-dst",
"uuid": "59b2adf7-e484-4f71-b700-4e09950d210f",
"value": "81.177.141.82"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504882167",
"to_ids": true,
"type": "hostname",
"uuid": "59b2adf7-45cc-4403-ab0c-4129950d210f",
"value": "old.tsg-upravdom.ru"
},
{
"category": "Network activity",
"comment": "initial download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504882167",
"to_ids": true,
"type": "url",
"uuid": "59b2adf7-7da8-4100-b1ed-4896950d210f",
"value": "http://old.tsg-upravdom.ru/w/ciji.php"
},
{
"category": "Payload delivery",
"comment": "I_736305.html attachment to email",
"deleted": false,
"disable_correlation": false,
"timestamp": "1504882275",
"to_ids": false,
"type": "text",
"uuid": "59b2ae55-9278-490b-b916-7959950d210f",
"value": "Your file is downloading. Please wait...
\r\n"
}
]
}
}