{ "Event": { "analysis": "1", "date": "2017-04-26", "extends_uuid": "", "info": "Dridex 2017-04-11 : botnet 7200/7500 campaigns", "publish_timestamp": "1493305349", "published": true, "threat_level_id": "3", "timestamp": "1493287075", "uuid": "5900a0d3-4c08-4f82-a9ae-2c2f950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0da700", "local": false, "name": "misp-galaxy:tool=\"Dridex\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213396", "to_ids": true, "type": "url", "uuid": "5900a0d4-dc1c-4572-96d5-2c3e950d210f", "value": "http://cloud9ss.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213397", "to_ids": true, "type": "hostname", "uuid": "5900a0d5-b5d0-4df6-8ff4-0686950d210f", "value": "cloud9ss.com" }, { "category": "Network activity", "comment": "cloud9ss.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213397", "to_ids": true, "type": "ip-dst", "uuid": "5900a0d5-96e4-4caf-bd99-2c48950d210f", "value": "50.87.190.234" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213398", "to_ids": true, "type": "url", "uuid": "5900a0d6-3b84-4be5-9850-2c46950d210f", "value": "http://compoclinic.com.br/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213399", "to_ids": true, "type": "hostname", "uuid": "5900a0d7-f64c-49ab-8349-4811950d210f", "value": "compoclinic.com.br" }, { "category": "Network activity", "comment": "compoclinic.com.br", "deleted": false, "disable_correlation": false, "timestamp": "1493213399", "to_ids": true, "type": "ip-dst", "uuid": "5900a0d7-bcf0-4961-8102-0684950d210f", "value": "212.1.208.138" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213400", "to_ids": true, "type": "url", "uuid": "5900a0d8-48c8-4799-b8aa-2c2f950d210f", "value": "http://construction1909.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213401", "to_ids": true, "type": "hostname", "uuid": "5900a0d9-3ebc-4b03-bd33-0686950d210f", "value": "construction1909.com" }, { "category": "Network activity", "comment": "construction1909.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213402", "to_ids": true, "type": "ip-dst", "uuid": "5900a0da-91f0-46b0-92ee-2c2d950d210f", "value": "23.229.171.36" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213402", "to_ids": true, "type": "url", "uuid": "5900a0da-7358-4344-93e7-4360950d210f", "value": "http://darvonharris.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213403", "to_ids": true, "type": "hostname", "uuid": "5900a0db-37ac-42c3-a6b2-0684950d210f", "value": "darvonharris.com" }, { "category": "Network activity", "comment": "darvonharris.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213404", "to_ids": true, "type": "ip-dst", "uuid": "5900a0dc-9e5c-4ced-a2bb-2c3e950d210f", "value": "107.180.56.176" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213405", "to_ids": true, "type": "url", "uuid": "5900a0dd-e594-4b59-ab3c-2c48950d210f", "value": "http://glassorchids.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213405", "to_ids": true, "type": "hostname", "uuid": "5900a0dd-7678-469b-a1b7-2c46950d210f", "value": "glassorchids.com" }, { "category": "Network activity", "comment": "glassorchids.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213406", "to_ids": true, "type": "ip-dst", "uuid": "5900a0de-39f4-4a75-8afb-4357950d210f", "value": "216.117.161.226" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213407", "to_ids": true, "type": "url", "uuid": "5900a0df-9c70-4afe-9248-4c00950d210f", "value": "http://i-call.it/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213407", "to_ids": true, "type": "hostname", "uuid": "5900a0df-3060-4899-ac0a-0684950d210f", "value": "i-call.it" }, { "category": "Network activity", "comment": "i-call.it", "deleted": false, "disable_correlation": false, "timestamp": "1493213408", "to_ids": true, "type": "ip-dst", "uuid": "5900a0e0-64f4-4f4d-93d7-0686950d210f", "value": "198.58.80.98" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213409", "to_ids": true, "type": "url", "uuid": "5900a0e1-e448-48b4-ac20-2c46950d210f", "value": "http://itibambu.com.br/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213410", "to_ids": true, "type": "hostname", "uuid": "5900a0e2-d588-42c9-85f4-4c4b950d210f", "value": "itibambu.com.br" }, { "category": "Network activity", "comment": "itibambu.com.br", "deleted": false, "disable_correlation": false, "timestamp": "1493213410", "to_ids": true, "type": "ip-dst", "uuid": "5900a0e2-eb90-443d-a16e-2c48950d210f", "value": "187.45.193.159" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213411", "to_ids": true, "type": "url", "uuid": "5900a0e3-a838-46e4-9d33-4a40950d210f", "value": "http://jenya.kossoy.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213412", "to_ids": true, "type": "hostname", "uuid": "5900a0e4-3a34-4789-8afd-06bc950d210f", "value": "jenya.kossoy.com" }, { "category": "Network activity", "comment": "jenya.kossoy.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213413", "to_ids": true, "type": "ip-dst", "uuid": "5900a0e5-59a4-4c25-a3c9-4217950d210f", "value": "64.111.126.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213414", "to_ids": true, "type": "url", "uuid": "5900a0e6-a6b4-48ce-8c07-4663950d210f", "value": "http://lawrenceres.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213414", "to_ids": true, "type": "hostname", "uuid": "5900a0e6-a04c-4268-85b8-40a1950d210f", "value": "lawrenceres.com" }, { "category": "Network activity", "comment": "lawrenceres.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213415", "to_ids": true, "type": "ip-dst", "uuid": "5900a0e7-f940-4905-8ebe-06bc950d210f", "value": "216.87.186.98" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213416", "to_ids": true, "type": "url", "uuid": "5900a0e8-fca4-4bcd-a3ce-4f5e950d210f", "value": "http://marksrepair.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213416", "to_ids": true, "type": "hostname", "uuid": "5900a0e8-d690-4acb-af34-2c37950d210f", "value": "marksrepair.com" }, { "category": "Network activity", "comment": "marksrepair.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213417", "to_ids": true, "type": "ip-dst", "uuid": "5900a0e9-c0e4-4f8d-ae33-4841950d210f", "value": "107.180.41.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213418", "to_ids": true, "type": "url", "uuid": "5900a0ea-ec6c-4600-ba66-2c48950d210f", "value": "http://medjobsmatch.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213419", "to_ids": true, "type": "hostname", "uuid": "5900a0eb-c7b8-4d60-ba32-2c4c950d210f", "value": "medjobsmatch.com" }, { "category": "Network activity", "comment": "medjobsmatch.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213419", "to_ids": true, "type": "ip-dst", "uuid": "5900a0eb-b6cc-4777-b723-2c33950d210f", "value": "23.229.143.7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213420", "to_ids": true, "type": "url", "uuid": "5900a0ec-3180-48bd-be0f-4fbb950d210f", "value": "http://mentalmysteries.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213421", "to_ids": true, "type": "hostname", "uuid": "5900a0ed-f12c-466f-a08e-4e56950d210f", "value": "mentalmysteries.com" }, { "category": "Network activity", "comment": "mentalmysteries.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213421", "to_ids": true, "type": "ip-dst", "uuid": "5900a0ed-54ac-4b9e-8759-403a950d210f", "value": "67.225.160.236" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213422", "to_ids": true, "type": "url", "uuid": "5900a0ee-0a50-45a7-8216-0684950d210f", "value": "http://mentoryourmind.org/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213423", "to_ids": true, "type": "hostname", "uuid": "5900a0ef-27c8-43b4-9226-2c2f950d210f", "value": "mentoryourmind.org" }, { "category": "Network activity", "comment": "mentoryourmind.org", "deleted": false, "disable_correlation": false, "timestamp": "1493213424", "to_ids": true, "type": "ip-dst", "uuid": "5900a0f0-8e10-43c8-84c5-2c42950d210f", "value": "23.229.137.134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213424", "to_ids": true, "type": "url", "uuid": "5900a0f0-c2b0-4785-97db-4366950d210f", "value": "http://outoftheboxpc.org/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213425", "to_ids": true, "type": "hostname", "uuid": "5900a0f1-8e60-49dd-b0da-2c4c950d210f", "value": "outoftheboxpc.org" }, { "category": "Network activity", "comment": "outoftheboxpc.org", "deleted": false, "disable_correlation": false, "timestamp": "1493213426", "to_ids": true, "type": "ip-dst", "uuid": "5900a0f2-7ca0-491d-b39d-4178950d210f", "value": "216.87.186.17" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213426", "to_ids": true, "type": "url", "uuid": "5900a0f2-76a8-4cf1-b064-2c44950d210f", "value": "http://ozcom.net/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213427", "to_ids": true, "type": "hostname", "uuid": "5900a0f3-3950-4fc9-bbe9-2c3e950d210f", "value": "ozcom.net" }, { "category": "Network activity", "comment": "ozcom.net", "deleted": false, "disable_correlation": false, "timestamp": "1493213428", "to_ids": true, "type": "ip-dst", "uuid": "5900a0f4-f9a4-48c6-9122-2c4e950d210f", "value": "192.185.35.252" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213428", "to_ids": true, "type": "url", "uuid": "5900a0f4-69d4-432c-9003-2c37950d210f", "value": "http://perisoft.org/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213429", "to_ids": true, "type": "hostname", "uuid": "5900a0f5-f020-415d-9591-4953950d210f", "value": "perisoft.org" }, { "category": "Network activity", "comment": "perisoft.org", "deleted": false, "disable_correlation": false, "timestamp": "1493213430", "to_ids": true, "type": "ip-dst", "uuid": "5900a0f6-ba78-4518-ba88-2c4c950d210f", "value": "45.40.138.96" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213431", "to_ids": true, "type": "url", "uuid": "5900a0f7-33c8-4356-894d-43be950d210f", "value": "http://prime.comcastbiz.net/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213431", "to_ids": true, "type": "hostname", "uuid": "5900a0f7-c6c8-4574-9364-06bc950d210f", "value": "prime.comcastbiz.net" }, { "category": "Network activity", "comment": "prime.comcastbiz.net", "deleted": false, "disable_correlation": false, "timestamp": "1493213432", "to_ids": true, "type": "ip-dst", "uuid": "5900a0f8-2ce4-43ab-93c0-2c42950d210f", "value": "216.87.186.70" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213433", "to_ids": true, "type": "url", "uuid": "5900a0f9-1228-4cff-be14-2c2d950d210f", "value": "http://semfamily.com/kjv783r" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213433", "to_ids": true, "type": "hostname", "uuid": "5900a0f9-af84-4dee-86da-2c48950d210f", "value": "semfamily.com" }, { "category": "Network activity", "comment": "semfamily.com", "deleted": false, "disable_correlation": false, "timestamp": "1493213434", "to_ids": true, "type": "ip-dst", "uuid": "5900a0fa-2f64-46b5-a2fa-2c33950d210f", "value": "192.254.190.157" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213435", "to_ids": true, "type": "url", "uuid": "5900a0fb-6600-4c5b-a5d7-4356950d210f", "value": "http://hyoeyeep.ws/template.doc" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213435", "to_ids": true, "type": "hostname", "uuid": "5900a0fb-f260-4da2-9c30-4a4c950d210f", "value": "hyoeyeep.ws" }, { "category": "Network activity", "comment": "hyoeyeep.ws", "deleted": false, "disable_correlation": false, "timestamp": "1493213438", "to_ids": true, "type": "ip-dst", "uuid": "5900a0fe-5fd0-4e4a-b77a-2c48950d210f", "value": "47.91.76.119" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213439", "to_ids": true, "type": "url", "uuid": "5900a0ff-5388-4293-aa1b-2c33950d210f", "value": "http://hyoeyeep.ws/sp.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1493213440", "to_ids": true, "type": "url", "uuid": "5900a100-21cc-4441-8897-434f950d210f", "value": "http://hyoeyeep.ws/sp.doc" } ] } }