{ "Event": { "analysis": "2", "date": "2015-09-28", "extends_uuid": "", "info": "OSINT Dyreza Campaigners Set Sights on the Fulfillment and Warehousing Industry by ProofPoint", "publish_timestamp": "1443680314", "published": true, "threat_level_id": "4", "timestamp": "1443680308", "uuid": "560c0a37-28c4-4654-a507-6221950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443629645", "to_ids": false, "type": "link", "uuid": "560c0a4d-4754-4dba-a7df-2c1b950d210b", "value": "https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629723", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9b-b39c-4a64-a56d-801c950d210b", "value": "67.221.147.103" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629723", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9b-1554-4f61-a857-801c950d210b", "value": "67.221.156.105" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629723", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9c-b960-4867-bba4-801c950d210b", "value": "78.8.174.25" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629724", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9c-ea60-4aff-961a-801c950d210b", "value": "195.154.106.76" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629724", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9c-c834-48c8-8e29-801c950d210b", "value": "173.252.48.79" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629725", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9d-66f8-4597-bc7c-801c950d210b", "value": "212.182.101.2" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629725", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9d-2eac-4c54-93b0-801c950d210b", "value": "78.8.9.55" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629726", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9e-a340-4017-891b-801c950d210b", "value": "185.74.84.55" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629726", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9e-ceac-4366-a142-801c950d210b", "value": "91.232.45.149" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629727", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9f-5270-4277-818b-801c950d210b", "value": "91.232.45.40" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629727", "to_ids": true, "type": "ip-dst", "uuid": "560c0a9f-a68c-4d13-a607-801c950d210b", "value": "67.221.156.165" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629728", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa0-1b10-43f0-9689-801c950d210b", "value": "89.161.51.115" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629728", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa0-6f24-49b1-8dc0-801c950d210b", "value": "109.87.63.98" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629728", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa0-9d08-4bc0-9487-801c950d210b", "value": "114.30.73.130" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629729", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa1-83c4-4fbd-90e2-801c950d210b", "value": "115.119.250.245" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629729", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa1-9190-4a79-8979-801c950d210b", "value": "173.252.50.124" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629730", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa2-f1a4-4edd-a8d8-801c950d210b", "value": "181.174.91.90" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629730", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa2-4b28-498a-8433-801c950d210b", "value": "186.46.142.66" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629731", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa3-70c8-4791-80de-801c950d210b", "value": "188.255.154.180" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629731", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa3-bdf0-4eff-9160-801c950d210b", "value": "195.191.34.245" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629732", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa4-b060-4b9f-8297-801c950d210b", "value": "206.116.171.216" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629732", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa4-0fbc-4ca1-b74a-801c950d210b", "value": "206.123.60.93" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629733", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa5-c49c-4ce8-a8df-801c950d210b", "value": "212.109.179.197" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629733", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa5-6acc-4924-aa38-801c950d210b", "value": "216.57.165.182" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629734", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa6-6c64-431a-8afe-801c950d210b", "value": "67.221.146.67" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629734", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa6-4868-4b4e-85e9-801c950d210b", "value": "67.221.146.107" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629734", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa6-d4d4-408a-9f3f-801c950d210b", "value": "67.221.156.216" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629735", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa7-d1b0-43a5-a905-801c950d210b", "value": "69.27.57.164" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629735", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa7-6848-4ee5-9534-801c950d210b", "value": "83.241.176.230" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629736", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa8-92e4-412b-ae18-801c950d210b", "value": "89.140.63.207" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629736", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa8-a680-4744-905c-801c950d210b", "value": "103.230.220.8" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629737", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa9-9888-4b5f-ae4e-801c950d210b", "value": "109.86.226.85" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629737", "to_ids": true, "type": "ip-dst", "uuid": "560c0aa9-8028-4576-953d-801c950d210b", "value": "150.129.48.147" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629738", "to_ids": true, "type": "ip-dst", "uuid": "560c0aaa-70fc-4fa8-a7b5-801c950d210b", "value": "150.129.49.139" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629738", "to_ids": true, "type": "ip-dst", "uuid": "560c0aaa-dfd0-454c-9f49-801c950d210b", "value": "173.185.166.94" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629739", "to_ids": true, "type": "ip-dst", "uuid": "560c0aab-a3f8-4236-9967-801c950d210b", "value": "176.120.201.9" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629739", "to_ids": true, "type": "ip-dst", "uuid": "560c0aab-4824-4614-97a9-801c950d210b", "value": "181.112.153.202" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629739", "to_ids": true, "type": "ip-dst", "uuid": "560c0aab-e19c-45ed-b835-801c950d210b", "value": "184.190.64.35" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629740", "to_ids": true, "type": "ip-dst", "uuid": "560c0aac-a130-4e36-a00f-801c950d210b", "value": "188.120.194.101" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629740", "to_ids": true, "type": "ip-dst", "uuid": "560c0aac-41fc-40db-8812-801c950d210b", "value": "206.123.58.42" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629741", "to_ids": true, "type": "ip-dst", "uuid": "560c0aad-8850-4d43-bb12-801c950d210b", "value": "208.123.135.106" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629741", "to_ids": true, "type": "ip-dst", "uuid": "560c0aad-a9c8-4ae4-82dc-801c950d210b", "value": "82.100.4.60" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629742", "to_ids": true, "type": "ip-dst", "uuid": "560c0aae-8180-44b7-800e-801c950d210b", "value": "150.129.49.162" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629742", "to_ids": true, "type": "ip-dst", "uuid": "560c0aae-afd8-4650-b899-801c950d210b", "value": "188.125.38.100" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629743", "to_ids": true, "type": "ip-dst", "uuid": "560c0aaf-92ac-448e-bb33-801c950d210b", "value": "213.92.204.37" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629743", "to_ids": true, "type": "ip-dst", "uuid": "560c0aaf-03cc-4af8-b00d-801c950d210b", "value": "91.238.241.26" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629743", "to_ids": true, "type": "ip-dst", "uuid": "560c0aaf-5834-4a02-a437-801c950d210b", "value": "84.54.191.170" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629744", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab0-609c-414a-abe8-801c950d210b", "value": "89.174.116.76" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629744", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab0-85b0-4233-9207-801c950d210b", "value": "195.117.104.102" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629745", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab1-69c4-4bbe-bb56-801c950d210b", "value": "193.189.77.76" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629745", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab1-fab0-4457-bde2-801c950d210b", "value": "91.239.244.187" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629746", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab2-a508-48fa-94b6-801c950d210b", "value": "46.174.237.115" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629746", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab2-c948-470c-9b77-801c950d210b", "value": "73.38.228.117" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629747", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab3-19e8-49b0-8875-801c950d210b", "value": "206.222.25.58" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629747", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab3-1dbc-4039-9443-801c950d210b", "value": "195.154.105.117" }, { "category": "External analysis", "comment": "Dyre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629747", "to_ids": true, "type": "ip-dst", "uuid": "560c0ab3-f48c-4f43-abcb-801c950d210b", "value": "217.12.202.99" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629826", "to_ids": true, "type": "url", "uuid": "560c0b02-f7f8-4999-af1e-8024950d210b", "value": "https://109.199.11.51/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629827", "to_ids": true, "type": "url", "uuid": "560c0b03-76f0-4bd6-8b4a-8024950d210b", "value": "https://112.133.203.43/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629827", "to_ids": true, "type": "url", "uuid": "560c0b03-0800-4f9f-b294-8024950d210b", "value": "https://142.47.213.123/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629828", "to_ids": true, "type": "url", "uuid": "560c0b04-57f4-47e2-bb55-8024950d210b", "value": "https://150.129.49.11/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629828", "to_ids": true, "type": "url", "uuid": "560c0b04-a9c0-4ca8-915e-8024950d210b", "value": "https://173.216.247.74/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629828", "to_ids": true, "type": "url", "uuid": "560c0b04-a4e4-4ce0-9025-8024950d210b", "value": "https://173.248.31.6/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629829", "to_ids": true, "type": "url", "uuid": "560c0b05-e784-4dda-b82c-8024950d210b", "value": "https://176.101.135.103/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629829", "to_ids": true, "type": "url", "uuid": "560c0b05-a2d0-4696-b25c-8024950d210b", "value": "https://180.233.123.210/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629830", "to_ids": true, "type": "url", "uuid": "560c0b06-0388-40ca-a336-8024950d210b", "value": "https://185.89.64.160/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629831", "to_ids": true, "type": "url", "uuid": "560c0b07-f714-4b6c-a235-8024950d210b", "value": "https://186.68.94.38/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629831", "to_ids": true, "type": "url", "uuid": "560c0b07-bd58-456f-b9e2-8024950d210b", "value": "https://194.28.191.245/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629832", "to_ids": true, "type": "url", "uuid": "560c0b08-a104-4bef-9481-8024950d210b", "value": "https://197.210.199.21/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629833", "to_ids": true, "type": "url", "uuid": "560c0b09-5148-4e3a-9f4b-8024950d210b", "value": "https://203.115.103.27/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629834", "to_ids": true, "type": "url", "uuid": "560c0b0a-1250-40a9-ae80-8024950d210b", "value": "https://203.129.197.50/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629834", "to_ids": true, "type": "url", "uuid": "560c0b0a-21f4-41ca-b5ce-8024950d210b", "value": "https://208.117.68.78/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629835", "to_ids": true, "type": "url", "uuid": "560c0b0b-5338-4e84-b53d-8024950d210b", "value": "https://209.27.49.117/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629836", "to_ids": true, "type": "url", "uuid": "560c0b0c-9668-4567-b5f4-8024950d210b", "value": "https://213.92.138.154/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629837", "to_ids": true, "type": "url", "uuid": "560c0b0d-bb78-4575-98b9-8024950d210b", "value": "https://24.148.217.188/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629838", "to_ids": true, "type": "url", "uuid": "560c0b0e-86c0-4048-8088-8024950d210b", "value": "https://24.33.131.116/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629838", "to_ids": true, "type": "url", "uuid": "560c0b0e-828c-4788-8943-8024950d210b", "value": "https://27.109.20.53/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629839", "to_ids": true, "type": "url", "uuid": "560c0b0f-df50-4d35-b4a2-8024950d210b", "value": "https://37.57.144.177/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629840", "to_ids": true, "type": "url", "uuid": "560c0b10-3a08-4c66-84c1-8024950d210b", "value": "https://42.47.213.123/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629841", "to_ids": true, "type": "url", "uuid": "560c0b11-06a8-4aea-8b4c-8024950d210b", "value": "https://45.64.159.18/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629841", "to_ids": true, "type": "url", "uuid": "560c0b11-cd30-4183-b9c1-8024950d210b", "value": "https://63.248.156.246/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629842", "to_ids": true, "type": "url", "uuid": "560c0b12-caf8-4c72-ab6c-8024950d210b", "value": "https://65.33.236.173/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629843", "to_ids": true, "type": "url", "uuid": "560c0b13-ffac-4387-9f80-8024950d210b", "value": "https://67.207.229.215/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629844", "to_ids": true, "type": "url", "uuid": "560c0b14-5d18-4170-8182-8024950d210b", "value": "https://67.221.147.66/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629845", "to_ids": true, "type": "url", "uuid": "560c0b15-307c-4f97-b64d-8024950d210b", "value": "https://67.221.195.6/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629845", "to_ids": true, "type": "url", "uuid": "560c0b15-03c8-48e1-8392-8024950d210b", "value": "https://67.222.201.222/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629846", "to_ids": true, "type": "url", "uuid": "560c0b16-f550-4758-b165-8024950d210b", "value": "https://67.222.201.61/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629847", "to_ids": true, "type": "url", "uuid": "560c0b17-a588-4fbb-9572-8024950d210b", "value": "https://68.70.242.203/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629848", "to_ids": true, "type": "url", "uuid": "560c0b18-83a0-42fb-b0fd-8024950d210b", "value": "https://69.144.171.44/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629848", "to_ids": true, "type": "url", "uuid": "560c0b18-3f74-43cc-a026-8024950d210b", "value": "https://69.9.204.114/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629849", "to_ids": true, "type": "url", "uuid": "560c0b19-6be8-418b-8b24-8024950d210b", "value": "https://72.175.10.116/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629850", "to_ids": true, "type": "url", "uuid": "560c0b1a-d270-4ff2-92ac-8024950d210b", "value": "https://72.230.82.80/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629851", "to_ids": true, "type": "url", "uuid": "560c0b1b-1d5c-4876-9844-8024950d210b", "value": "https://77.48.30.156/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629852", "to_ids": true, "type": "url", "uuid": "560c0b1c-a6fc-43c7-86ff-8024950d210b", "value": "https://78.108.101.67/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629852", "to_ids": true, "type": "url", "uuid": "560c0b1c-fd24-4dd2-8b62-8024950d210b", "value": "https://78.72.233.105/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629853", "to_ids": true, "type": "url", "uuid": "560c0b1d-6db0-45ec-bdf4-8024950d210b", "value": "https://82.115.76.211/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629854", "to_ids": true, "type": "url", "uuid": "560c0b1e-2c10-46ae-9acb-8024950d210b", "value": "https://82.160.64.45/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629855", "to_ids": true, "type": "url", "uuid": "560c0b1f-d05c-4a90-8795-8024950d210b", "value": "https://85.135.104.170/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629855", "to_ids": true, "type": "url", "uuid": "560c0b1f-cd5c-45ab-9ce3-8024950d210b", "value": "https://87.249.142.189/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629856", "to_ids": true, "type": "url", "uuid": "560c0b20-f104-4d39-898b-8024950d210b", "value": "https://89.239.120.43/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629857", "to_ids": true, "type": "url", "uuid": "560c0b21-2ffc-46a6-ba4b-8024950d210b", "value": "https://91.246.105.164/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629858", "to_ids": true, "type": "url", "uuid": "560c0b22-f4fc-4ca4-884d-8024950d210b", "value": "https://94.141.130.9/Ares13.zip" }, { "category": "Network activity", "comment": "Upatre Downloading Dyre", "deleted": false, "disable_correlation": false, "timestamp": "1443629858", "to_ids": true, "type": "url", "uuid": "560c0b23-a3ec-48d8-9a95-8024950d210b", "value": "https://94.40.82.66/Ares13.zip" }, { "category": "Payload delivery", "comment": "Attachment hash", "deleted": false, "disable_correlation": false, "timestamp": "1443629905", "to_ids": true, "type": "sha256", "uuid": "560c0b51-2b14-448e-802c-801c950d210b", "value": "5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae" }, { "category": "Payload delivery", "comment": "Upatre (id 22_U13) hash", "deleted": false, "disable_correlation": false, "timestamp": "1443629906", "to_ids": true, "type": "sha256", "uuid": "560c0b52-a140-4534-9cb3-801c950d210b", "value": "afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237" }, { "category": "Payload delivery", "comment": "Dyreza (id 2209us13) hash", "deleted": false, "disable_correlation": false, "timestamp": "1443629906", "to_ids": true, "type": "sha256", "uuid": "560c0b52-4d9c-4f09-b8b8-801c950d210b", "value": "dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c" }, { "category": "Network activity", "comment": "Upatre C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629933", "to_ids": true, "type": "ip-dst", "uuid": "560c0b6d-66a0-41c0-ad3c-8023950d210b", "value": "197.149.90.166" }, { "category": "Network activity", "comment": "Dyreza C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629933", "to_ids": true, "type": "ip-dst", "uuid": "560c0b6d-de34-454b-bc5a-8023950d210b", "value": "195.154.105.117" }, { "category": "Network activity", "comment": "Dyreza C2", "deleted": false, "disable_correlation": false, "timestamp": "1443629934", "to_ids": true, "type": "ip-dst", "uuid": "560c0b6e-a818-4f1a-9e3f-8023950d210b", "value": "217.12.202.99" }, { "category": "Network activity", "comment": "Xbagging additional code", "deleted": false, "disable_correlation": false, "timestamp": "1443629993", "to_ids": true, "type": "url", "uuid": "560c0ba9-0474-43a7-ab02-6789950d210b", "value": "http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/5716367236.txt" }, { "category": "Network activity", "comment": "Xbagging additional code", "deleted": false, "disable_correlation": false, "timestamp": "1443629993", "to_ids": true, "type": "url", "uuid": "560c0ba9-e23c-44cf-9560-6789950d210b", "value": "http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/5716367236.txt" }, { "category": "Network activity", "comment": "Xbagging payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1443629994", "to_ids": true, "type": "url", "uuid": "560c0baa-9064-4a68-a023-6789950d210b", "value": "http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/pipi.txt" }, { "category": "Network activity", "comment": "Xbagging payload URL", "deleted": false, "disable_correlation": false, "timestamp": "1443629994", "to_ids": true, "type": "url", "uuid": "560c0baa-58c4-4165-bc49-6789950d210b", "value": "http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/pipi.txt" }, { "category": "Network activity", "comment": "Upatre", "deleted": false, "disable_correlation": false, "timestamp": "1443629995", "to_ids": true, "type": "url", "uuid": "560c0bab-13a4-4976-864d-6789950d210b", "value": "http://pcsolutionsexpert.com/wp-content/uploads/2015/08/calc.exe" }, { "category": "Payload delivery", "comment": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c", "deleted": false, "disable_correlation": false, "timestamp": "1443680288", "to_ids": true, "type": "sha1", "uuid": "560cd020-8424-4fee-a01c-6221950d210b", "value": "eae3eafac1334886ddbcf80a79895e5ff8fcbe98" }, { "category": "Payload delivery", "comment": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c", "deleted": false, "disable_correlation": false, "timestamp": "1443680288", "to_ids": true, "type": "md5", "uuid": "560cd020-0a68-4277-860c-6221950d210b", "value": "512d1c84ca16c2d968ffcbf5c7a08780" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443680289", "to_ids": false, "type": "link", "uuid": "560cd021-3128-418d-8394-6221950d210b", "value": "https://www.virustotal.com/file/dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c/analysis/1443014113/" }, { "category": "Payload delivery", "comment": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237", "deleted": false, "disable_correlation": false, "timestamp": "1443680289", "to_ids": true, "type": "sha1", "uuid": "560cd021-7c28-437c-bb92-6221950d210b", "value": "e9c9b888e1e9b952ee65d71e2d2ac29f50655425" }, { "category": "Payload delivery", "comment": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237", "deleted": false, "disable_correlation": false, "timestamp": "1443680290", "to_ids": true, "type": "md5", "uuid": "560cd022-6bd8-4997-8302-6221950d210b", "value": "842cedae3fdfb20457aa8038c1893b2f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443680290", "to_ids": false, "type": "link", "uuid": "560cd022-fc14-4020-8e06-6221950d210b", "value": "https://www.virustotal.com/file/afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237/analysis/1443102943/" }, { "category": "Payload delivery", "comment": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae", "deleted": false, "disable_correlation": false, "timestamp": "1443680291", "to_ids": true, "type": "sha1", "uuid": "560cd023-2e7c-46a8-8597-6221950d210b", "value": "7d706930bb0e66bd58012634b6f7333f9f3c7324" }, { "category": "Payload delivery", "comment": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae", "deleted": false, "disable_correlation": false, "timestamp": "1443680291", "to_ids": true, "type": "md5", "uuid": "560cd023-f5b0-45c7-ac21-6221950d210b", "value": "32ec9366e495e049cdd762ba3e2efe1a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443680292", "to_ids": false, "type": "link", "uuid": "560cd024-91ac-4d95-a274-6221950d210b", "value": "https://www.virustotal.com/file/5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae/analysis/1443436758/" } ] } }