{ "Event": { "analysis": "1", "date": "2017-06-09", "extends_uuid": "", "info": "M2M - Password-protected docs 2017-06-07 : \"John C Doe\" - \"ab1_c23def4lg56hi#78j.docx\"", "publish_timestamp": "1496991261", "published": true, "threat_level_id": "3", "timestamp": "1496991252", "uuid": "593a418e-68ac-4876-b1e6-48be950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990094", "to_ids": true, "type": "md5", "uuid": "593a418e-3b20-47bf-a5be-46ba950d210f", "value": "95618fbdce1adb523d3c85330653ffa9" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990095", "to_ids": true, "type": "md5", "uuid": "593a418f-9da8-4274-a79c-44ef950d210f", "value": "db53017980dcb70ee9f6bdee3603da42" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990095", "to_ids": true, "type": "url", "uuid": "593a418f-476c-461c-a2de-4f78950d210f", "value": "http://46.17.40.22/hyey.pnj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990096", "to_ids": false, "type": "ip-dst", "uuid": "593a4190-6368-445f-9cb2-8bcc950d210f", "value": "46.17.40.22" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990097", "to_ids": true, "type": "url", "uuid": "593a4191-e054-44e0-9950-4d0b950d210f", "value": "http://inshaengineeringindustries.com/head.pkl" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990097", "to_ids": true, "type": "hostname", "uuid": "593a4191-377c-446f-bec3-4d82950d210f", "value": "inshaengineeringindustries.com" }, { "category": "Network activity", "comment": "inshaengineeringindustries.com", "deleted": false, "disable_correlation": false, "timestamp": "1496990098", "to_ids": false, "type": "ip-dst", "uuid": "593a4192-ec54-4b55-9789-46f4950d210f", "value": "104.45.20.72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496991204", "to_ids": false, "type": "url", "uuid": "593a4192-5b44-4e54-8b01-46d4950d210f", "value": "http://www.php.net/license/3_0.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496991199", "to_ids": false, "type": "hostname", "uuid": "593a4193-65a0-478c-abc6-4728950d210f", "value": "www.php.net" }, { "category": "Network activity", "comment": "www.php.net", "deleted": false, "disable_correlation": false, "timestamp": "1496990100", "to_ids": false, "type": "ip-dst", "uuid": "593a4194-4204-4e42-b59c-8a4b950d210f", "value": "72.52.91.14" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990100", "to_ids": true, "type": "url", "uuid": "593a4194-d1f4-41dd-bfff-44b3950d210f", "value": "disclaimedwteamsayingti.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990101", "to_ids": true, "type": "hostname", "uuid": "593a4195-a448-40e8-8f05-40cd950d210f", "value": "disclaimedwteamsayingti.ru" }, { "category": "Network activity", "comment": "disclaimedwteamsayingti.ru", "deleted": false, "disable_correlation": false, "timestamp": "1496990102", "to_ids": false, "type": "ip-dst", "uuid": "593a4196-dd88-42ae-a227-45c3950d210f", "value": "87.106.18.141" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990102", "to_ids": true, "type": "url", "uuid": "593a4196-ce84-429b-87bb-46e6950d210f", "value": "fwiapplilicense.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990103", "to_ids": true, "type": "hostname", "uuid": "593a4197-ecf4-4a23-b5be-4689950d210f", "value": "fwiapplilicense.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990133", "to_ids": true, "type": "url", "uuid": "593a41b5-6214-45ab-bc09-4dc1950d210f", "value": "formvgoodsemail.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990134", "to_ids": true, "type": "hostname", "uuid": "593a41b6-3214-4d9c-9358-8bcc950d210f", "value": "formvgoodsemail.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990134", "to_ids": true, "type": "url", "uuid": "593a41b6-964c-4711-a478-437f950d210f", "value": "acknowledgment.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990135", "to_ids": true, "type": "hostname", "uuid": "593a41b7-9390-4e95-b97b-46f4950d210f", "value": "acknowledgment.ru" }, { "category": "Network activity", "comment": "acknowledgment.ru", "deleted": false, "disable_correlation": false, "timestamp": "1496990136", "to_ids": false, "type": "ip-dst", "uuid": "593a41b8-02f8-4fd9-a5e9-4d44950d210f", "value": "185.53.179.7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990136", "to_ids": true, "type": "url", "uuid": "593a41b8-7648-4941-bd97-4728950d210f", "value": "httpwiretainprophp.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990137", "to_ids": true, "type": "hostname", "uuid": "593a41b9-03c8-4cdc-ab87-8a4b950d210f", "value": "httpwiretainprophp.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496990137", "to_ids": false, "type": "url", "uuid": "593a41b9-b968-46cf-8b68-4083950d210f", "value": "46.17.40.22" } ] } }