{ "Event": { "analysis": "0", "date": "2019-04-05", "extends_uuid": "", "info": "OSINT - Hancitor domains", "publish_timestamp": "1554456935", "published": true, "threat_level_id": "3", "timestamp": "1554456909", "uuid": "5ca71f6e-3ee8-4013-8a5f-4171950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Hancitor\"", "relationship_type": "" }, { "colour": "#0c9200", "local": false, "name": "misp-galaxy:tool=\"Hancitor\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#001cad", "local": false, "name": "estimative-language:likelihood-probability=\"very-likely\"", "relationship_type": "" }, { "colour": "#0026eb", "local": false, "name": "estimative-language:confidence-in-analytic-judgment=\"moderate\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-9ee8-46d7-876c-43f8950d210f", "value": "alldogspoop.co" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-49f8-436e-94ea-4271950d210f", "value": "alldogspoop.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-8424-41b8-b3f0-4fc3950d210f", "value": "alldogspoop.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-8610-4d25-aedf-470c950d210f", "value": "alldogspoop.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-6ab0-4eaa-8394-4143950d210f", "value": "alldogspoop.mobi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-5b08-4b83-a414-4857950d210f", "value": "alldogspoop.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-60dc-43e6-ae2c-40e3950d210f", "value": "cherryhillpooperscoopers.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-6ee4-4114-aa73-405d950d210f", "value": "pooperscooperfranchise.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456446", "to_ids": true, "type": "domain", "uuid": "5ca71f7e-819c-4fcd-bafb-4e48950d210f", "value": "shopalldogspoop.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456463", "to_ids": false, "type": "link", "uuid": "5ca71f8f-756c-4a81-b8bb-4cd7950d210f", "value": "https://ghostbin.com/paste/27b9a/raw" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456518", "to_ids": true, "type": "email-src", "uuid": "5ca71fc6-31a8-47dd-9438-4eca950d210f", "value": "docusign@buyapetfranchise.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1554456532", "to_ids": false, "type": "link", "uuid": "5ca71fd4-6f4c-4308-b155-43ad950d210f", "value": "https://pastebin.com/PV2uGMye" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-3d48-45c7-a8b8-4fb4950d210f", "value": "http://automotivedreamteam.com/v.exe" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-6f28-42e2-93a5-42e2950d210f", "value": "http://ecsn.biz/includes/domit/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-3cf8-47c8-a0ae-42e3950d210f", "value": "http://ecsn.biz/includes/domit/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-897c-4fec-a67a-4995950d210f", "value": "http://ecsn.biz/includes/domit/3" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-6c24-4b82-b3a4-4fb3950d210f", "value": "http://inazel.es/modules/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-c398-428a-832a-40ee950d210f", "value": "http://inazel.es/modules/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-a468-4343-955f-43a8950d210f", "value": "http://inazel.es/modules/3" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-c24c-4980-b531-4d60950d210f", "value": "http://nal.com.ua/components/com_registration/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-a408-4d73-881c-49b0950d210f", "value": "http://nal.com.ua/components/com_registration/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-5eb4-449d-9dc5-47c0950d210f", "value": "http://nal.com.ua/components/com_registration/3" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-0ce0-46a9-9c91-4418950d210f", "value": "http://orik.hu/mambots/editors/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-dd08-4b6d-b87b-41b8950d210f", "value": "http://orik.hu/mambots/editors/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-50dc-4492-9c0b-4bea950d210f", "value": "http://orik.hu/mambots/editors/3" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-fa34-41ff-8589-4498950d210f", "value": "http://scanelectric.ro/wp-content/plugins/thememove-core/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-12d0-45ae-ad8a-475e950d210f", "value": "http://scanelectric.ro/wp-content/plugins/thememove-core/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-7aa4-4a5e-9624-41f4950d210f", "value": "http://scanelectric.ro/wp-content/plugins/thememove-core/3" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-7a90-41df-851d-4fcc950d210f", "value": "http://syrtaki-santorini.gr/modules/1" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-d3f0-423b-8f17-46b7950d210f", "value": "http://syrtaki-santorini.gr/modules/2" }, { "category": "Network activity", "comment": "additional dl", "deleted": false, "disable_correlation": false, "timestamp": "1554456564", "to_ids": true, "type": "url", "uuid": "5ca71ff4-3c28-4e02-8f66-4924950d210f", "value": "http://syrtaki-santorini.gr/modules/3" }, { "category": "Payload delivery", "comment": "1.dll", "deleted": false, "disable_correlation": false, "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "5ca7202f-dbd8-4688-aaf0-4b5b950d210f", "value": "671b416bfb21522d6ba30b05d8fc04732c8737a5ca35fa531563175fb0815395" }, { "category": "Payload delivery", "comment": "2.exe", "deleted": false, "disable_correlation": false, "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "5ca7202f-8998-40c2-bffe-4fc1950d210f", "value": "8189564580b804ed65d51990a109ac59bc88fd77518ab415363b5bbd8adc3aa2" }, { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": false, "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "5ca7202f-abc8-4d0d-83f3-4e48950d210f", "value": "06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94" }, { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "5ca7202f-36cc-48d7-842b-4110950d210f", "value": "ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e" }, { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": false, "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "5ca7202f-6028-4be3-8860-4c1b950d210f", "value": "d3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed" }, { "category": "Network activity", "comment": "hancitor c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456644", "to_ids": true, "type": "url", "uuid": "5ca72044-a8e4-4826-911b-4db4950d210f", "value": "http://duloperes.com/4/forum.php" }, { "category": "Network activity", "comment": "hancitor c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456644", "to_ids": true, "type": "url", "uuid": "5ca72044-f204-4bbd-bf2d-44f0950d210f", "value": "http://reflyhepone.ru/4/forum.php" }, { "category": "Network activity", "comment": "hancitor c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456644", "to_ids": true, "type": "url", "uuid": "5ca72044-b694-4954-8f8f-440d950d210f", "value": "http://gogotwitof.ru/4/forum.php" }, { "category": "Network activity", "comment": "pony c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456669", "to_ids": true, "type": "url", "uuid": "5ca7205d-36c8-4e0e-b9a4-4e58950d210f", "value": "http://duloperes.com/mlu/forum.php" }, { "category": "Network activity", "comment": "pony c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456669", "to_ids": true, "type": "url", "uuid": "5ca7205d-3048-48d0-b84c-4a1f950d210f", "value": "http://reflyhepone.ru/mlu/forum.php" }, { "category": "Network activity", "comment": "pony c2", "deleted": false, "disable_correlation": false, "timestamp": "1554456670", "to_ids": true, "type": "url", "uuid": "5ca7205e-02a4-48e7-adc1-41e2950d210f", "value": "http://gogotwitof.ru/mlu/forum.php" }, { "category": "Network activity", "comment": "evilpony", "deleted": false, "disable_correlation": false, "timestamp": "1554456695", "to_ids": true, "type": "url", "uuid": "5ca72077-9948-4c74-925f-41b4950d210f", "value": "http://duloperes.com/d2/about.php" }, { "category": "Network activity", "comment": "evilpony", "deleted": false, "disable_correlation": false, "timestamp": "1554456695", "to_ids": true, "type": "url", "uuid": "5ca72077-fa84-4f4b-a2fc-45f5950d210f", "value": "http://reflyhepone.ru/d2/about.php" }, { "category": "Network activity", "comment": "evilpony", "deleted": false, "disable_correlation": false, "timestamp": "1554456695", "to_ids": true, "type": "url", "uuid": "5ca72077-4e6c-4ce6-b099-42c8950d210f", "value": "http://gogotwitof.ru/d2/about.php" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1554456759", "to_ids": true, "type": "url", "uuid": "5ca720b7-3efc-4aa3-a353-469e950d210f", "value": "beetfeetlife.bit/webstore" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1554456759", "to_ids": true, "type": "url", "uuid": "5ca720b7-da8c-4f34-a17a-42b7950d210f", "value": "api.sorna.at/webstore" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1554456759", "to_ids": true, "type": "url", "uuid": "5ca720b7-59d0-40df-a12b-43bc950d210f", "value": "supp.rivier.at/webstore" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554456724", "uuid": "57006ea3-e098-42f6-bc80-d8dc9f528163", "ObjectReference": [ { "comment": "", "object_uuid": "57006ea3-e098-42f6-bc80-d8dc9f528163", "referenced_uuid": "5b58b896-f411-4245-bbf9-f4167ef0b196", "relationship_type": "analysed-with", "timestamp": "1554456725", "uuid": "5ca72095-ae6c-4abf-921c-48cb950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554456623", "to_ids": true, "type": "md5", "uuid": "d446bb77-444e-4edb-8420-a4cd6d6b0778", "value": "f2b701d43a43315105d649612b27a2ea" }, { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554456623", "to_ids": true, "type": "sha1", "uuid": "6097afe0-6921-43de-8c1c-e5781b8b7afe", "value": "9166f0899cdcf7480b1ec5fb925da7641f3c300d" }, { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "d9435f0a-31f5-4aaa-b780-990a5d964b52", "value": "d3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554456725", "uuid": "5b58b896-f411-4245-bbf9-f4167ef0b196", "Attribute": [ { "category": "Other", "comment": "v.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554456623", "to_ids": false, "type": "datetime", "uuid": "250e1e72-6769-4161-8f73-85fd3ed3b50a", "value": "2019-04-05T00:20:54" }, { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554456623", "to_ids": false, "type": "link", "uuid": "f0953128-f125-4295-818d-aada175e115d", "value": "https://www.virustotal.com/file/d3fad6911b80be1d64eb88ba23fecbcddc2faa73017b6dbcf78578eff47552ed/analysis/1554423654/" }, { "category": "Payload delivery", "comment": "v.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554456623", "to_ids": false, "type": "text", "uuid": "36c6e6cb-f39c-4eef-a7c4-c5416ba9b23a", "value": "17/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554456725", "uuid": "c2f1de55-f845-4031-9db5-cba3044f0629", "ObjectReference": [ { "comment": "", "object_uuid": "c2f1de55-f845-4031-9db5-cba3044f0629", "referenced_uuid": "0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9", "relationship_type": "analysed-with", "timestamp": "1554456725", "uuid": "5ca72095-2400-4f54-9e67-47b6950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554456623", "to_ids": true, "type": "md5", "uuid": "327c177d-d6b1-41db-90f1-437110b9567f", "value": "f38c97514e2baafc41081d5f22024fef" }, { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554456623", "to_ids": true, "type": "sha1", "uuid": "fd905dac-3392-4362-bb46-dfd9069af2e8", "value": "fa741dca980f1b073baf52be08dadb1c996503ea" }, { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "860c52a2-b76a-46c1-a155-02bbfd8dc147", "value": "ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554456725", "uuid": "0fd7fa03-ad1b-4bc8-95fb-d4e24353b5e9", "Attribute": [ { "category": "Other", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554456623", "to_ids": false, "type": "datetime", "uuid": "25244f20-40eb-490f-a2f3-24cecb60cbb5", "value": "2019-04-04T17:22:55" }, { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554456623", "to_ids": false, "type": "link", "uuid": "50c7cb21-e7a5-4fd9-832f-e95a94f9a442", "value": "https://www.virustotal.com/file/ec3bee6428b6fa258a8c8bdf5c76a8a47662e8373d43b20870282e1df8423a7e/analysis/1554398575/" }, { "category": "Payload delivery", "comment": "invoice_653780.doc", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554456623", "to_ids": false, "type": "text", "uuid": "e70d2e54-672a-478b-9d8a-4f8938664484", "value": "16/58" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "15", "timestamp": "1554456725", "uuid": "4c230799-c01d-4d15-a8d2-81341766f9f3", "ObjectReference": [ { "comment": "", "object_uuid": "4c230799-c01d-4d15-a8d2-81341766f9f3", "referenced_uuid": "b65c2419-c4c9-4768-8909-471c0999ae7a", "relationship_type": "analysed-with", "timestamp": "1554456725", "uuid": "5ca72095-bc18-434a-9bbc-4caf950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1554456623", "to_ids": true, "type": "md5", "uuid": "eaeadde6-2af4-4f57-a697-f6e52707958e", "value": "32ea156c017d71b87cd00718cdae0eda" }, { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1554456623", "to_ids": true, "type": "sha1", "uuid": "33dff8e3-802d-4190-b406-0d15c82743d2", "value": "fd9c5ed4f1e0224d864d28f2061c1e0a817a5feb" }, { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1554456623", "to_ids": true, "type": "sha256", "uuid": "7e3d8c42-4716-41ed-9c9d-e5adcb34208d", "value": "06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1554456725", "uuid": "b65c2419-c4c9-4768-8909-471c0999ae7a", "Attribute": [ { "category": "Other", "comment": "3.exe", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1554456623", "to_ids": false, "type": "datetime", "uuid": "43eabc0f-d9e1-4f86-bdef-c88350fa2462", "value": "2019-04-04T23:40:59" }, { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1554456623", "to_ids": false, "type": "link", "uuid": "2cb647c1-3f38-4f11-81cd-70bc19a49cdc", "value": "https://www.virustotal.com/file/06fcfb449aa241fdd05cf0e1b04d0c111005cabf53e0ac40cf04dcb9a7d71c94/analysis/1554421259/" }, { "category": "Payload delivery", "comment": "3.exe", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1554456623", "to_ids": false, "type": "text", "uuid": "6b6bae47-34ac-4d01-a63e-ed24557188c7", "value": "18/67" } ] }, { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "5", "timestamp": "1554456825", "uuid": "5ca720f9-ac20-44b5-a4b9-4f71950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1554456825", "to_ids": false, "type": "text", "uuid": "5ca720f9-f634-4c04-bd1c-42ee950d210f", "value": "Hancitor campaign started a bit ago. Using these crappy domains for delivery links:\r\nhttps://ghostbin.com/paste/27b9a/raw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1554456825", "to_ids": false, "type": "text", "uuid": "5ca720f9-29cc-4c05-b28f-4356950d210f", "value": "Twitter" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1554456825", "to_ids": true, "type": "url", "uuid": "5ca720f9-c600-4ee1-abcd-4ae0950d210f", "value": "https://twitter.com/mesa_matt/status/1113866153108148224" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1554456825", "to_ids": false, "type": "text", "uuid": "5ca720f9-2f10-4658-9bbc-4392950d210f", "value": "mesa_matt" } ] } ] } }