{ "Event": { "analysis": "1", "date": "2017-07-14", "extends_uuid": "", "info": "M2M - Encrypted Docx Campaign", "publish_timestamp": "1500058498", "published": true, "threat_level_id": "3", "timestamp": "1500058493", "uuid": "5968d8bc-9874-4fc2-ab64-4d7c950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "md5", "uuid": "5968d8bd-05a8-4ec7-89b8-4165950d210f", "value": "031cbd2f5c2ec443c7f3957cd98666f2" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "md5", "uuid": "5968d8bd-ffa4-4c28-9679-4bb1950d210f", "value": "5d688046d113f85481eb28dd1617f4c8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "url", "uuid": "5968d8bd-8680-43ba-a0ad-4dc7950d210f", "value": "http://46.17.40.142/45.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "ip-dst", "uuid": "5968d8bd-88d4-4c37-be58-414c950d210f", "value": "46.17.40.142" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "url", "uuid": "5968d8be-36c8-467a-9030-4464950d210f", "value": "http://www.afripaper.co.za/Readme.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8be-0d2c-42b2-91cd-41b2950d210f", "value": "www.afripaper.co.za" }, { "category": "Network activity", "comment": "www.afripaper.co.za", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "ip-dst", "uuid": "5968d8bf-c224-47c4-85b8-4bb2950d210f", "value": "41.76.209.200" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "url", "uuid": "5968d8bf-84dc-46f1-a964-4ec9950d210f", "value": "http://vreken.co.za/php.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8c0-5a28-4f0e-b4b2-482c950d210f", "value": "vreken.co.za" }, { "category": "Network activity", "comment": "vreken.co.za", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "ip-dst", "uuid": "5968d8c0-fa8c-4ffc-bf8e-41ad950d210f", "value": "85.10.213.74" }, { "category": "Network activity", "comment": "DGA seed text", "deleted": false, "disable_correlation": false, "timestamp": "1500058482", "to_ids": false, "type": "url", "uuid": "5968d8c1-bd08-4f73-af5d-455d950d210f", "value": "http://www.php.net/license/3_0.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500058414", "to_ids": false, "type": "hostname", "uuid": "5968d8c1-28b8-4121-8a19-4e98950d210f", "value": "www.php.net" }, { "category": "Network activity", "comment": "www.php.net", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "ip-dst", "uuid": "5968d8c2-7bb8-47e6-ada7-43bd950d210f", "value": "72.52.91.14" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8c3-7e54-4c10-b74e-49cc950d210f", "value": "theindividualsa.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e1-0e68-4a7f-acca-4b52950d210f", "value": "phpbehalfasayingengright.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e1-a2a4-4a02-aeff-47d0950d210f", "value": "andpromoteaphpvoluntary.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e2-215c-4b33-a4a2-45de950d210f", "value": "andthefollowing.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e2-d4b4-4bda-b238-412f950d210f", "value": "pleasetheliable.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e2-ede8-4033-9942-47ae950d210f", "value": "developmentfstrict.ru" }, { "category": "Network activity", "comment": "developmentfstrict.ru", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "ip-dst", "uuid": "5968d8e2-d07c-4a77-af2c-4d5d950d210f", "value": "87.106.18.141" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d8e3-4cec-47da-ba4f-4eee950d210f", "value": "yotherwiseforms.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d901-6b24-4a70-84c1-4e3b950d210f", "value": "termswrittennew.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d901-d2ac-4af7-8970-44d9950d210f", "value": "incidentalarizend.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "hostname", "uuid": "5968d901-3c50-4b56-b6cc-426d950d210f", "value": "disclaimersource.ru" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "sha256", "uuid": "5968dbca-1a2c-49d3-a3d8-46f802de0b81", "value": "68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "sha1", "uuid": "5968dbca-ab5c-417b-b9df-452a02de0b81", "value": "6ad2f8a07c6f460cd90a800f2ab439d355644be7" }, { "category": "External analysis", "comment": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "link", "uuid": "5968dbca-fb74-4987-af9f-45b602de0b81", "value": "https://www.virustotal.com/file/68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86/analysis/1499950427/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "sha256", "uuid": "5968dbca-5744-4b5f-b3ea-4f2202de0b81", "value": "e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": true, "type": "sha1", "uuid": "5968dbca-48d4-413d-ba9f-4cfe02de0b81", "value": "43cfb4ea8f6a1bb049f94653aa89d462b19ead04" }, { "category": "External analysis", "comment": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8", "deleted": false, "disable_correlation": false, "timestamp": "1500044234", "to_ids": false, "type": "link", "uuid": "5968dbca-a24c-4515-b49a-450e02de0b81", "value": "https://www.virustotal.com/file/e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b/analysis/1500007097/" } ] } }