{ "Event": { "analysis": "2", "date": "2014-12-08", "extends_uuid": "", "info": "OSINT Assorted IOCs associated to Andromeda restlesz.su domain", "publish_timestamp": "1418042857", "published": true, "threat_level_id": "3", "timestamp": "1418028082", "uuid": "5485615b-86f4-4385-a7a3-f894950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#33FF00", "local": "0", "name": "tlp:green", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027366", "to_ids": true, "type": "domain", "uuid": "54856166-173c-421b-891d-4564950d210b", "value": "restlesz.su" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027378", "to_ids": false, "type": "comment", "uuid": "54856172-dac4-463e-a138-cfed950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027415", "to_ids": false, "type": "link", "uuid": "54856197-2360-4f83-bdc2-cff0950d210b", "value": "https://www.robtex.com/en/advisory/dns/su/restlesz/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027415", "to_ids": false, "type": "link", "uuid": "54856197-78a0-4d72-93bf-cff0950d210b", "value": "http://www.scam.cz/2014/10/account-reviewed-paypal-phishing.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027416", "to_ids": false, "type": "link", "uuid": "54856198-e240-4e9d-a1be-cff0950d210b", "value": "http://www.phishtank.com/phish_detail.php?phish_id=2307001&frame=details" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027416", "to_ids": false, "type": "link", "uuid": "54856198-5e34-4dbd-a14c-cff0950d210b", "value": "https://www.virustotal.com/en/domain/fe-cc.su/information/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027416", "to_ids": false, "type": "link", "uuid": "54856198-2060-4164-b451-cff0950d210b", "value": "http://www.phishtank.com/phish_detail.php?phish_id=2295899&frame=details" }, { "category": "Attribution", "comment": "Registrant", "deleted": false, "disable_correlation": false, "timestamp": "1418027454", "to_ids": false, "type": "text", "uuid": "548561be-b478-4529-82e6-d673950d210b", "value": "rawixidawax@hotmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027511", "to_ids": true, "type": "domain", "uuid": "548561f7-83b0-481b-a6a5-d67c950d210b", "value": "devicesta.ru" }, { "category": "External analysis", "comment": "Mostly", "deleted": false, "disable_correlation": false, "timestamp": "1418027524", "to_ids": false, "type": "text", "uuid": "54856204-e5f0-4933-a091-f894950d210b", "value": "Andromeda" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027559", "to_ids": true, "type": "sha1", "uuid": "54856227-8e98-4c29-a195-cfed950d210b", "value": "c3463de6074006586adb8693d50425ca92cf648d" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027559", "to_ids": true, "type": "sha1", "uuid": "54856227-04b4-4fa4-a1de-cfed950d210b", "value": "848c0e539ccb63ec255815887d30b00ac6656a79" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027559", "to_ids": true, "type": "sha1", "uuid": "54856227-fdb8-4be5-9ef9-cfed950d210b", "value": "f57f3a94d049f322450b45e70e1d40daf83283fd" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027559", "to_ids": true, "type": "sha1", "uuid": "54856227-d1a0-4777-b9de-cfed950d210b", "value": "40204de2c697c0ba9645c397a4cbeba1fae132b6" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027559", "to_ids": true, "type": "sha1", "uuid": "54856227-ed30-449f-a832-cfed950d210b", "value": "375e3ea02f5132e8be658214c421baeeda0c1555" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-59dc-4a34-8cbd-cfed950d210b", "value": "0c8b800108969c750d8e99af742f6b92df6952ae" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-8cf8-4c09-8d45-cfed950d210b", "value": "0b999e887e055c2804de8c9ccbdf213d2bb8b7aa" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-5888-4f47-ae87-cfed950d210b", "value": "0ba294c3a6385692c861df04b2981ef853044154" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-1368-4294-b6cb-cfed950d210b", "value": "0d5a395056322b94be09f67101eea7a318065a2e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-7e18-48df-b2a1-cfed950d210b", "value": "e506c4f9e35d8fa04ef5c940165c3c8a05233d73" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-1f9c-4a59-9086-cfed950d210b", "value": "3fab1c6258e1732af9c3a1964a1949e9ee46a477" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-7bd0-40f0-a606-cfed950d210b", "value": "07c64c49356c2c5ede0293b94ef629155fb64a04" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-0960-4b37-93a6-cfed950d210b", "value": "4c46214a92680812bcb33ac363ecb51fca931a15" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-4c94-4cba-9f5e-cfed950d210b", "value": "3bb7e8888a3d4453c7953d3b5b9b81e3032e5e77" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-bd60-45cd-887c-cfed950d210b", "value": "9fba92bbe22de3efdfa70905df8858705a452852" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-82b0-4a8d-aefd-cfed950d210b", "value": "8e031c24a766c655b39cef1ff1b12b2698e69ca9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-5120-43d9-810e-cfed950d210b", "value": "351b87826564efebd7fc1c25f9068297d24331a2" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-9898-41ea-87e6-cfed950d210b", "value": "df7870c693e98b298d5b321400c2c28216e43c5c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027560", "to_ids": true, "type": "sha1", "uuid": "54856228-595c-48e0-a921-cfed950d210b", "value": "5091032c26177dbe8d0cf494f78385290b186d52" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1418027561", "to_ids": true, "type": "sha1", "uuid": "54856229-eddc-4fe6-bf7a-cfed950d210b", "value": "04edc2f4376fab3b9d34bc117891e6c7f265feac" } ] } }