{ "Event": { "analysis": "2", "date": "2016-06-06", "extends_uuid": "", "info": "OSINT - Lame proxychanger, apparently related to a clickfraud botnet.", "publish_timestamp": "1465220802", "published": true, "threat_level_id": "3", "timestamp": "1465220677", "uuid": "57557d45-1590-4513-925d-4516950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1465220443", "to_ids": false, "type": "link", "uuid": "57557d5b-5784-4f5b-8c19-4000950d210f", "value": "https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botnet/" }, { "category": "Network activity", "comment": "PAC file", "deleted": false, "disable_correlation": false, "timestamp": "1465220483", "to_ids": true, "type": "url", "uuid": "57557d83-b6f0-4d6f-acdc-4ac1950d210f", "value": "http://xn--51haaa.ml/server.pac" }, { "category": "Network activity", "comment": "PAC file", "deleted": false, "disable_correlation": false, "timestamp": "1465220483", "to_ids": true, "type": "url", "uuid": "57557d83-6ac4-4586-9595-45e1950d210f", "value": "http://xn--51haaa.ml/proxy.pac" }, { "category": "Network activity", "comment": "PAC file", "deleted": false, "disable_correlation": false, "timestamp": "1465220483", "to_ids": true, "type": "url", "uuid": "57557d83-7330-4161-a166-4e15950d210f", "value": "http://xn--koa.net/proxy.pac" }, { "category": "Network activity", "comment": "PAC file", "deleted": false, "disable_correlation": false, "timestamp": "1465220484", "to_ids": true, "type": "url", "uuid": "57557d84-da20-4d16-be87-420d950d210f", "value": "http://wpad.com.gr/server.pac" }, { "category": "Network activity", "comment": "On port 8484", "deleted": false, "disable_correlation": false, "timestamp": "1465220484", "to_ids": true, "type": "url", "uuid": "57557d84-49fc-4a1e-a3fc-4260950d210f", "value": "http://93.190.137.240" }, { "category": "Network activity", "comment": "PAC file", "deleted": false, "disable_correlation": false, "timestamp": "1465220485", "to_ids": true, "type": "url", "uuid": "57557d85-a524-461e-9183-4f70950d210f", "value": "http://xn--koa.net/server.pac" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1465220520", "to_ids": true, "type": "ip-dst", "uuid": "57557da8-e0d4-40f4-bdda-4b2a950d210f", "value": "93.190.137.240" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220580", "to_ids": true, "type": "md5", "uuid": "57557de4-c03c-494d-9996-4b24950d210f", "value": "754df4b9e0a954f13ef0f4a01a7cc587" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220581", "to_ids": true, "type": "md5", "uuid": "57557de5-6174-46b1-8432-4cea950d210f", "value": "9dfebeacb2fcd8bf558caab4226e73e0" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220581", "to_ids": true, "type": "md5", "uuid": "57557de5-9268-48ac-9a8d-4d75950d210f", "value": "8da287ad9cee5376d5822012c1fdc1d8" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220582", "to_ids": true, "type": "md5", "uuid": "57557de6-f95c-450a-b4ce-4448950d210f", "value": "fb6e1bfb2083daaf0bf40b9ad5226d3d" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220582", "to_ids": true, "type": "md5", "uuid": "57557de6-77b8-427c-879b-4b31950d210f", "value": "d62b97f57093cc5cb4d1fd3cff89f63b" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220583", "to_ids": true, "type": "md5", "uuid": "57557de7-7b30-4b87-bc0c-42d9950d210f", "value": "f2afeeb6a6a205f6561bce5395d67730" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220583", "to_ids": true, "type": "sha1", "uuid": "57557de7-b080-45b6-b19d-45bf950d210f", "value": "374c760361a2e9d7aea99b784893ce2d50cd7c41" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220583", "to_ids": true, "type": "sha1", "uuid": "57557de7-fc28-4d74-9984-4c53950d210f", "value": "78543cc1a1441e730bc4b1f9570cb00285f7de79" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220584", "to_ids": true, "type": "sha1", "uuid": "57557de8-ff44-43f3-bc28-456c950d210f", "value": "641d10b10264d0d2fb7f94dfca819ad5bbca49a3" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220584", "to_ids": true, "type": "sha1", "uuid": "57557de8-2034-484b-89fb-428f950d210f", "value": "2d8e2a0eaa261402a58a20b8862d93e1096f6ce2" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220585", "to_ids": true, "type": "sha1", "uuid": "57557de9-7180-4b8b-b71f-4143950d210f", "value": "b505a0f13bf9439dcf621899b26bb32fdc2b5d44" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220585", "to_ids": true, "type": "sha1", "uuid": "57557de9-0154-4175-94a2-485a950d210f", "value": "83d15bc3d8cb28321602bc3ca4f47fd2a254b8ab" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220586", "to_ids": true, "type": "sha256", "uuid": "57557dea-7ac0-401e-a58c-4135950d210f", "value": "98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220586", "to_ids": true, "type": "sha256", "uuid": "57557dea-9fbc-44cd-ba5a-4a9f950d210f", "value": "e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220587", "to_ids": true, "type": "sha256", "uuid": "57557deb-3480-400a-a5ff-4954950d210f", "value": "b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220587", "to_ids": true, "type": "sha256", "uuid": "57557deb-749c-4eed-a3c0-4174950d210f", "value": "c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220588", "to_ids": true, "type": "sha256", "uuid": "57557dec-11e4-4c4d-a530-49d9950d210f", "value": "993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220588", "to_ids": true, "type": "sha256", "uuid": "57557dec-6314-4b72-a898-4491950d210f", "value": "1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220589", "to_ids": true, "type": "sha256", "uuid": "57557ded-70e0-4270-9e61-494b950d210f", "value": "86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220589", "to_ids": true, "type": "sha256", "uuid": "57557ded-e7f4-44ba-ad15-4c83950d210f", "value": "ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220590", "to_ids": true, "type": "sha256", "uuid": "57557dee-a7b4-4a24-9d01-48f6950d210f", "value": "eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220590", "to_ids": true, "type": "sha256", "uuid": "57557dee-dd1c-4ca4-b0c9-4bb2950d210f", "value": "2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220590", "to_ids": true, "type": "sha256", "uuid": "57557dee-24a4-448a-9a92-4666950d210f", "value": "eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220591", "to_ids": true, "type": "sha256", "uuid": "57557def-815c-45fe-9e75-49c9950d210f", "value": "e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220591", "to_ids": true, "type": "sha256", "uuid": "57557def-3c94-455a-938e-4936950d210f", "value": "426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220592", "to_ids": true, "type": "sha256", "uuid": "57557df0-6c78-435a-93f1-4705950d210f", "value": "b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220592", "to_ids": true, "type": "sha256", "uuid": "57557df0-3f84-45b4-936d-4dbd950d210f", "value": "ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220592", "to_ids": true, "type": "sha256", "uuid": "57557df0-f434-442b-b210-40ad950d210f", "value": "e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220593", "to_ids": true, "type": "sha256", "uuid": "57557df1-9120-4600-b632-44ea950d210f", "value": "b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet.", "deleted": false, "disable_correlation": false, "timestamp": "1465220593", "to_ids": true, "type": "sha256", "uuid": "57557df1-bca8-4943-bf53-4e77950d210f", "value": "9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1465220608", "to_ids": true, "type": "domain", "uuid": "57557e00-80d8-4133-827d-4a8f950d210f", "value": "xn--51haaa.ml" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1465220608", "to_ids": true, "type": "domain", "uuid": "57557e00-d764-4292-848d-4af8950d210f", "value": "xn--koa.net" }, { "category": "Network activity", "comment": "Imported via the Freetext Import Tool", "deleted": false, "disable_correlation": false, "timestamp": "1465220609", "to_ids": true, "type": "hostname", "uuid": "57557e01-4c50-43c6-b236-40f4950d210f", "value": "wpad.com.gr" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234", "deleted": false, "disable_correlation": false, "timestamp": "1465220677", "to_ids": false, "type": "link", "uuid": "57557e45-0d9c-4474-ad8d-432d02de0b81", "value": "https://www.virustotal.com/file/9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234/analysis/1450058531/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426", "deleted": false, "disable_correlation": false, "timestamp": "1465220678", "to_ids": true, "type": "sha1", "uuid": "57557e46-59b8-41ad-908d-42ed02de0b81", "value": "fe1cfeab9080ce9c0436813fc96ca89f1c9e3d07" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426", "deleted": false, "disable_correlation": false, "timestamp": "1465220678", "to_ids": true, "type": "md5", "uuid": "57557e46-3c14-4f93-8e79-424c02de0b81", "value": "713dc2ca729aad773380c6fca70af8b7" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426", "deleted": false, "disable_correlation": false, "timestamp": "1465220679", "to_ids": false, "type": "link", "uuid": "57557e47-f230-4459-815d-4ad202de0b81", "value": "https://www.virustotal.com/file/b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426/analysis/1463490982/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93", "deleted": false, "disable_correlation": false, "timestamp": "1465220679", "to_ids": true, "type": "sha1", "uuid": "57557e47-f344-4498-8b44-4fd802de0b81", "value": "73f0977a41ff0a32e9039d2e6f760de3c3083a3c" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93", "deleted": false, "disable_correlation": false, "timestamp": "1465220680", "to_ids": true, "type": "md5", "uuid": "57557e48-d0d8-41e9-a957-4a9102de0b81", "value": "521ac14c9aae6cac9b988dd4dd6a2f6b" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93", "deleted": false, "disable_correlation": false, "timestamp": "1465220680", "to_ids": false, "type": "link", "uuid": "57557e48-6190-45db-b5d5-4bbf02de0b81", "value": "https://www.virustotal.com/file/e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93/analysis/1463490981/" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f", "deleted": false, "disable_correlation": false, "timestamp": "1465220680", "to_ids": false, "type": "link", "uuid": "57557e48-9418-4765-81d4-4ac702de0b81", "value": "https://www.virustotal.com/file/ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f/analysis/1446478125/" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206", "deleted": false, "disable_correlation": false, "timestamp": "1465220681", "to_ids": false, "type": "link", "uuid": "57557e49-bc8c-49eb-a5f9-4a5702de0b81", "value": "https://www.virustotal.com/file/b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206/analysis/1464421408/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120", "deleted": false, "disable_correlation": false, "timestamp": "1465220681", "to_ids": true, "type": "sha1", "uuid": "57557e49-2ecc-447f-987d-4f7702de0b81", "value": "0e816e715c631c28ad8a82202b7fcfea00a72a30" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120", "deleted": false, "disable_correlation": false, "timestamp": "1465220682", "to_ids": true, "type": "md5", "uuid": "57557e4a-f784-4932-a95b-44bd02de0b81", "value": "99a0df95986f975a4e5229550d710f23" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120", "deleted": false, "disable_correlation": false, "timestamp": "1465220682", "to_ids": false, "type": "link", "uuid": "57557e4a-d290-4a02-acff-4a2102de0b81", "value": "https://www.virustotal.com/file/426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120/analysis/1463490983/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0", "deleted": false, "disable_correlation": false, "timestamp": "1465220683", "to_ids": true, "type": "sha1", "uuid": "57557e4b-e634-475b-9683-473802de0b81", "value": "468c249e2be922e524ca73f01b4ad662b6e5d411" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0", "deleted": false, "disable_correlation": false, "timestamp": "1465220683", "to_ids": true, "type": "md5", "uuid": "57557e4b-41cc-434c-92aa-402d02de0b81", "value": "57212490b784ecbdb9ce965acd228539" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0", "deleted": false, "disable_correlation": false, "timestamp": "1465220684", "to_ids": false, "type": "link", "uuid": "57557e4c-c58c-41f5-b275-493502de0b81", "value": "https://www.virustotal.com/file/e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0/analysis/1451634274/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167", "deleted": false, "disable_correlation": false, "timestamp": "1465220684", "to_ids": true, "type": "sha1", "uuid": "57557e4c-7b9c-4a0e-a450-4c5602de0b81", "value": "e1d791b60f69a08f81d0acb88f068ad2e8735585" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167", "deleted": false, "disable_correlation": false, "timestamp": "1465220684", "to_ids": true, "type": "md5", "uuid": "57557e4c-20b4-46a8-9431-427202de0b81", "value": "8f93e41c30911fd2321973c01277c752" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167", "deleted": false, "disable_correlation": false, "timestamp": "1465220685", "to_ids": false, "type": "link", "uuid": "57557e4d-2440-4ca8-87b7-4e1d02de0b81", "value": "https://www.virustotal.com/file/eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167/analysis/1463490983/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce", "deleted": false, "disable_correlation": false, "timestamp": "1465220685", "to_ids": true, "type": "sha1", "uuid": "57557e4d-e8ec-47ce-bcc7-4c3a02de0b81", "value": "1be920cb406d8fea6a554faa4f1457b2fed47df4" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce", "deleted": false, "disable_correlation": false, "timestamp": "1465220686", "to_ids": true, "type": "md5", "uuid": "57557e4e-95fc-4d0d-95a7-4c3802de0b81", "value": "c6b90576c2f6aae51fc932c98b17daf0" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce", "deleted": false, "disable_correlation": false, "timestamp": "1465220686", "to_ids": false, "type": "link", "uuid": "57557e4e-0ddc-477d-9c32-489202de0b81", "value": "https://www.virustotal.com/file/2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce/analysis/1464248617/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563", "deleted": false, "disable_correlation": false, "timestamp": "1465220687", "to_ids": true, "type": "sha1", "uuid": "57557e4f-bf88-4b9d-8744-467202de0b81", "value": "b67b22aafda1a77758014071bb12e6ba2e0b8a0f" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563", "deleted": false, "disable_correlation": false, "timestamp": "1465220687", "to_ids": true, "type": "md5", "uuid": "57557e4f-e8dc-485f-8074-400302de0b81", "value": "eed81f2283c05191c77ceec6ecf989bc" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563", "deleted": false, "disable_correlation": false, "timestamp": "1465220688", "to_ids": false, "type": "link", "uuid": "57557e50-a1d8-4e21-afeb-401a02de0b81", "value": "https://www.virustotal.com/file/eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563/analysis/1463490985/" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5", "deleted": false, "disable_correlation": false, "timestamp": "1465220688", "to_ids": false, "type": "link", "uuid": "57557e50-7f40-4da9-910d-41a602de0b81", "value": "https://www.virustotal.com/file/ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5/analysis/1463640490/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0", "deleted": false, "disable_correlation": false, "timestamp": "1465220688", "to_ids": true, "type": "sha1", "uuid": "57557e50-3edc-48dd-bb44-4e5b02de0b81", "value": "3c551bf3b31cf7b2aaa8a6beb5c9114315cf71ba" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0", "deleted": false, "disable_correlation": false, "timestamp": "1465220689", "to_ids": true, "type": "md5", "uuid": "57557e51-b434-4720-904d-474202de0b81", "value": "4f19bb0b2f343c2bcc25fe36bccbbab7" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0", "deleted": false, "disable_correlation": false, "timestamp": "1465220689", "to_ids": false, "type": "link", "uuid": "57557e51-e968-4f64-87a1-44ff02de0b81", "value": "https://www.virustotal.com/file/86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0/analysis/1463490981/" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26", "deleted": false, "disable_correlation": false, "timestamp": "1465220690", "to_ids": false, "type": "link", "uuid": "57557e52-73c4-4a52-8662-4aac02de0b81", "value": "https://www.virustotal.com/file/1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26/analysis/1453461325/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151", "deleted": false, "disable_correlation": false, "timestamp": "1465220690", "to_ids": true, "type": "sha1", "uuid": "57557e52-0e6c-4910-8519-47cb02de0b81", "value": "ac15fb527baa0058c059f20f1ef20b5c2bd16abc" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151", "deleted": false, "disable_correlation": false, "timestamp": "1465220691", "to_ids": true, "type": "md5", "uuid": "57557e53-1688-4253-bd64-412002de0b81", "value": "0681d610f382f5aa59e69d976ed7acdb" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151", "deleted": false, "disable_correlation": false, "timestamp": "1465220691", "to_ids": false, "type": "link", "uuid": "57557e53-3bc0-4883-bddd-4ee802de0b81", "value": "https://www.virustotal.com/file/993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151/analysis/1464094559/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd", "deleted": false, "disable_correlation": false, "timestamp": "1465220692", "to_ids": true, "type": "sha1", "uuid": "57557e54-9970-4a97-ae94-48b302de0b81", "value": "678046b7c48ab176fc0053ab22d4490f72e9e132" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd", "deleted": false, "disable_correlation": false, "timestamp": "1465220692", "to_ids": true, "type": "md5", "uuid": "57557e54-6134-4200-8443-4c0502de0b81", "value": "6a2ac9046e8632e00d52bfb804ddeb5e" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd", "deleted": false, "disable_correlation": false, "timestamp": "1465220692", "to_ids": false, "type": "link", "uuid": "57557e54-7104-43a9-b5c3-49bc02de0b81", "value": "https://www.virustotal.com/file/c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd/analysis/1463490982/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1", "deleted": false, "disable_correlation": false, "timestamp": "1465220693", "to_ids": true, "type": "sha1", "uuid": "57557e55-fda0-4638-9d59-48e302de0b81", "value": "9297023d51c5361dcfe26c17b5ec0d712e477260" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1", "deleted": false, "disable_correlation": false, "timestamp": "1465220693", "to_ids": true, "type": "md5", "uuid": "57557e55-20b0-47e1-a925-4d1c02de0b81", "value": "ef7fc17f694d2ce26d97247ba9b25c36" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1", "deleted": false, "disable_correlation": false, "timestamp": "1465220694", "to_ids": false, "type": "link", "uuid": "57557e56-b2d0-4e57-9029-4e5102de0b81", "value": "https://www.virustotal.com/file/b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1/analysis/1451634587/" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31", "deleted": false, "disable_correlation": false, "timestamp": "1465220694", "to_ids": false, "type": "link", "uuid": "57557e56-38c4-4e0d-aa31-44dd02de0b81", "value": "https://www.virustotal.com/file/e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31/analysis/1444238521/" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a", "deleted": false, "disable_correlation": false, "timestamp": "1465220695", "to_ids": true, "type": "sha1", "uuid": "57557e57-b064-4bdb-923c-461702de0b81", "value": "b44d0686e918c6708d091870aa91c2db63e84b41" }, { "category": "Payload delivery", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a", "deleted": false, "disable_correlation": false, "timestamp": "1465220695", "to_ids": true, "type": "md5", "uuid": "57557e57-b29c-4921-8c06-454b02de0b81", "value": "b29816a16f6ac75432d52848236c04db" }, { "category": "External analysis", "comment": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a", "deleted": false, "disable_correlation": false, "timestamp": "1465220695", "to_ids": false, "type": "link", "uuid": "57557e57-80f8-4e2a-a7ec-459902de0b81", "value": "https://www.virustotal.com/file/98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a/analysis/1463490983/" } ] } }