{ "Event": { "analysis": "0", "date": "2016-08-29", "extends_uuid": "", "info": "Malspam 2016-08-29 (.wsf in .zip) - campaign: \"Please find attached invoice no\"", "publish_timestamp": "1472481988", "published": true, "threat_level_id": "3", "timestamp": "1472481466", "uuid": "57c42744-662c-4f6e-bd21-7d2e950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#3b7500", "name": "circl:incident-classification=\"malware\"" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472990", "to_ids": true, "type": "url", "uuid": "57c4279e-4610-4cd2-8c6d-46e2950d210f", "value": "http://www.dialektika.extra.hu/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472991", "to_ids": true, "type": "hostname", "uuid": "57c4279f-0b20-43ea-9e2f-4106950d210f", "value": "www.dialektika.extra.hu" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472991", "to_ids": true, "type": "ip-dst", "uuid": "57c4279f-23e8-49b3-b64c-4ed6950d210f", "value": "185.33.52.18" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472991", "to_ids": true, "type": "url", "uuid": "57c4279f-187c-4f7f-b55d-4131950d210f", "value": "http://sektori.pp.fi/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472991", "to_ids": true, "type": "hostname", "uuid": "57c4279f-2290-4ee7-a6f5-4835950d210f", "value": "sektori.pp.fi" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472992", "to_ids": true, "type": "ip-dst", "uuid": "57c427a0-48d0-4caa-a28e-4b0d950d210f", "value": "195.170.137.244" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472992", "to_ids": true, "type": "url", "uuid": "57c427a0-e320-4229-88c7-4d70950d210f", "value": "http://www.webcam-bild.de/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472992", "to_ids": true, "type": "hostname", "uuid": "57c427a0-7f7c-4406-9b72-49f7950d210f", "value": "www.webcam-bild.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472992", "to_ids": true, "type": "ip-dst", "uuid": "57c427a0-f0a4-489b-9fd1-46db950d210f", "value": "109.237.132.10" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472992", "to_ids": true, "type": "url", "uuid": "57c427a0-2d10-4118-876a-4c54950d210f", "value": "http://www.saumi.jazztel.es/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472993", "to_ids": true, "type": "hostname", "uuid": "57c427a1-b558-4065-88cc-4534950d210f", "value": "www.saumi.jazztel.es" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472993", "to_ids": true, "type": "ip-dst", "uuid": "57c427a1-cf64-4d01-8146-4ad0950d210f", "value": "62.14.3.195" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472993", "to_ids": true, "type": "url", "uuid": "57c427a1-9058-4b06-9c91-44d4950d210f", "value": "http://www.agenziadini.it/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472993", "to_ids": true, "type": "hostname", "uuid": "57c427a1-f39c-4123-bff1-4b2a950d210f", "value": "www.agenziadini.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472994", "to_ids": true, "type": "ip-dst", "uuid": "57c427a2-ec88-419f-b908-4215950d210f", "value": "213.205.40.169" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472994", "to_ids": true, "type": "url", "uuid": "57c427a2-e508-4546-a423-4bf7950d210f", "value": "http://club.konjiki.jp/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472994", "to_ids": true, "type": "hostname", "uuid": "57c427a2-17b8-4870-9092-4603950d210f", "value": "club.konjiki.jp" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472994", "to_ids": true, "type": "ip-dst", "uuid": "57c427a2-d624-4ba4-a5ba-4697950d210f", "value": "112.140.42.29" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472995", "to_ids": true, "type": "url", "uuid": "57c427a3-6bdc-49b6-bfb9-46f4950d210f", "value": "http://ach-dziennik.cba.pl/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472995", "to_ids": true, "type": "hostname", "uuid": "57c427a3-c1dc-4db7-9df2-421e950d210f", "value": "ach-dziennik.cba.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472995", "to_ids": true, "type": "ip-dst", "uuid": "57c427a3-9e9c-47d8-86a4-4911950d210f", "value": "95.211.144.65" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472995", "to_ids": true, "type": "url", "uuid": "57c427a3-5bfc-4025-aea8-44c6950d210f", "value": "http://bypetra.de/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472995", "to_ids": true, "type": "domain", "uuid": "57c427a3-f170-4f85-ba3a-4d47950d210f", "value": "bypetra.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472996", "to_ids": true, "type": "ip-dst", "uuid": "57c427a4-838c-48e1-9e0c-4a49950d210f", "value": "212.40.179.61" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472996", "to_ids": true, "type": "url", "uuid": "57c427a4-9524-4606-bfe5-488e950d210f", "value": "http://www.bluedizioni.com/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472996", "to_ids": true, "type": "hostname", "uuid": "57c427a4-9a38-4fb6-8d67-4b25950d210f", "value": "www.bluedizioni.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472996", "to_ids": true, "type": "url", "uuid": "57c427a4-7450-4c26-a969-4e08950d210f", "value": "http://www.culturalheritagemanagement.org/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472996", "to_ids": true, "type": "hostname", "uuid": "57c427a4-4c00-4e74-91f5-4fec950d210f", "value": "www.culturalheritagemanagement.org" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472997", "to_ids": true, "type": "url", "uuid": "57c427a5-16dc-4ac5-b200-4dcc950d210f", "value": "http://jamesm.co.uk/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472997", "to_ids": true, "type": "hostname", "uuid": "57c427a5-28b4-4fca-b83b-4f15950d210f", "value": "jamesm.co.uk" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472997", "to_ids": true, "type": "ip-dst", "uuid": "57c427a5-5898-43b7-a326-4674950d210f", "value": "83.223.104.160" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472997", "to_ids": true, "type": "url", "uuid": "57c427a5-fc80-40f8-b14b-46e2950d210f", "value": "http://conserpa.vtrbandaancha.net/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472998", "to_ids": true, "type": "hostname", "uuid": "57c427a6-acbc-4d5c-afb3-411e950d210f", "value": "conserpa.vtrbandaancha.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472998", "to_ids": true, "type": "ip-dst", "uuid": "57c427a6-5ffc-4762-a23f-488e950d210f", "value": "200.83.4.62" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472998", "to_ids": true, "type": "url", "uuid": "57c427a6-6c00-43a2-a60e-4d94950d210f", "value": "http://job.atspace.org/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472998", "to_ids": true, "type": "hostname", "uuid": "57c427a6-40d8-471f-b9f6-4ad8950d210f", "value": "job.atspace.org" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472998", "to_ids": true, "type": "ip-dst", "uuid": "57c427a6-5b5c-4cb9-a40d-479b950d210f", "value": "82.197.131.109" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472999", "to_ids": true, "type": "url", "uuid": "57c427a7-87f4-4084-8f6b-4dd7950d210f", "value": "http://www.planet-intv.com/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472999", "to_ids": true, "type": "hostname", "uuid": "57c427a7-5fdc-4288-b181-45a5950d210f", "value": "www.planet-intv.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472472999", "to_ids": true, "type": "ip-dst", "uuid": "57c427a7-a7cc-425e-82b9-4b57950d210f", "value": "167.114.43.19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1472473149", "to_ids": false, "type": "email-subject", "uuid": "57c4283d-96f0-4e00-a577-7a58950d210f", "value": "Please find attached invoice no" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481458", "to_ids": true, "type": "ip-dst", "uuid": "57c448b2-9154-4569-a85b-7a54950d210f", "value": "151.1.159.165" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481458", "to_ids": true, "type": "ip-dst", "uuid": "57c448b2-a848-4efd-a7df-7a54950d210f", "value": "162.210.101.104" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481458", "to_ids": true, "type": "ip-dst", "uuid": "57c448b2-7e1c-4d66-b7ab-7a54950d210f", "value": "193.144.125.70" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481458", "to_ids": true, "type": "ip-dst", "uuid": "57c448b2-d3cc-4110-a171-7a54950d210f", "value": "195.130.132.84" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481458", "to_ids": true, "type": "ip-dst", "uuid": "57c448b2-f404-4c55-a026-7a54950d210f", "value": "195.78.215.76" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481459", "to_ids": true, "type": "ip-dst", "uuid": "57c448b3-181c-4107-91ab-7a54950d210f", "value": "210.224.175.186" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481459", "to_ids": true, "type": "ip-dst", "uuid": "57c448b3-edfc-4ff8-b00a-7a54950d210f", "value": "213.180.150.17" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481459", "to_ids": true, "type": "ip-dst", "uuid": "57c448b3-8ae8-4719-9e78-7a54950d210f", "value": "216.87.186.101" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481459", "to_ids": true, "type": "ip-dst", "uuid": "57c448b3-0d74-46ea-b0ff-7a54950d210f", "value": "217.22.207.207" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481459", "to_ids": true, "type": "ip-dst", "uuid": "57c448b3-0da8-451b-84d2-7a54950d210f", "value": "81.169.145.223" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481460", "to_ids": true, "type": "ip-dst", "uuid": "57c448b4-c5bc-4e34-ada4-7a54950d210f", "value": "81.196.20.134" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481460", "to_ids": true, "type": "url", "uuid": "57c448b4-02f4-40d5-b57a-7a54950d210f", "value": "http://iesjaumei.edu.gva.es/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481460", "to_ids": true, "type": "url", "uuid": "57c448b4-97c4-4f65-9040-7a54950d210f", "value": "http://immobilien1000.de/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481460", "to_ids": true, "type": "url", "uuid": "57c448b4-ac6c-41af-88eb-7a54950d210f", "value": "http://lokum1985.republika.pl/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481461", "to_ids": true, "type": "url", "uuid": "57c448b5-dc44-4f4c-9f96-7a54950d210f", "value": "http://spaceinn.co.jp/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481461", "to_ids": true, "type": "url", "uuid": "57c448b5-1c80-49fb-8b80-7a54950d210f", "value": "http://vicariassicurazioni.it/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481461", "to_ids": true, "type": "url", "uuid": "57c448b5-98ac-47aa-a224-7a54950d210f", "value": "http://www.agriturismoigirasoli.it/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481461", "to_ids": true, "type": "url", "uuid": "57c448b5-2024-4b77-8754-7a54950d210f", "value": "http://www.dondana.com/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481462", "to_ids": true, "type": "url", "uuid": "57c448b6-72d8-480f-8832-7a54950d210f", "value": "http://www.epikal.go.ro/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481462", "to_ids": true, "type": "url", "uuid": "57c448b6-4e44-4ee8-91b0-7a54950d210f", "value": "http://www.fenit.net/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481462", "to_ids": true, "type": "url", "uuid": "57c448b6-0c9c-4e72-ae3b-7a54950d210f", "value": "http://www.jan-wallner.de/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481462", "to_ids": true, "type": "url", "uuid": "57c448b6-0210-425a-920d-7a54950d210f", "value": "http://www.kurtoskalacs.go.ro/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481462", "to_ids": true, "type": "url", "uuid": "57c448b6-1668-4673-8c08-7a54950d210f", "value": "http://www.lagottoromagnolo.be/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481463", "to_ids": true, "type": "url", "uuid": "57c448b7-55c4-494e-bf7e-7a54950d210f", "value": "http://www.qualityacoustic.comcastbiz.net/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481463", "to_ids": true, "type": "url", "uuid": "57c448b7-e0c0-4e37-9022-7a54950d210f", "value": "http://xelagon.50webs.org/78yhuinFYs" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481463", "to_ids": true, "type": "hostname", "uuid": "57c448b7-e928-4771-b7d9-7a54950d210f", "value": "iesjaumei.edu.gva.es" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481463", "to_ids": true, "type": "domain", "uuid": "57c448b7-f9d8-4db8-8bcf-7a54950d210f", "value": "immobilien1000.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481464", "to_ids": true, "type": "hostname", "uuid": "57c448b8-18e0-44c4-b7f2-7a54950d210f", "value": "lokum1985.republika.pl" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481464", "to_ids": true, "type": "hostname", "uuid": "57c448b8-8f24-4887-ad9d-7a54950d210f", "value": "spaceinn.co.jp" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481464", "to_ids": true, "type": "domain", "uuid": "57c448b8-514c-484d-bf81-7a54950d210f", "value": "vicariassicurazioni.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481464", "to_ids": true, "type": "hostname", "uuid": "57c448b8-cb84-4cb9-a909-7a54950d210f", "value": "www.agriturismoigirasoli.it" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481465", "to_ids": true, "type": "hostname", "uuid": "57c448b9-3b58-44a9-8746-7a54950d210f", "value": "www.dondana.com" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481465", "to_ids": true, "type": "hostname", "uuid": "57c448b9-7f7c-4f76-9335-7a54950d210f", "value": "www.epikal.go.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481465", "to_ids": true, "type": "hostname", "uuid": "57c448b9-faf8-41e3-aa93-7a54950d210f", "value": "www.fenit.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481465", "to_ids": true, "type": "hostname", "uuid": "57c448b9-3e80-4f21-9e53-7a54950d210f", "value": "www.jan-wallner.de" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481465", "to_ids": true, "type": "hostname", "uuid": "57c448b9-ebdc-4902-8659-7a54950d210f", "value": "www.kurtoskalacs.go.ro" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481466", "to_ids": true, "type": "hostname", "uuid": "57c448ba-c980-48e1-8586-7a54950d210f", "value": "www.lagottoromagnolo.be" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481466", "to_ids": true, "type": "hostname", "uuid": "57c448ba-c04c-48b8-ad39-7a54950d210f", "value": "www.qualityacoustic.comcastbiz.net" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1472481466", "to_ids": true, "type": "hostname", "uuid": "57c448ba-63b8-4f9d-ab76-7a54950d210f", "value": "xelagon.50webs.org" } ] } }