{ "Event": { "analysis": "2", "date": "2015-09-11", "extends_uuid": "", "info": "OSINT A Peek Inside an Affiliate\u00e2\u20ac\u2122s Malspam Operation: Kovter and Miuref/Boaxxe Infections by PhishMe", "publish_timestamp": "1442210880", "published": true, "threat_level_id": "3", "timestamp": "1442177366", "uuid": "55f5e10a-e830-4732-9b4f-30d0950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177314", "to_ids": false, "type": "link", "uuid": "55f5e122-7be8-4a1e-bbce-ded9950d210b", "value": "http://phishme.com/a-peek-inside-an-affiliates-malspam-operation-kovter-and-miurefboaxxe-infections/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177355", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14b-eb50-48a8-8295-30cd950d210b", "value": "109.235.50.205" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177355", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14b-af7c-4fa1-8194-30cd950d210b", "value": "194.69.193.111" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177356", "to_ids": true, "type": "filename", "uuid": "55f5e14c-d0bc-4e2f-b552-30cd950d210b", "value": "(bsnews.it" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177356", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14c-8184-4fbd-b4ad-30cd950d210b", "value": "77.111.207.70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177356", "to_ids": true, "type": "filename", "uuid": "55f5e14c-2ab0-45f6-83fb-30cd950d210b", "value": "(Verygames.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177357", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14d-4288-4ca0-81b5-30cd950d210b", "value": "154.41.66.31" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177357", "to_ids": true, "type": "domain", "uuid": "55f5e14d-a0b4-4940-8fb1-30cd950d210b", "value": "abama.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177357", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14d-0ad4-4ff1-8363-30cd950d210b", "value": "209.200.253.29" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177358", "to_ids": true, "type": "domain", "uuid": "55f5e14e-86c8-4e16-bea1-30cd950d210b", "value": "avolonage.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177358", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14e-9114-46d8-a0ab-30cd950d210b", "value": "67.195.61.46" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177358", "to_ids": true, "type": "domain", "uuid": "55f5e14e-d4fc-423c-9902-30cd950d210b", "value": "ayuso-arch.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177359", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14f-2660-4978-9fe3-30cd950d210b", "value": "205.144.171.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177359", "to_ids": true, "type": "hostname", "uuid": "55f5e14f-f98c-45c0-bff3-30cd950d210b", "value": "brigand-001-site2.smarterasp.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177359", "to_ids": true, "type": "ip-dst", "uuid": "55f5e14f-cbe8-4d77-9693-30cd950d210b", "value": "216.24.245.126" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177360", "to_ids": true, "type": "domain", "uuid": "55f5e150-bbec-4d7f-bfb4-30cd950d210b", "value": "ckindustry.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177360", "to_ids": true, "type": "ip-dst", "uuid": "55f5e150-c780-42b7-b0a2-30cd950d210b", "value": "74.208.252.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177361", "to_ids": true, "type": "domain", "uuid": "55f5e151-5b48-437b-819a-30cd950d210b", "value": "etqy.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177361", "to_ids": true, "type": "ip-dst", "uuid": "55f5e151-fa9c-4d8d-be7a-30cd950d210b", "value": "96.31.35.62" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177361", "to_ids": true, "type": "domain", "uuid": "55f5e151-66a4-43f8-9027-30cd950d210b", "value": "harmacrebar.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177362", "to_ids": true, "type": "ip-dst", "uuid": "55f5e152-f624-4306-bc64-30cd950d210b", "value": "96.31.36.46" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177362", "to_ids": true, "type": "domain", "uuid": "55f5e152-04b8-4340-8597-30cd950d210b", "value": "idsecurednow.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177362", "to_ids": true, "type": "ip-dst", "uuid": "55f5e152-35ec-4758-9739-30cd950d210b", "value": "50.116.104.205" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177363", "to_ids": true, "type": "domain", "uuid": "55f5e153-97dc-4273-86ae-30cd950d210b", "value": "ihaveavoice2.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177363", "to_ids": true, "type": "ip-dst", "uuid": "55f5e153-66b0-4259-bd21-30cd950d210b", "value": "208.43.65.115" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177363", "to_ids": true, "type": "domain", "uuid": "55f5e153-2eb8-4d84-a361-30cd950d210b", "value": "laterrazzafiorita.it" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177364", "to_ids": true, "type": "ip-dst", "uuid": "55f5e154-eedc-4881-b3ef-30cd950d210b", "value": "76.74.242.190" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177364", "to_ids": true, "type": "domain", "uuid": "55f5e154-36bc-439e-ae58-30cd950d210b", "value": "les-eglantiers.fr" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177364", "to_ids": true, "type": "ip-dst", "uuid": "55f5e154-2e0c-4d8a-9007-30cd950d210b", "value": "205.144.171.28" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177365", "to_ids": true, "type": "domain", "uuid": "55f5e155-37cc-4b9b-b907-30cd950d210b", "value": "readysetgomatthew.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177365", "to_ids": true, "type": "ip-dst", "uuid": "55f5e155-e438-4f82-85c4-30cd950d210b", "value": "174.137.191.22" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1442177365", "to_ids": true, "type": "domain", "uuid": "55f5e155-0cf4-4231-91fa-30cd950d210b", "value": "selmaryachtmarket.com" } ] } }