{ "Event": { "analysis": "1", "date": "2018-06-25", "extends_uuid": "", "info": "Registrant Tracking for \"earthalgerrity@armyspy.com\"", "publish_timestamp": "1589183999", "published": true, "threat_level_id": "3", "timestamp": "1621849790", "uuid": "5b310846-157c-46d7-8141-89f00acd0835", "Orgc": { "name": "Synovus Financial", "uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#002b6b", "local": false, "name": "ms-caro-malware-full:malware-family=\"Redirector\"", "relationship_type": "" }, { "colour": "#f02988", "local": false, "name": "Bokbot", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"Emotet\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529940130", "to_ids": true, "type": "domain", "uuid": "5b3108a2-f534-4632-930a-aca80acd0835", "value": "calorida.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529940130", "to_ids": true, "type": "domain", "uuid": "5b3108a2-67fc-405b-baa6-aca80acd0835", "value": "fuselect.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529940130", "to_ids": true, "type": "domain", "uuid": "5b3108a2-7efc-4629-bdd2-aca80acd0835", "value": "maneers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529940130", "to_ids": true, "type": "domain", "uuid": "5b3108a2-dd0c-4ae2-991a-aca80acd0835", "value": "stradical.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529940130", "to_ids": true, "type": "domain", "uuid": "5b3108a2-c2b4-4f31-94bd-aca80acd0835", "value": "veryonid.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "Whois records information for a domain name or an IP address.", "meta-category": "network", "name": "whois", "template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a", "template_version": "10", "timestamp": "1529940229", "uuid": "5b310905-f854-4665-a18b-ad0a0acd0835", "Attribute": [ { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "registrant-email", "timestamp": "1529940229", "to_ids": false, "type": "whois-registrant-email", "uuid": "5b310905-34a4-4399-96bf-ad0a0acd0835", "value": "earthalgerrity@armyspy.com" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "registrant-name", "timestamp": "1529940229", "to_ids": false, "type": "whois-registrant-name", "uuid": "5b310905-cf48-4511-beee-ad0a0acd0835", "value": "Eartha L. Gerrity" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "registrant-phone", "timestamp": "1529940229", "to_ids": false, "type": "whois-registrant-phone", "uuid": "5b310905-e174-419e-88db-ad0a0acd0835", "value": "12143212804" } ] } ] } }