{ "Event": { "analysis": "2", "date": "2017-07-12", "extends_uuid": "", "info": "HackShit phishing as a service", "publish_timestamp": "1500277912", "published": true, "threat_level_id": "4", "timestamp": "1500277889", "uuid": "596c6ae1-d4f0-4d84-8718-4a50950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#326300", "local": "0", "name": "circl:incident-classification=\"phishing\"", "relationship_type": "" }, { "colour": "#856c13", "local": "0", "name": "Phishing", "relationship_type": "" }, { "colour": "#00e7e7", "local": "0", "name": "ecsirt:fraud=\"phishing\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500277553", "to_ids": false, "type": "link", "uuid": "596c6b31-c730-4996-9438-4312950d210f", "value": "https://resources.netskope.com/h/i/352356475-phishing-as-a-service-phishing-revamped" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500277723", "to_ids": true, "type": "hostname", "uuid": "596c6bdb-1f2c-4d3a-9cc4-4909950d210f", "value": "pod-1.logshit.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500277723", "to_ids": true, "type": "hostname", "uuid": "596c6bdb-8704-4b6a-a588-49cf950d210f", "value": "pod.logshit.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500277734", "to_ids": true, "type": "domain", "uuid": "596c6be6-72c8-4412-84e1-4bd9950d210f", "value": "hackshit.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1500277734", "to_ids": true, "type": "domain", "uuid": "596c6be6-0b2c-4e5a-be5d-4cb8950d210f", "value": "logshit.com" }, { "category": "Network activity", "comment": "CDN, but the hostname is specific to this customer/site", "deleted": false, "disable_correlation": false, "timestamp": "1500277864", "to_ids": true, "type": "hostname", "uuid": "596c6c68-e7a0-4742-aaf2-4af3950d210f", "value": "hspod-1.eu1.evennode.com" } ] } }