{ "Event": { "analysis": "2", "date": "2016-05-08", "extends_uuid": "", "info": "Fake scan campaings (20160505 - 20160507) using docm - Dridex", "publish_timestamp": "1462697526", "published": true, "threat_level_id": "3", "timestamp": "1462697324", "uuid": "572efbbc-ba08-4a82-b879-400d02de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1462696943", "to_ids": true, "type": "url", "uuid": "572efbef-6894-4dd0-a438-480602de0b81", "value": "fm1.ntlweb.org/87hcnrewe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1462696943", "to_ids": true, "type": "url", "uuid": "572efbef-28e4-487d-835b-4ecc02de0b81", "value": "iconigram.com/87hcnrewe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1462696943", "to_ids": true, "type": "url", "uuid": "572efbef-6b4c-485a-96b8-4c2402de0b81", "value": "www.sammelarmband.de/87hcnrewe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1462696944", "to_ids": true, "type": "url", "uuid": "572efbf0-65fc-41dc-9dd6-48d102de0b81", "value": "hospice.psy.free.fr/87hcnrewe" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1462696973", "to_ids": true, "type": "ip-dst", "uuid": "572efc0d-33dc-4c5a-86b2-424602de0b81", "value": "192.241.252.152" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1462696973", "to_ids": true, "type": "ip-dst", "uuid": "572efc0d-c538-47f4-9f65-477c02de0b81", "value": "195.169.147.26" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1462696974", "to_ids": true, "type": "ip-dst", "uuid": "572efc0e-66ec-433d-a8aa-408d02de0b81", "value": "70.164.127.132" }, { "category": "Payload delivery", "comment": "Dropped binary", "deleted": false, "disable_correlation": false, "timestamp": "1462697038", "to_ids": true, "type": "sha256", "uuid": "572efc4e-cc64-4b0f-9b5f-427f02de0b81", "value": "84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e" }, { "category": "Payload delivery", "comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e", "deleted": false, "disable_correlation": false, "timestamp": "1462697062", "to_ids": true, "type": "sha1", "uuid": "572efc66-9ccc-4e82-8172-41a202de0b81", "value": "a835542d280eb8a3cc508cd57bcd94fd2393fc31" }, { "category": "Payload delivery", "comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e", "deleted": false, "disable_correlation": false, "timestamp": "1462697063", "to_ids": true, "type": "md5", "uuid": "572efc67-9714-4709-8f5f-49d302de0b81", "value": "803358c128aae4faed24e194d6388e68" }, { "category": "External analysis", "comment": "Dropped binary - Xchecked via VT: 84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e", "deleted": false, "disable_correlation": false, "timestamp": "1462697063", "to_ids": false, "type": "link", "uuid": "572efc67-a9ac-4e71-91f3-482302de0b81", "value": "https://www.virustotal.com/file/84997e293dd1707b95c5ade8cc241742dd697f04f8f592545f8d140c801b6b3e/analysis/1462526126/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1462697117", "to_ids": true, "type": "url", "uuid": "572efc9d-79a4-4199-bde2-46cc02de0b81", "value": "http://meregivo.com.ua/87hcnrewe" }, { "category": "Payload delivery", "comment": "malicious docm", "deleted": false, "disable_correlation": false, "timestamp": "1462697227", "to_ids": true, "type": "sha256", "uuid": "572efd0b-677c-4f67-a705-4cb302de0b81", "value": "af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab" }, { "category": "Payload delivery", "comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab", "deleted": false, "disable_correlation": false, "timestamp": "1462697235", "to_ids": true, "type": "sha1", "uuid": "572efd13-8974-4e7a-947f-465102de0b81", "value": "f9cb0984f6fcc3e76070bd8f71c193f58000c1a7" }, { "category": "Payload delivery", "comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab", "deleted": false, "disable_correlation": false, "timestamp": "1462697236", "to_ids": true, "type": "md5", "uuid": "572efd14-e58c-42aa-865b-4e5d02de0b81", "value": "a52fc2b17771577ee1e72a08f99fa432" }, { "category": "External analysis", "comment": "malicious docm - Xchecked via VT: af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab", "deleted": false, "disable_correlation": false, "timestamp": "1462697236", "to_ids": false, "type": "link", "uuid": "572efd14-f9e8-4c6b-8e9c-4bb802de0b81", "value": "https://www.virustotal.com/file/af69220c029de7fa6f180f98c176263d24d187d1be7321e866b9d96e5c314fab/analysis/1462544836/" }, { "category": "Payload delivery", "comment": "malicious docm", "deleted": false, "disable_correlation": false, "timestamp": "1462697317", "to_ids": true, "type": "sha256", "uuid": "572efd55-bef4-4d63-9929-46d002de0b81", "value": "0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25" }, { "category": "Payload delivery", "comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25", "deleted": false, "disable_correlation": false, "timestamp": "1462697324", "to_ids": true, "type": "sha1", "uuid": "572efd6c-7f24-4459-9832-43d202de0b81", "value": "892d09d04fa087df98fb0c2941b7a39c4c938822" }, { "category": "Payload delivery", "comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25", "deleted": false, "disable_correlation": false, "timestamp": "1462697324", "to_ids": true, "type": "md5", "uuid": "572efd6c-e894-4c0f-be22-4f2902de0b81", "value": "22feec8b1b12603a6efc8d098817b99a" }, { "category": "External analysis", "comment": "malicious docm - Xchecked via VT: 0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25", "deleted": false, "disable_correlation": false, "timestamp": "1462697324", "to_ids": false, "type": "link", "uuid": "572efd6c-e2b4-44ed-9962-470b02de0b81", "value": "https://www.virustotal.com/file/0ec823c91274f3fad610d5ac8a89cfcac0dfdf506c214384320d864c163b2d25/analysis/1462544863/" } ] } }