{ "Event": { "analysis": "1", "date": "2017-05-10", "extends_uuid": "", "info": "Password-protected docs 2017-05-10 : Ursnif 2002 - \"payment confirmation.ab1_c23def4lg56hi#78j.docx\"", "publish_timestamp": "1495455335", "published": true, "threat_level_id": "3", "timestamp": "1495107593", "uuid": "591334cc-3b68-47fc-acc9-4763950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0b8c00", "local": false, "name": "misp-galaxy:tool=\"Snifula\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430927", "to_ids": true, "type": "md5", "uuid": "591334cf-5cf8-4198-b0e2-e7b0950d210f", "value": "d09d24fc872b120ebc3cbda20f28d8ee" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430928", "to_ids": true, "type": "md5", "uuid": "591334d0-7b2c-4afa-8870-4d91950d210f", "value": "21b0ffda74ede6e0d161ddbab84e58d2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430930", "to_ids": true, "type": "url", "uuid": "591334d2-c0b0-4ad7-b745-46d3950d210f", "value": "http://urbansoft.cc/sql.db" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430932", "to_ids": true, "type": "hostname", "uuid": "591334d4-0c30-438b-a680-44dd950d210f", "value": "urbansoft.cc" }, { "category": "Network activity", "comment": "urbansoft.cc", "deleted": false, "disable_correlation": false, "timestamp": "1494430934", "to_ids": true, "type": "ip-dst", "uuid": "591334d6-af0c-4359-8ca8-4410950d210f", "value": "104.238.124.62" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430936", "to_ids": true, "type": "url", "uuid": "591334d8-1bc8-48b5-bd5c-4cbf950d210f", "value": "http://91.210.166.142/skdata.sql" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430938", "to_ids": true, "type": "hostname", "uuid": "591334da-04e8-47b5-9692-4890950d210f", "value": "91.210.166.142" }, { "category": "Network activity", "comment": "DGA seed text", "deleted": false, "disable_correlation": false, "timestamp": "1495107464", "to_ids": false, "type": "url", "uuid": "591334dc-9a94-4d9a-a144-4450950d210f", "value": "http://www.php.net/license/3_0.txt" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430946", "to_ids": true, "type": "url", "uuid": "591334e2-9b0c-41c2-bd85-4cc4950d210f", "value": "groupemtheoryparti.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430947", "to_ids": true, "type": "hostname", "uuid": "591334e3-7464-437f-a12b-4e12950d210f", "value": "groupemtheoryparti.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430949", "to_ids": true, "type": "url", "uuid": "591334e5-71dc-43c4-8d8e-42d8950d210f", "value": "thepbinarymaycodewhats.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430950", "to_ids": true, "type": "hostname", "uuid": "591334e6-60a8-4979-8f60-49b1950d210f", "value": "thepbinarymaycodewhats.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430952", "to_ids": true, "type": "url", "uuid": "591334e8-d9a4-4cd2-b017-479a950d210f", "value": "termsphpchoose.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430953", "to_ids": true, "type": "hostname", "uuid": "591334e9-6790-47c0-aad4-e7b0950d210f", "value": "termsphpchoose.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430955", "to_ids": true, "type": "url", "uuid": "591334eb-aef4-4886-8081-4088950d210f", "value": "ttyouuincludingphpnorand.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430956", "to_ids": true, "type": "hostname", "uuid": "591334ec-04c4-4674-a97a-454a950d210f", "value": "ttyouuincludingphpnorand.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430957", "to_ids": true, "type": "url", "uuid": "591334ed-ee68-4ac9-96c5-4305950d210f", "value": "codeandpromoteuseunder.ru" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1494430958", "to_ids": true, "type": "hostname", "uuid": "591334ee-b790-48e7-91a7-47f0950d210f", "value": "codeandpromoteuseunder.ru" } ] } }