{ "Event": { "analysis": "0", "date": "2016-10-17", "extends_uuid": "", "info": "Spam week 43 (mule acquisition) - probably related to Locky resources", "publish_timestamp": "1477059467", "published": true, "threat_level_id": "3", "timestamp": "1477059258", "uuid": "58046227-00a0-47fb-a125-c025950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682389", "to_ids": true, "type": "url", "uuid": "58046295-dae4-43f8-9802-4fb9950d210f", "value": "http://bdgtest.bluedoor.com.cn/discuz/myfolder/nkrisl2/par/cg-bn/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682390", "to_ids": true, "type": "hostname", "uuid": "58046296-9cf8-41df-9bd1-4041950d210f", "value": "bdgtest.bluedoor.com.cn" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682390", "to_ids": true, "type": "ip-dst", "uuid": "58046296-fcec-43d4-bfd4-4543950d210f", "value": "121.46.0.100" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682391", "to_ids": true, "type": "url", "uuid": "58046297-43f4-45ea-8fb1-4069950d210f", "value": "http://benavent.cat/accionsenegal/wp-content/uploads/2016/09/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682392", "to_ids": true, "type": "domain", "uuid": "58046298-8d08-44a4-bc99-4585950d210f", "value": "benavent.cat" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682393", "to_ids": true, "type": "ip-dst", "uuid": "58046299-04d0-4911-994a-429a950d210f", "value": "160.153.73.137" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682393", "to_ids": true, "type": "url", "uuid": "58046299-e90c-4f3f-8ea6-45a0950d210f", "value": "http://bestedates.com/wp-content/plugins/woocommerce/templates/checkout/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682394", "to_ids": true, "type": "domain", "uuid": "5804629a-cb54-4fe8-bf42-4fa0950d210f", "value": "bestedates.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682394", "to_ids": true, "type": "ip-dst", "uuid": "5804629a-bfe4-4102-b42d-4154950d210f", "value": "160.153.162.16" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682395", "to_ids": true, "type": "url", "uuid": "5804629b-af28-4df7-b562-485c950d210f", "value": "http://canaryislands.website/media/editors/codemirror/mode/ttcn-cfg/" }, { "category": "Payload delivery", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682396", "to_ids": true, "type": "filename", "uuid": "5804629c-af78-4ace-92c0-4edf950d210f", "value": "canaryislands.website" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476682396", "to_ids": true, "type": "ip-dst", "uuid": "5804629c-9538-4c0b-bc11-4607950d210f", "value": "160.153.16.30" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476804966", "to_ids": true, "type": "url", "uuid": "58064166-63f8-4728-bcbf-bd57950d210f", "value": "http://bbwsa.com/templates/beez3/html/com_content/article/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476804966", "to_ids": true, "type": "domain", "uuid": "58064166-dfdc-4cb4-855a-bd57950d210f", "value": "bbwsa.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476804966", "to_ids": true, "type": "ip-dst", "uuid": "58064166-de0c-470d-b7c0-bd57950d210f", "value": "50.23.93.227" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476807444", "to_ids": true, "type": "url", "uuid": "58064b14-19dc-4426-8ee8-b516950d210f", "value": "http://billfoundation.org/wp-includes/js/tinymce/plugins/wptextpattern/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476807445", "to_ids": true, "type": "domain", "uuid": "58064b15-e7c4-415e-9edd-b516950d210f", "value": "billfoundation.org" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476807445", "to_ids": true, "type": "ip-dst", "uuid": "58064b15-d08c-4b11-b655-b516950d210f", "value": "52.202.112.204" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476887229", "to_ids": true, "type": "url", "uuid": "580782bd-335c-464f-b96a-442f950d210f", "value": "http://belevtsev.net/media/plugin_googlemap3/site/moodalbox/img/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476887230", "to_ids": true, "type": "domain", "uuid": "580782be-7dac-42b7-983e-4ada950d210f", "value": "belevtsev.net" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1476887230", "to_ids": true, "type": "ip-dst", "uuid": "580782be-9dc0-4dde-9257-475f950d210f", "value": "195.208.1.164" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059255", "to_ids": true, "type": "url", "uuid": "580a22b7-d324-4933-91ea-41a9950d210f", "value": "http://faithfulwebhosting.com/wp-content/themes/Divi/epanel/shortcodes/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059255", "to_ids": true, "type": "domain", "uuid": "580a22b7-f8c0-4c6d-b969-4fba950d210f", "value": "faithfulwebhosting.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059255", "to_ids": true, "type": "ip-dst", "uuid": "580a22b7-a07c-460b-9e1a-40b9950d210f", "value": "199.116.255.248" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059255", "to_ids": true, "type": "url", "uuid": "580a22b7-4578-4772-9502-4b3d950d210f", "value": "http://fazzini.missionline.org/newsletter/admin/FCKeditor/editor/skins/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059256", "to_ids": true, "type": "hostname", "uuid": "580a22b8-5228-4e35-9f52-4e2a950d210f", "value": "fazzini.missionline.org" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059256", "to_ids": true, "type": "ip-dst", "uuid": "580a22b8-fe78-4b32-8104-476f950d210f", "value": "93.62.255.201" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059256", "to_ids": true, "type": "url", "uuid": "580a22b8-409c-483c-8d48-4e72950d210f", "value": "http://feeltohealfitness.com/wp-content/themes/CelebrityMag/images/socialicons/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059256", "to_ids": true, "type": "domain", "uuid": "580a22b8-6d90-4e3c-8f76-452a950d210f", "value": "feeltohealfitness.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059256", "to_ids": true, "type": "ip-dst", "uuid": "580a22b8-c1a8-42ba-8fa4-430f950d210f", "value": "50.63.100.1" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059257", "to_ids": true, "type": "url", "uuid": "580a22b9-9484-4a1f-a89a-4e00950d210f", "value": "http://festiv-bras.com/wp-includes/js/tinymce/plugins/wpembed/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059257", "to_ids": true, "type": "domain", "uuid": "580a22b9-2f50-4225-95df-42c9950d210f", "value": "festiv-bras.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059257", "to_ids": true, "type": "ip-dst", "uuid": "580a22b9-9680-4aa6-a594-467b950d210f", "value": "149.202.56.129" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059257", "to_ids": true, "type": "url", "uuid": "580a22b9-c044-4f4f-ab66-4934950d210f", "value": "http://getdeone.com/wp-content/uploads/2016/08/" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059258", "to_ids": true, "type": "domain", "uuid": "580a22ba-7970-4132-9668-47c8950d210f", "value": "getdeone.com" }, { "category": "Network activity", "comment": "compromised resource", "deleted": false, "disable_correlation": false, "timestamp": "1477059258", "to_ids": true, "type": "ip-dst", "uuid": "580a22ba-0ee8-4d45-b64a-4ad1950d210f", "value": "104.238.124.62" } ] } }