{ "Event": { "analysis": "2", "date": "2016-07-01", "extends_uuid": "", "info": "OSINT H-Worm IOCs from WooYun", "publish_timestamp": "1467483577", "published": true, "threat_level_id": "2", "timestamp": "1467483572", "uuid": "57780118-b304-434e-b78f-478d950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#3b7500", "name": "circl:incident-classification=\"malware\"" }, { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482440", "to_ids": false, "type": "link", "uuid": "57780148-548c-41c9-b29e-483e950d210f", "value": "http://drops.wooyun.org/papers/17374" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482466", "to_ids": true, "type": "hostname", "uuid": "57780162-a4fc-4810-987d-4f29950d210f", "value": "zzzch.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482466", "to_ids": true, "type": "hostname", "uuid": "57780162-d6ec-4acf-b61f-4008950d210f", "value": "ysf.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482466", "to_ids": true, "type": "hostname", "uuid": "57780162-9cf8-4b76-a355-41ae950d210f", "value": "ycemufkk6g.bounceme.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482466", "to_ids": true, "type": "hostname", "uuid": "57780162-9bd8-4e91-a01d-4551950d210f", "value": "xxx-xxx.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482466", "to_ids": true, "type": "hostname", "uuid": "57780162-20f4-4ca0-812a-409a950d210f", "value": "xkiller.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-3538-4714-9237-4484950d210f", "value": "wach.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-5550-48fa-9c3b-49a6950d210f", "value": "tariqalr.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-e160-42e3-81b6-4d85950d210f", "value": "shagagy21.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-2390-46a1-ae8c-4bea950d210f", "value": "sexcam.3utilities.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-99fc-474e-b7a9-4893950d210f", "value": "servecounterstrike.servecounterstrike.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482467", "to_ids": true, "type": "hostname", "uuid": "57780163-e838-4e2d-9319-410b950d210f", "value": "playgame.servecounterstrike.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-6dd4-4d96-9a8c-417d950d210f", "value": "p-dark.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-ac20-415d-9bbf-4af1950d210f", "value": "nouna1985.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-e988-46ec-8b83-47d1950d210f", "value": "n0it.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-6e90-42fe-8bd0-407e950d210f", "value": "mzab47.myq-see.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-77f0-4f71-84c4-46fa950d210f", "value": "modox.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482468", "to_ids": true, "type": "hostname", "uuid": "57780164-2700-424a-9a2e-4857950d210f", "value": "mmoohhaammeedd.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482469", "to_ids": true, "type": "hostname", "uuid": "57780165-f9dc-4b8b-a389-4710950d210f", "value": "mlcrosoft.serveftp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482469", "to_ids": true, "type": "hostname", "uuid": "57780165-b50c-48a7-8af4-4f9d950d210f", "value": "microsoftupgrades.servehttp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482469", "to_ids": true, "type": "hostname", "uuid": "57780165-e034-4ec0-a8e2-4537950d210f", "value": "microsoftsystem.sytes.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482469", "to_ids": true, "type": "hostname", "uuid": "57780165-ca3c-4fd2-9594-49b3950d210f", "value": "micr0s0ftsoft.myftp.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482469", "to_ids": true, "type": "hostname", "uuid": "57780165-0fc8-408f-b09e-40d7950d210f", "value": "mda.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-35fc-4540-abc2-4535950d210f", "value": "maroco.redirectme.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-2e48-47b4-9b74-4e2d950d210f", "value": "maroco.myq-see.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-80b0-489a-9ccd-484b950d210f", "value": "maroco.linkpc.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-47cc-4ff6-9e70-4f3e950d210f", "value": "man2010.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-7178-4ca2-8d30-4559950d210f", "value": "korom.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482470", "to_ids": true, "type": "hostname", "uuid": "57780166-9038-4536-933f-4353950d210f", "value": "koko.myftp.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-8a4c-480e-bf4d-484e950d210f", "value": "klonkino.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-a468-4e10-b8a1-49d0950d210f", "value": "king.servemp3.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-038c-43c6-b141-4050950d210f", "value": "herohero.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-271c-4e45-a979-4838950d210f", "value": "hacker20133.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-552c-43a8-a437-4a51950d210f", "value": "googlechrome.servequake.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482471", "to_ids": true, "type": "hostname", "uuid": "57780167-b560-475e-9c82-4af5950d210f", "value": "g00gle.sytes.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-0e08-48ba-8b8e-42d0950d210f", "value": "dzhacker15.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-fd9c-4eaf-93ae-4136950d210f", "value": "dz47.servehttp.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-2778-40ec-ae28-44f8950d210f", "value": "dz47.myq-see.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-cd38-40b4-98a5-4fb1950d210f", "value": "dz47.linkpc.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-d4c4-4b5d-a257-428c950d210f", "value": "dream7.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482472", "to_ids": true, "type": "hostname", "uuid": "57780168-df7c-4ed7-bab8-43b7950d210f", "value": "diiimaria.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482473", "to_ids": true, "type": "hostname", "uuid": "57780169-bf84-4677-a72f-4e32950d210f", "value": "desha10.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482473", "to_ids": true, "type": "hostname", "uuid": "57780169-0664-45ee-b006-4e22950d210f", "value": "dataday3.no-ip.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482473", "to_ids": true, "type": "hostname", "uuid": "57780169-4104-4d2d-814f-4fd8950d210f", "value": "darkanony0501.no-ip.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482473", "to_ids": true, "type": "hostname", "uuid": "57780169-073c-444a-add2-4868950d210f", "value": "cupidon.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482473", "to_ids": true, "type": "hostname", "uuid": "57780169-612c-41dd-9a7a-4643950d210f", "value": "chrom.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482474", "to_ids": true, "type": "hostname", "uuid": "5778016a-fbac-40b6-b2b2-4070950d210f", "value": "bog5151.zapto.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482474", "to_ids": true, "type": "hostname", "uuid": "5778016a-3700-41cf-acd6-49e0950d210f", "value": "blackmind.redirectme.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482474", "to_ids": true, "type": "hostname", "uuid": "5778016a-9fac-44fc-993b-4150950d210f", "value": "albertino.no-ip.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482474", "to_ids": true, "type": "hostname", "uuid": "5778016a-0c2c-4682-b7a3-4f2c950d210f", "value": "adolf2013.sytes.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467482474", "to_ids": true, "type": "hostname", "uuid": "5778016a-b8b4-4b19-b761-487f950d210f", "value": "adamdam.zapto.org" } ] } }