{ "Event": { "analysis": "2", "date": "2019-06-26", "extends_uuid": "5d13bc95-ecbc-4af9-b684-423602de0b81", "info": "Soft Cell case - Related indicators from correlations", "publish_timestamp": "1594387629", "published": true, "threat_level_id": "3", "timestamp": "1594387608", "uuid": "5d13be9e-bb04-4946-899d-409e02de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": "0", "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": "0", "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-9aac-47bd-b831-479802de0b81", "value": "asyspy256.ddns.net" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "sha256", "uuid": "5d13beb9-0aa4-4139-bb10-4c0302de0b81", "value": "177fcb8c089ad981fd1353d74fce5d13f26a6db78224c96209162cc145cf5ee8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "sha256", "uuid": "5d13beb9-f780-4a83-8682-4a7a02de0b81", "value": "40d6a2f0e12cbaa34db35bf2bac713cb3ab26e01c26289ad74fd88391ff33a84" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "url", "uuid": "5d13beb9-bbcc-473f-a1df-480402de0b81", "value": "https://asyspy256.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "url", "uuid": "5d13beb9-e288-4d7d-b564-420902de0b81", "value": "http://asyspy256.ddns.net/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "sha256", "uuid": "5d13beb9-4184-4585-b676-4d6502de0b81", "value": "56620a8035dc7244ccd525f11ed4b1b683794e9d72076363c6a8424ccfe64dd5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "ip-dst", "uuid": "5d13beb9-a71c-4126-be17-4d2b02de0b81", "value": "210.56.60.240" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "ip-dst", "uuid": "5d13beb9-e17c-4690-aff5-444902de0b81", "value": "45.121.48.106" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "ip-dst", "uuid": "5d13beb9-b1f8-4716-8d89-419402de0b81", "value": "112.213.106.148" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "ip-dst", "uuid": "5d13beb9-0ca0-447f-838f-458102de0b81", "value": "211.21.23.69" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "ip-dst", "uuid": "5d13beb9-89b0-4419-8775-483f02de0b81", "value": "118.184.15.106" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-91d0-4529-8b77-4bf902de0b81", "value": "sz2016rose.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-43dc-44b7-acdd-484f02de0b81", "value": "hotkillmail9sddcc.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-c44c-4108-b934-456802de0b81", "value": "rosaf112.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-0c18-4438-9e15-4e7102de0b81", "value": "cvdfhjh1231.myftp.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-15a4-411b-9cc6-49ff02de0b81", "value": "211-21-23-69.hinet-ip.hinet.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-8610-477d-b3d0-4d5902de0b81", "value": "dffwescwer4325.myftp.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-4eec-45e1-a1aa-4ece02de0b81", "value": "cvdfhjh12311.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-872c-4027-a62f-4c5302de0b81", "value": "cvdfhjh1231.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-71f0-47e1-99ae-424002de0b81", "value": "www.zhonglic.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "domain", "uuid": "5d13beb9-2278-4f6d-8a57-485402de0b81", "value": "8993327.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-df1c-4ac8-927a-4a5b02de0b81", "value": "ns1.hostgamma.asia" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "domain", "uuid": "5d13beb9-240c-4205-8ba4-497002de0b81", "value": "bm999999.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-55ac-475c-b1fa-43aa02de0b81", "value": "www.bm999999.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-3fbc-426e-b402-41cd02de0b81", "value": "15e752e3e1a29b41.cdn.jiashule.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "hostname", "uuid": "5d13beb9-0c88-419a-9bd6-4ad002de0b81", "value": "ns11.kowloonhosting.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "domain", "uuid": "5d13beb9-5b8c-40a3-af8f-493502de0b81", "value": "swisspatentlaw.cn" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "domain", "uuid": "5d13beb9-dfa4-4247-8e37-45a502de0b81", "value": "prescottarts.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "domain", "uuid": "5d13beb9-4a58-4a2b-8672-47de02de0b81", "value": "ressya-hiroba.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "url", "uuid": "5d13beb9-0390-4b7f-ac78-46c602de0b81", "value": "https://hotkillmail9sddcc.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575097", "to_ids": true, "type": "url", "uuid": "5d13beb9-e888-4872-8da7-4c6f02de0b81", "value": "http://hotkillmail9sddcc.ddns.net/84efbd38001399bd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "sha256", "uuid": "5d13bf36-34b0-463c-94c4-47e302de0b81", "value": "fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "sha256", "uuid": "5d13bf36-1918-4d1d-a293-4ead02de0b81", "value": "12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-0018-454b-ae78-4c8802de0b81", "value": "http://rosaf112.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-9240-415f-a057-443602de0b81", "value": "http://sz2016rose.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-d01c-41ff-9a8e-4f1202de0b81", "value": "http://hotkillmail9sddcc.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-2c4c-4778-86b8-485d02de0b81", "value": "https://sz2016rose.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-0940-4c62-95f0-442502de0b81", "value": "https://cvdfhjh1231.myftp.biz/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-c440-46dd-93db-491302de0b81", "value": "http://cvdfhjh1231.myftp.biz/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-f87c-4312-923f-4f9602de0b81", "value": "https://rosaf112.ddns.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575222", "to_ids": true, "type": "url", "uuid": "5d13bf36-e3f4-424a-86b6-4b5a02de0b81", "value": "http://rosaf112.ddns.net/rosaf112.ddns.net/65afed00000000ca" }, { "category": "Network activity", "comment": "SINKHOLE", "deleted": false, "disable_correlation": false, "timestamp": "1594387607", "to_ids": true, "type": "ip-dst", "uuid": "5d13bf99-1430-4f9d-98d5-bf3202de0b81", "value": "45.77.226.209" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-252c-45cb-b663-bf3202de0b81", "value": "ca297d004b32a058b56a2360a38b8841483c97642b243b97c3e2a26386665f5c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-294c-45ab-9bd1-bf3202de0b81", "value": "60faca782fa4be9366714d63f581afe5e3bec28968e4d8bf13ddb27cbf69308e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-f418-4199-9ba8-bf3202de0b81", "value": "e1eedf55a76696735ca11ae38bfb8079fd9870dd823b8e0510704fd1c3877cd4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-6eac-4a22-8ac1-bf3202de0b81", "value": "430683d033fe8d97300fa5dfac139f9b407d930a2f05455a24433192e1034eab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-2230-4c4d-8d5f-bf3202de0b81", "value": "57baf7f8092fc10b488271603fadb80e8d73b2944ddbf9868441d54c730b607e" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "domain", "uuid": "5d13bf99-8ac4-4937-b48f-bf3202de0b81", "value": "gokeenakte.top" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "hostname", "uuid": "5d13bf99-b308-4963-a36f-bf3202de0b81", "value": "ciscoupdate2019.gotdns.ch" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "hostname", "uuid": "5d13bf99-c720-4faf-b302-bf3202de0b81", "value": "zstoreshoping.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "domain", "uuid": "5d13bf99-78bc-472a-90af-bf3202de0b81", "value": "booomaahuuoooapl.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "domain", "uuid": "5d13bf99-ffc4-4388-886d-bf3202de0b81", "value": "tashdqdxp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "hostname", "uuid": "5d13bf99-8148-49d0-9633-bf3202de0b81", "value": "download311a7g5117main.booomaahuuoooapl.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "domain", "uuid": "5d13bf99-1e48-473f-80e8-bf3202de0b81", "value": "joshel.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "hostname", "uuid": "5d13bf99-960c-4884-b932-bf3202de0b81", "value": "www.tashdqdxp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "domain", "uuid": "5d13bf99-fa48-4773-9bbd-bf3202de0b81", "value": "buygearnow.xyz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-7c18-450a-b719-bf3202de0b81", "value": "b32c619e1976f425192f50bd9c0a345c62695221142c9803d180d769c3a138da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-cfc0-46a7-b030-bf3202de0b81", "value": "d87997a5749f699e77e56aa651c076f408aaa1e906f165bc33f7239f90d6b0fd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-2938-4dcc-b9e4-bf3202de0b81", "value": "fd20b7afc3581173c7e80fa67bd7bf3962fe8e757dc131315c4932dc4dce7c83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81", "value": "074cc53b54be2de8ca4900dd2d7821fb09c2025fb399400835db4936d5b3e819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-a5e4-43bd-8be5-bf3202de0b81", "value": "d52375f8ab4333175944299d6bf8362956f2336ac02f3f657601939a2e1b860b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-d680-4508-b545-bf3202de0b81", "value": "cf24b8da54c9736afe16c89271381df6586d20c4594f08211a2a9327a548f0ad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-d134-4529-92ab-bf3202de0b81", "value": "d85f1a383fd80fe3fcd4acbbc24b21e21eda4f35b63378fd6853d583eff14f4c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-83e4-49d8-9a21-bf3202de0b81", "value": "4601d9af39d22b5e9d6e6afcd36e594b10b43942b4f8fa60da1a4f4660264490" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-213c-4b63-8b42-bf3202de0b81", "value": "25750861d22973ea96d028ba89d0c92cc7ab7cff313df87f787fe87746ce8f63" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "sha256", "uuid": "5d13bf99-f8c8-4768-bf68-bf3202de0b81", "value": "01299f05e555230f617d04867414c261eee9d26d215835e56cef7f252c9a9bd2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-bf00-4afd-ac6c-bf3202de0b81", "value": "https://dffwescwer4325.myftp.biz/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-1198-42a3-a4ad-bf3202de0b81", "value": "http://gokeenakte.top/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-0608-4d2e-95de-bf3202de0b81", "value": "http://ciscoupdate2019.gotdns.ch/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-cf84-4700-a457-bf3202de0b81", "value": "http://45.77.226.209/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-c1c4-485d-acfb-bf3202de0b81", "value": "http://zstoreshoping.ddns.net/data" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-7594-4dde-8981-bf3202de0b81", "value": "http://tashdqdxp.com/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-eec0-40fd-abb6-bf3202de0b81", "value": "http://booomaahuuoooapl.ru/t.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-8490-4d7f-8c05-bf3202de0b81", "value": "http://booomaahuuoooapl.ru/m.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575321", "to_ids": true, "type": "url", "uuid": "5d13bf99-9884-4140-9ab3-bf3202de0b81", "value": "http://joshel.com/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1561575322", "to_ids": true, "type": "url", "uuid": "5d13bf9a-4028-460d-a9cb-bf3202de0b81", "value": "http://booomaahuuoooapl.ru/" } ] } }