{ "Event": { "analysis": "0", "date": "2016-07-19", "extends_uuid": "", "info": "Malspam 2016-07-19 .docm (campaign: \"Documents from work\")", "publish_timestamp": "1468998357", "published": true, "threat_level_id": "3", "timestamp": "1468937188", "uuid": "578e31c3-c0a4-4113-9df2-4449950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#3b7500", "local": "0", "name": "circl:incident-classification=\"malware\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468936868", "to_ids": true, "type": "url", "uuid": "578e32a4-bc7c-430f-a39f-44da950d210f", "value": "http://kveldeil.no/0hb765" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468936868", "to_ids": true, "type": "domain", "uuid": "578e32a4-29fc-40ee-9f3a-4a27950d210f", "value": "kveldeil.no" }, { "category": "Network activity", "comment": "download location", "deleted": false, "disable_correlation": false, "timestamp": "1468936869", "to_ids": true, "type": "ip-dst", "uuid": "578e32a5-0e78-4715-aa41-41fb950d210f", "value": "85.252.49.19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1468937188", "to_ids": false, "type": "email-subject", "uuid": "578e33e4-10d8-41da-b294-4732950d210f", "value": "Documents from work" } ] } }