{ "Event": { "analysis": "0", "date": "2018-01-23", "extends_uuid": "", "info": "OSINT - First C&C (IPv6) - Azorult", "publish_timestamp": "1518771109", "published": true, "threat_level_id": "3", "timestamp": "1516762822", "uuid": "5a67a79f-7884-46c7-ad56-49ba950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516743389", "to_ids": true, "type": "url", "uuid": "5a67a7de-8b50-4474-a0b0-1c9b950d210f", "value": "http://2a01:4f8:191:70e6::6/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516743404", "to_ids": true, "type": "url", "uuid": "5a67a7de-f7a0-4aed-ad7a-1c9b950d210f", "value": "http://2a01:4f8:191:70e6::1c6/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516742648", "to_ids": true, "type": "ip-dst", "uuid": "5a67a7f8-1488-4583-ba85-73a9950d210f", "value": "2a01:4f8:191:70e6::6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516742648", "to_ids": true, "type": "ip-dst", "uuid": "5a67a7f8-173c-4eb9-9885-73a9950d210f", "value": "2a01:4f8:191:70e6::1c6" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "4", "timestamp": "1516743013", "uuid": "5a67a91b-69c4-4a24-9512-4191950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "post", "timestamp": "1516742939", "to_ids": false, "type": "text", "uuid": "5a67a91b-5b50-4dc5-8c74-4ea2950d210f", "value": "IPv6 C&C <3 (Azorult) http://2a01:4f8:191:70e6::1c6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1516742940", "to_ids": false, "type": "text", "uuid": "5a67a91c-9ef0-406b-acb2-4433950d210f", "value": "Twitter" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1516743012", "to_ids": false, "type": "url", "uuid": "5a67a91d-ca78-42c3-8a50-4d23950d210f", "value": "https://twitter.com/benkow_/status/955440904684306432" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "username", "timestamp": "1516742941", "to_ids": false, "type": "text", "uuid": "5a67a91d-f14c-4e3c-8d08-42dd950d210f", "value": "benkow_" } ] } ] } }