{ "Event": { "analysis": "2", "date": "2014-09-05", "extends_uuid": "", "info": "OSINT Cridex, Feodo, Geodo, Dridex, whats next? by abuse.ch", "publish_timestamp": "1456154166", "published": true, "threat_level_id": "3", "timestamp": "1421222846", "uuid": "54b62236-69d4-4154-854a-4862950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#33FF00", "name": "tlp:green" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222530", "to_ids": false, "type": "link", "uuid": "54b62282-9be0-4a87-ae0f-acbf950d210b", "value": "https://www.abuse.ch/?p=8332" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222538", "to_ids": false, "type": "text", "uuid": "54b6228a-01e8-4c71-852d-d563950d210b", "value": "Dridex" }, { "category": "Network activity", "comment": "port 443", "deleted": false, "disable_correlation": false, "timestamp": "1421222599", "to_ids": true, "type": "ip-dst", "uuid": "54b622c7-5828-428f-9a06-0d21950d210b", "value": "5.135.28.113" }, { "category": "Network activity", "comment": "port 9955", "deleted": false, "disable_correlation": false, "timestamp": "1421222620", "to_ids": true, "type": "ip-dst", "uuid": "54b622dc-aae0-4660-a75e-5d3c950d210b", "value": "5.135.28.109" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-9260-4552-b9ae-4856950d210b", "value": "62.76.44.174" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-c8a4-43f9-af29-4e1a950d210b", "value": "50.56.34.20" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-4b78-4984-a5f1-4aae950d210b", "value": "37.139.47.177" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-78c0-451a-b5ba-4416950d210b", "value": "108.166.70.44" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-03ac-49ba-b4d6-4db9950d210b", "value": "202.124.205.84" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-bacc-49ff-9b51-4922950d210b", "value": "85.214.26.248" }, { "category": "Network activity", "comment": "port 8080", "deleted": false, "disable_correlation": false, "timestamp": "1421222694", "to_ids": true, "type": "ip-dst", "uuid": "54b62326-9210-4889-ab0a-4522950d210b", "value": "178.208.81.204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222710", "to_ids": true, "type": "md5", "uuid": "54b62336-65f0-4e17-ab96-6099950d210b", "value": "532e7924f759aab014dedca651398ce6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222710", "to_ids": true, "type": "md5", "uuid": "54b62336-da60-4905-86f6-6099950d210b", "value": "818bb82d1845eacedabdd5d0a5de310c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222710", "to_ids": true, "type": "md5", "uuid": "54b62336-e04c-43d3-956b-6099950d210b", "value": "fab100a415254de5c8af70eb1c7eb2d0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222710", "to_ids": true, "type": "md5", "uuid": "54b62336-5334-4353-b414-6099950d210b", "value": "95d4a587ac1a128db890035793483885" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222710", "to_ids": true, "type": "md5", "uuid": "54b62336-6dd4-45cf-8651-6099950d210b", "value": "f8edaacbfc88a8f045bf2bbbd75c435b" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222846", "to_ids": true, "type": "url", "uuid": "54b623be-2ac4-41ec-be31-5d3c950d210b", "value": "/logs/ukvbvg/js.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222846", "to_ids": true, "type": "url", "uuid": "54b623be-e808-4f42-b450-5d3c950d210b", "value": "/logs/ukvbvg/in.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222846", "to_ids": true, "type": "url", "uuid": "54b623be-9ff4-4e01-802b-5d3c950d210b", "value": "/injectgate" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1421222846", "to_ids": true, "type": "url", "uuid": "54b623be-7534-4356-a730-5d3c950d210b", "value": "/tokengate" }, { "category": "Payload delivery", "comment": "Automatically added (via f8edaacbfc88a8f045bf2bbbd75c435b)", "deleted": false, "disable_correlation": false, "timestamp": "1455836015", "to_ids": true, "type": "sha1", "uuid": "56c64b6f-bc64-44f1-a5ba-4fd5950d210f", "value": "444a3133c619eae0c899422684787372ec2291ba" }, { "category": "Payload delivery", "comment": "Automatically added (via 95d4a587ac1a128db890035793483885)", "deleted": false, "disable_correlation": false, "timestamp": "1455836017", "to_ids": true, "type": "sha1", "uuid": "56c64b71-3f28-4405-be9e-c651950d210f", "value": "233de4235c7ca7534f19d97bf482b72776e2deb3" }, { "category": "Payload delivery", "comment": "Automatically added (via fab100a415254de5c8af70eb1c7eb2d0)", "deleted": false, "disable_correlation": false, "timestamp": "1455836019", "to_ids": true, "type": "sha1", "uuid": "56c64b73-32ec-4ea5-9653-4f63950d210f", "value": "70a2151dbdf1deff221e3c712054320a35751b7b" }, { "category": "Payload delivery", "comment": "Automatically added (via 532e7924f759aab014dedca651398ce6)", "deleted": false, "disable_correlation": false, "timestamp": "1455836021", "to_ids": true, "type": "sha1", "uuid": "56c64b75-5360-49ac-a393-5ca1950d210f", "value": "8f1dd9903815fad8ecfdb55fe277f425e8aa7cfc" }, { "category": "Payload delivery", "comment": "Automatically added (via f8edaacbfc88a8f045bf2bbbd75c435b)", "deleted": false, "disable_correlation": false, "timestamp": "1455836016", "to_ids": true, "type": "sha256", "uuid": "56c64b70-fce4-47da-8cbf-c652950d210f", "value": "ebb5c47f46954c5a6786cc040e5cc1a16d3765584f3f58cf1a3bf3fe7c9eceae" }, { "category": "Payload delivery", "comment": "Automatically added (via 95d4a587ac1a128db890035793483885)", "deleted": false, "disable_correlation": false, "timestamp": "1455836018", "to_ids": true, "type": "sha256", "uuid": "56c64b72-e594-4851-86d5-48a0950d210f", "value": "76d759ff75723d76f3aa8cfe1785d220359c5b298a13db9d853cbca32d4752be" }, { "category": "Payload delivery", "comment": "Automatically added (via fab100a415254de5c8af70eb1c7eb2d0)", "deleted": false, "disable_correlation": false, "timestamp": "1455836020", "to_ids": true, "type": "sha256", "uuid": "56c64b74-caf8-4c9b-8abe-599d950d210f", "value": "62ba5cff1f48a529a6eb5f43fb790bc49433a9f0ed219f1ca0d890563eaea218" }, { "category": "Payload delivery", "comment": "Automatically added (via 532e7924f759aab014dedca651398ce6)", "deleted": false, "disable_correlation": false, "timestamp": "1455836021", "to_ids": true, "type": "sha256", "uuid": "56c64b75-459c-4f0c-8daa-599e950d210f", "value": "960ed795dca89e50745251adf6712719a1af1aa5fd1a66c9424c777574180548" } ] } }