{ "Event": { "analysis": "2", "date": "2017-07-21", "extends_uuid": "", "info": "Finding Nemo(hosts) from Sofacy by ThreatConnect", "publish_timestamp": "1516105510", "published": true, "threat_level_id": "1", "timestamp": "1516105507", "uuid": "5a5de39e-cb60-4839-af53-c1be950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#11d000", "name": "admiralty-scale:information-credibility=\"3\"" }, { "colour": "#086200", "name": "admiralty-scale:source-reliability=\"c\"" }, { "colour": "#12e000", "name": "misp-galaxy:threat-actor=\"Sofacy\"" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#f71212", "name": "APT" }, { "colour": "#f1ee1d", "name": "Threat:Sofacy/APT28" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516102570", "to_ids": false, "type": "link", "uuid": "5a5de3aa-9528-4f42-bb53-c23a950d210f", "value": "https://www.threatconnect.com/blog/finding-nemohost-fancy-bear-infrastructure/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516102589", "to_ids": true, "type": "domain", "uuid": "5a5de3bd-2a70-4b29-9a3b-bec8950d210f", "value": "unisecproper.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516102590", "to_ids": true, "type": "ip-dst", "uuid": "5a5de3be-7050-413e-9696-bec8950d210f", "value": "92.114.92.134" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516102780", "to_ids": true, "type": "x509-fingerprint-sha256", "uuid": "5a5de471-f70c-4b95-bd94-c23a950d210f", "value": "f27c4270b9b9291f465ba5962c36ce38f438377acff300b5c82b3b145f0c9e94" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104113", "to_ids": true, "type": "x509-fingerprint-md5", "uuid": "5a5de99c-b3cc-4956-bb91-49ab950d210f", "value": "6e51db99647450387e583ecb67de7f6e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104093", "to_ids": true, "type": "x509-fingerprint-sha1", "uuid": "5a5de99d-d700-46a5-b239-44f7950d210f", "value": "a1833c32d5f61d6ef9d1bb0133585112069d770e" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104276", "to_ids": true, "type": "ip-dst", "uuid": "5a5dea54-e838-4396-bf7c-4ce7950d210f", "value": "86.107.42.11" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104398", "to_ids": true, "type": "ip-dst", "uuid": "5a5deace-b2b0-4540-9f0d-4ea8950d210f", "value": "179.43.128.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104436", "to_ids": true, "type": "ip-dst", "uuid": "5a5deaf4-4f08-48d8-bb3f-4bf3950d210f", "value": "208.91.197.91" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104437", "to_ids": true, "type": "domain", "uuid": "5a5deaf5-adbc-4c58-b662-4563950d210f", "value": "wmiapp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104437", "to_ids": true, "type": "domain", "uuid": "5a5deaf5-8704-4ddf-a777-4962950d210f", "value": "networkxc.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104438", "to_ids": true, "type": "ip-dst", "uuid": "5a5deaf6-0fa0-4c54-b78a-410e950d210f", "value": "185.183.107.38" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104438", "to_ids": true, "type": "domain", "uuid": "5a5deaf6-1d38-4a77-a829-4364950d210f", "value": "ndsee.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104439", "to_ids": true, "type": "ip-dst", "uuid": "5a5deaf7-c018-46f6-a75b-4407950d210f", "value": "185.86.150.26" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104439", "to_ids": true, "type": "domain", "uuid": "5a5deaf7-48fc-499e-92bc-4abc950d210f", "value": "neoderb.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104439", "to_ids": true, "type": "ip-dst", "uuid": "5a5deaf7-ac9c-42f9-9a06-49ca950d210f", "value": "188.40.155.241" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104440", "to_ids": true, "type": "domain", "uuid": "5a5deaf8-035c-4bd6-8ff2-4649950d210f", "value": "remnet.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104440", "to_ids": true, "type": "domain", "uuid": "5a5deaf8-5b10-4fd3-a016-499d950d210f", "value": "remotemanagesvc.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104441", "to_ids": true, "type": "domain", "uuid": "5a5deaf9-2d20-4ca2-aeba-4a1b950d210f", "value": "netcorpscanprotect.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104441", "to_ids": true, "type": "ip-dst", "uuid": "5a5deaf9-e390-42d9-98b3-4511950d210f", "value": "94.177.12.157" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104441", "to_ids": true, "type": "domain", "uuid": "5a5deaf9-6130-46ac-bc41-47b4950d210f", "value": "zpfgr.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104442", "to_ids": true, "type": "ip-dst", "uuid": "5a5deafa-a520-4f9d-a97f-4d60950d210f", "value": "94.177.12.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104442", "to_ids": true, "type": "domain", "uuid": "5a5deafa-b4c0-4fca-9b1f-4ba4950d210f", "value": "connectsmd.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104443", "to_ids": true, "type": "domain", "uuid": "5a5deafb-f7a8-485f-a305-4cbb950d210f", "value": "ckgob.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104443", "to_ids": true, "type": "ip-dst", "uuid": "5a5deafb-08cc-4537-890e-414e950d210f", "value": "88.99.21.169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104538", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5a-d0fc-453a-a5d9-489b950d210f", "value": "le0nard0@mail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104539", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5b-767c-49fc-bb8f-49e9950d210f", "value": "bertfuhrmann@gmx.de" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104539", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5b-8e34-448f-91fb-4a6c950d210f", "value": "manuel.herez@centrum.cz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104540", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5c-701c-41cf-a0d4-4498950d210f", "value": "cameron_gordon@centrum.cz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104540", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5c-3f7c-4619-a3db-422b950d210f", "value": "ernesto.rivero@mail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104541", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5d-e5f4-41ee-b3b1-4590950d210f", "value": "olavi_nieminen@suomi24.fi" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104541", "to_ids": true, "type": "whois-registrant-email", "uuid": "5a5deb5d-0858-429c-86ed-4ff3950d210f", "value": "luc_ma@iname.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104713", "to_ids": true, "type": "domain", "uuid": "5a5dec09-d1cc-436a-82f5-4452950d210f", "value": "dmsclock.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104713", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec09-00a8-407b-97cb-4de7950d210f", "value": "89.187.151.16" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104714", "to_ids": true, "type": "domain", "uuid": "5a5dec0a-694c-4ea8-bf32-421e950d210f", "value": "systemfromcuriousmoment.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104714", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0a-3ba4-4130-8e4f-41d6950d210f", "value": "185.86.150.188" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104714", "to_ids": true, "type": "domain", "uuid": "5a5dec0a-5de4-4a46-b062-4baa950d210f", "value": "driverfordell.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104715", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0b-7610-4a5c-9b80-4d70950d210f", "value": "5.255.80.50" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104715", "to_ids": true, "type": "domain", "uuid": "5a5dec0b-8794-4b86-b6f5-4590950d210f", "value": "hostsvcnet.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104716", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0c-1698-4d87-bdbd-495a950d210f", "value": "185.94.190.199" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104716", "to_ids": true, "type": "domain", "uuid": "5a5dec0c-d9e0-4f0b-a0bb-40de950d210f", "value": "intelstatistics.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104716", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0d-ccb0-46ce-8c91-40ab950d210f", "value": "5.135.199.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104717", "to_ids": true, "type": "domain", "uuid": "5a5dec0d-7150-4857-8097-4e5b950d210f", "value": "knightconsults.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104717", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0d-61e0-4718-8d78-4404950d210f", "value": "174.128.253.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104718", "to_ids": true, "type": "domain", "uuid": "5a5dec0e-62e8-4215-b8ff-412f950d210f", "value": "lopback.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104718", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0e-c9ac-4d4e-a9ef-4f5f950d210f", "value": "185.86.150.151" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104718", "to_ids": true, "type": "domain", "uuid": "5a5dec0e-61a4-40a0-b316-491e950d210f", "value": "nethostnet.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104719", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec0f-5c38-4d8a-9d88-4bee950d210f", "value": "86.105.1.12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104719", "to_ids": true, "type": "domain", "uuid": "5a5dec0f-1bc4-4a8d-9e98-4196950d210f", "value": "perfect-remote-service.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104720", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec10-52a8-4562-815d-4ebc950d210f", "value": "188.241.68.175" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104720", "to_ids": true, "type": "domain", "uuid": "5a5dec10-0f44-4341-90de-4092950d210f", "value": "probenet.eu" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104720", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec10-fbbc-4796-a000-40ef950d210f", "value": "86.105.1.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104721", "to_ids": true, "type": "domain", "uuid": "5a5dec11-aa90-4fbf-8668-46fb950d210f", "value": "remonitor.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104721", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec11-fdb4-4a07-b615-42da950d210f", "value": "185.94.192.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104722", "to_ids": true, "type": "domain", "uuid": "5a5dec12-566c-4636-aeb3-41f3950d210f", "value": "societyatcuriousteacher.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104722", "to_ids": true, "type": "domain", "uuid": "5a5dec12-049c-44a5-8f0d-4cd6950d210f", "value": "spelns.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104722", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec12-af94-4539-92c1-4e3a950d210f", "value": "89.44.103.18" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104723", "to_ids": true, "type": "domain", "uuid": "5a5dec13-3588-4d2b-bc4e-46de950d210f", "value": "unitedprosoftcompany.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104723", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec13-5360-4b7a-817e-4999950d210f", "value": "95.153.31.197" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104835", "to_ids": true, "type": "domain", "uuid": "5a5dec83-b510-42c1-9000-4df4950d210f", "value": "90update.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104836", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec84-7140-4201-8f2b-4c6e950d210f", "value": "213.252.244.105" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104836", "to_ids": true, "type": "domain", "uuid": "5a5dec84-55a4-449e-b4ad-4533950d210f", "value": "aljazeera-news.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104837", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec85-9a44-4bfe-99de-4d4d950d210f", "value": "213.252.244.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104837", "to_ids": true, "type": "domain", "uuid": "5a5dec85-2ec0-4717-a571-46fd950d210f", "value": "ambcomission.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104838", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec86-9f6c-4562-85dd-415f950d210f", "value": "185.25.51.38" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104838", "to_ids": true, "type": "domain", "uuid": "5a5dec86-bb04-45d4-bf71-4048950d210f", "value": "cryptokind.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104838", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec86-598c-4136-8df3-4cec950d210f", "value": "213.252.246.24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104839", "to_ids": true, "type": "domain", "uuid": "5a5dec87-ca40-4461-953b-4014950d210f", "value": "deshcoin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104839", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec87-d6c0-4e32-9fd7-476f950d210f", "value": "185.25.48.249" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104840", "to_ids": true, "type": "domain", "uuid": "5a5dec88-b2ec-4d09-b552-422c950d210f", "value": "dochardproofing.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104840", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec88-2010-49ba-9452-4c09950d210f", "value": "185.25.51.173" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104841", "to_ids": true, "type": "domain", "uuid": "5a5dec89-8ab8-4acc-bdc8-4107950d210f", "value": "ebramka.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104841", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec89-b4a8-4297-88de-4fbd950d210f", "value": "185.25.50.156" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104842", "to_ids": true, "type": "domain", "uuid": "5a5dec8a-62d8-42a1-b520-40ed950d210f", "value": "fes-auth.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104842", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8a-d078-4166-8004-47d5950d210f", "value": "91.108.68.209" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104842", "to_ids": true, "type": "domain", "uuid": "5a5dec8a-9ffc-421f-8192-4a42950d210f", "value": "hello76.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104843", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8b-74b4-495a-879c-4190950d210f", "value": "185.64.105.7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104843", "to_ids": true, "type": "domain", "uuid": "5a5dec8b-2328-4f6e-bc5e-4df1950d210f", "value": "hostedopenfiles.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104844", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8c-9c08-44e4-aae1-475f950d210f", "value": "185.25.50.93" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104844", "to_ids": true, "type": "domain", "uuid": "5a5dec8c-9848-4f12-9d60-47a0950d210f", "value": "kiteim.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104845", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8d-8000-4e9d-94db-4223950d210f", "value": "5.255.80.68" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104845", "to_ids": true, "type": "domain", "uuid": "5a5dec8d-9cbc-4543-914a-41ee950d210f", "value": "kremotevn.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104846", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8e-62e8-405f-b58b-4666950d210f", "value": "86.105.1.128" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104846", "to_ids": true, "type": "domain", "uuid": "5a5dec8e-92f4-4ea0-824b-487b950d210f", "value": "lasarenas.lt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104847", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec8f-e274-4ed5-9ba1-4d31950d210f", "value": "91.216.163.204" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104847", "to_ids": true, "type": "domain", "uuid": "5a5dec8f-6e74-4ba5-a3ff-40a8950d210f", "value": "megauploadfiles.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104848", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec90-4bc8-4db4-a9c8-42f8950d210f", "value": "5.135.199.24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104848", "to_ids": true, "type": "domain", "uuid": "5a5dec90-0f8c-47c8-837a-4923950d210f", "value": "nemaskalitnium.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104849", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec91-d268-4585-80ad-4fbb950d210f", "value": "173.44.58.240" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104849", "to_ids": true, "type": "domain", "uuid": "5a5dec91-7fa8-471b-ae4d-4264950d210f", "value": "networkfilehosting.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104850", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec92-4b20-4826-897f-4d2e950d210f", "value": "213.252.247.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104850", "to_ids": true, "type": "domain", "uuid": "5a5dec92-59a4-4b8d-b730-433f950d210f", "value": "news-almasirah.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104851", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec93-0cc8-4564-b794-4ff3950d210f", "value": "213.252.244.115" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104851", "to_ids": true, "type": "domain", "uuid": "5a5dec93-0194-4657-96d3-4c99950d210f", "value": "newsfromsource.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104851", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec94-189c-4904-a7e9-43db950d210f", "value": "91.216.163.224" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104852", "to_ids": true, "type": "domain", "uuid": "5a5dec94-7adc-462f-adbb-4c8a950d210f", "value": "platnosci.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104852", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec94-666c-4f5c-a787-4e5d950d210f", "value": "213.252.247.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104853", "to_ids": true, "type": "domain", "uuid": "5a5dec95-2a70-4932-8d9e-484b950d210f", "value": "postmarksmtp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104853", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec95-6aec-4d18-a41f-42c1950d210f", "value": "185.25.51.120" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104854", "to_ids": true, "type": "domain", "uuid": "5a5dec96-e758-42dc-9c9c-4cb3950d210f", "value": "remsvc.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104854", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec96-7c1c-48cd-abf4-425e950d210f", "value": "91.108.68.180" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104855", "to_ids": true, "type": "domain", "uuid": "5a5dec97-ba64-4951-9286-45f8950d210f", "value": "rhfcoin.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104855", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec97-9a74-4f84-b658-4c9f950d210f", "value": "91.216.163.229" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104855", "to_ids": true, "type": "domain", "uuid": "5a5dec97-8840-4f94-9aa2-4ee6950d210f", "value": "sa7efa.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104856", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec98-3d70-4a9d-ba68-4e60950d210f", "value": "91.216.163.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104856", "to_ids": true, "type": "domain", "uuid": "5a5dec98-9fd0-4bee-b0a8-416c950d210f", "value": "searchbrain.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104857", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec99-00e0-4247-a5a0-443c950d210f", "value": "91.216.163.203" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104857", "to_ids": true, "type": "domain", "uuid": "5a5dec99-0a20-4898-b89b-4c6a950d210f", "value": "serbview.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104858", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec9a-7d78-4cd3-94b5-48a2950d210f", "value": "5.255.93.224" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104858", "to_ids": true, "type": "domain", "uuid": "5a5dec9a-2588-4ab6-b70c-457f950d210f", "value": "startthedownload.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104859", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec9b-40bc-4f31-aa8f-4763950d210f", "value": "213.252.247.168" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104859", "to_ids": true, "type": "domain", "uuid": "5a5dec9b-4218-4f0c-b05c-4182950d210f", "value": "showitem.lt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104860", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec9c-a4ec-451e-9d21-42c7950d210f", "value": "213.252.247.159" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104860", "to_ids": true, "type": "domain", "uuid": "5a5dec9c-e000-4621-a429-4188950d210f", "value": "uploadsforyou.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104860", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec9c-6864-418d-b7de-4eb7950d210f", "value": "185.25.50.144" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104861", "to_ids": true, "type": "domain", "uuid": "5a5dec9d-9ee0-4843-b277-4673950d210f", "value": "wintwinbtc.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516104861", "to_ids": true, "type": "ip-dst", "uuid": "5a5dec9d-c9f8-4d9f-b28a-4274950d210f", "value": "185.25.48.27" } ] } }