adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57a89cb0-1a80-4f24-a85b-43d4950d210f.json

1144 lines
No EOL
37 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2016-07-28",
"extends_uuid": "",
"info": "OSINT Massive AdGholas Malvertising Campaigns Use Steganography and File Whitelisting to Hide in Plain Sight by ProofPoint",
"publish_timestamp": "1493405850",
"published": true,
"threat_level_id": "3",
"timestamp": "1493403458",
"uuid": "57a89cb0-1a80-4f24-a85b-43d4950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470667994",
"to_ids": false,
"type": "link",
"uuid": "57a89cda-502c-4c00-872c-4a2e950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668135",
"to_ids": true,
"type": "domain",
"uuid": "57a89d67-90f4-4ecd-94cf-4fe3950d210f",
"value": "brainram.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668135",
"to_ids": true,
"type": "domain",
"uuid": "57a89d67-a718-4757-9714-4c32950d210f",
"value": "cleanerzoomer.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668135",
"to_ids": true,
"type": "domain",
"uuid": "57a89d67-b980-4c96-98cd-49d4950d210f",
"value": "cruzame.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668136",
"to_ids": true,
"type": "domain",
"uuid": "57a89d68-4270-4382-8191-4e03950d210f",
"value": "ec-centre.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668136",
"to_ids": true,
"type": "domain",
"uuid": "57a89d68-1038-4f62-8001-4694950d210f",
"value": "emaxing.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668136",
"to_ids": true,
"type": "domain",
"uuid": "57a89d68-da14-49b0-bfd0-4da6950d210f",
"value": "iipus.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668136",
"to_ids": true,
"type": "domain",
"uuid": "57a89d68-afb0-4700-9591-45aa950d210f",
"value": "mamaniaca.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668136",
"to_ids": true,
"type": "domain",
"uuid": "57a89d68-6164-4769-81be-4f7f950d210f",
"value": "merovinjo.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668137",
"to_ids": true,
"type": "domain",
"uuid": "57a89d69-c0d8-4caf-ba31-4882950d210f",
"value": "moyeuvelo.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668137",
"to_ids": true,
"type": "domain",
"uuid": "57a89d69-e450-46a2-8c02-4741950d210f",
"value": "ponteblue.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668137",
"to_ids": true,
"type": "domain",
"uuid": "57a89d69-a9e8-474c-9860-4641950d210f",
"value": "sensecreator.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668137",
"to_ids": true,
"type": "domain",
"uuid": "57a89d69-f0f0-43db-9991-44af950d210f",
"value": "tjprofile.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668137",
"to_ids": true,
"type": "domain",
"uuid": "57a89d69-6ddc-4e3a-95fa-4616950d210f",
"value": "xuwakix.com"
},
{
"category": "Network activity",
"comment": "Domain shadowing",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668152",
"to_ids": true,
"type": "hostname",
"uuid": "57a89d78-73b8-4bdf-94c7-4dee950d210f",
"value": "a.stylefinishdesign.com.au"
},
{
"category": "Network activity",
"comment": "Domain shadowing",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668153",
"to_ids": true,
"type": "hostname",
"uuid": "57a89d79-fb18-4d5e-a545-4b5f950d210f",
"value": "ads.avodirect.ca"
},
{
"category": "Network activity",
"comment": "Domain shadowing",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668153",
"to_ids": true,
"type": "hostname",
"uuid": "57a89d79-ff64-4fc0-8c91-45d3950d210f",
"value": "ads.boxerbuilding.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668171",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8b-d4e8-4e15-a1c0-4cee950d210f",
"value": "162.247.14.213"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668171",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8b-6814-4875-94fb-406b950d210f",
"value": "179.43.147.195"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668171",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8b-12d4-4382-833b-47fb950d210f",
"value": "179.43.147.242"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668171",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8b-3c2c-4a1a-9d96-4b7f950d210f",
"value": "192.240.97.164"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668171",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8b-f15c-4025-9bee-4984950d210f",
"value": "193.109.69.212"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-b1c4-4231-95f3-4255950d210f",
"value": "5.187.5.206"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-8b50-4e83-b456-4dca950d210f",
"value": "50.7.124.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-9f10-43b7-8bb8-4e7d950d210f",
"value": "50.7.124.184"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-2560-4076-b500-4bc6950d210f",
"value": "50.7.124.215"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-0480-4e00-9e29-4bd2950d210f",
"value": "50.7.143.14"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668172",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8c-6e94-4bbb-9f0c-4a66950d210f",
"value": "50.7.143.70"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668173",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8d-7dc8-4433-8ed1-41ae950d210f",
"value": "95.154.199.135"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668173",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8d-c7e8-490f-93cf-4646950d210f",
"value": "95.154.199.181"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668173",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8d-4138-4acf-9696-4e09950d210f",
"value": "95.154.199.182"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668173",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8d-abb0-4604-9cc9-4e9e950d210f",
"value": "95.154.199.67"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668173",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89d8d-74b0-4507-9ea8-4cea950d210f",
"value": "95.154.199.79"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668285",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfd-d4d0-468f-b66b-4181950d210f",
"value": "09ba8463a09bbb430987ac1cbcbb7004c3be6b9bcf72b2db2333e599cc4203eb"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668285",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfd-0088-4d78-921a-4d6c950d210f",
"value": "0ca994d7e06405793f8fc9b9ced5364bd0dd46119031b8b0d09f03e8bbffb85e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668286",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfe-215c-4030-97c0-4f17950d210f",
"value": "588fe945aeba2099e0f1743f046ee82cb7b92737fbae8673faeba50faebba847"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668286",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfe-19b0-491a-96ac-4975950d210f",
"value": "5962b458a0d3852a6974836951dc072593ecd4407b58dccad4a38eccc39dc54c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668286",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfe-7d38-4e77-a631-4326950d210f",
"value": "676ea2b87029e18edf3a1b221e5173cbc7a5dc73da9e48b09644eac65ab544f0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668286",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dfe-a39c-4b20-98a0-4aff950d210f",
"value": "7ea69328bc3dbaa53db243c3b789f719bb14283c32168f1bc8ea947fedf968f8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668287",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dff-8c98-43fb-b064-4ce9950d210f",
"value": "a5881a71d46346224e3d23d49a0577ea898fab3ea619d0e1acc77c982787fca0"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668287",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dff-2a30-48e7-bbd3-41e2950d210f",
"value": "af4ad3afa72ac39650f508a5f301c6e37b2b5f296563e43cd29eff49b8f25c7c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668287",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dff-e68c-4ee7-a7a1-4202950d210f",
"value": "b46408cefa56cd09faa2d994271f03fcae9aa27dee279ea2eb71e163a15c3d44"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668287",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dff-dd6c-4400-87bd-4d32950d210f",
"value": "d2d8de76afcf1fec3b8a41b1fc41405051c352b38b215666197d7045a79b99a9"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668287",
"to_ids": true,
"type": "sha256",
"uuid": "57a89dff-f750-4895-8537-4f40950d210f",
"value": "e06b753aa98e1b8fdc7c8ee1cbd07f5d46b2bbf88ebc8d450c8f24c6e79520a4"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668288",
"to_ids": true,
"type": "sha256",
"uuid": "57a89e00-cbec-4c22-8682-4751950d210f",
"value": "e7febe0cdfa798c3bb78e5ca8fd143b4721b04ff4d81cfea2b4c7b9da039fa19"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668313",
"to_ids": true,
"type": "domain",
"uuid": "57a89e19-57ac-45fe-9c0a-403a950d210f",
"value": "allerager.click"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668313",
"to_ids": true,
"type": "domain",
"uuid": "57a89e19-5ae0-4597-9a74-4fc1950d210f",
"value": "amyrwsmur.click"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668313",
"to_ids": true,
"type": "domain",
"uuid": "57a89e19-1964-4253-b0a4-4154950d210f",
"value": "biicqwfvqiec.click"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668314",
"to_ids": true,
"type": "domain",
"uuid": "57a89e1a-1a10-451d-9ccf-4c2c950d210f",
"value": "cmedia.cloud"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668325",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e25-a258-49ba-a36a-4ddf950d210f",
"value": "108.61.103.205"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668325",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e25-6a28-4026-8108-4ae1950d210f",
"value": "176.31.62.78"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668326",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e26-8b3c-4a3c-a88d-4eaa950d210f",
"value": "198.105.244.11"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668326",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e26-5eac-41cb-90fc-4e9d950d210f",
"value": "45.32.157.168"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668326",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e26-8f3c-447c-a0f6-40f0950d210f",
"value": "93.190.177.179"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668345",
"to_ids": true,
"type": "domain",
"uuid": "57a89e39-43c4-4c41-ad7e-4943950d210f",
"value": "987034569274692894.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668345",
"to_ids": true,
"type": "domain",
"uuid": "57a89e39-6d00-4231-8fe4-4ab5950d210f",
"value": "allkindsublidamages.ru"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668345",
"to_ids": true,
"type": "domain",
"uuid": "57a89e39-d61c-4e8b-b526-48c0950d210f",
"value": "allenia.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668346",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3a-021c-4005-bfea-4d4f950d210f",
"value": "fqelkidudcwb.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668346",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3a-bf48-4851-a137-486d950d210f",
"value": "genetyoucircuminformed.xyz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668346",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3a-44f0-4b61-a213-492a950d210f",
"value": "ionbudeerttsq.net"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668346",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3a-9d0c-4a94-881a-4e9d950d210f",
"value": "j73gdy64reff625r.cc"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668346",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3a-2fd0-455c-aedb-45f7950d210f",
"value": "oghtjpo.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668347",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3b-e718-421b-b049-40ed950d210f",
"value": "othrebso.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668347",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3b-4be0-47b1-ba46-466c950d210f",
"value": "andnetscapeadefective.ru"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668347",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3b-c38c-4943-817e-414a950d210f",
"value": "allerapo.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668347",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3b-bb78-43bb-b705-42e0950d210f",
"value": "blastercast.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668348",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3c-da8c-49cd-8129-40c1950d210f",
"value": "enwhhdvfolsn.click"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668348",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3c-7364-4edc-84e9-4dda950d210f",
"value": "gegbghtyg.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668348",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3c-705c-47a0-ad9d-4c67950d210f",
"value": "heleryjoortusd.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668348",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3c-6398-46b8-89d8-49ac950d210f",
"value": "obesca.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668348",
"to_ids": true,
"type": "domain",
"uuid": "57a89e3c-1f7c-4b02-9a37-43b3950d210f",
"value": "stream.gizdosales.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668363",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4b-80ec-45f4-9cef-4cfe950d210f",
"value": "112.20.178.110"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668363",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4b-2018-4f65-adc0-48b3950d210f",
"value": "192.42.116.41"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668363",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4b-b734-46dc-b3f6-453a950d210f",
"value": "212.92.127.39"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-60b8-4768-992f-4019950d210f",
"value": "45.32.154.141"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-d3c0-4276-855f-4403950d210f",
"value": "45.32.245.19"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-e0cc-47d1-90b7-4c81950d210f",
"value": "46.45.169.120"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-4194-4bdb-86c6-41f0950d210f",
"value": "46.45.169.182"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-7624-43f7-b5b4-4780950d210f",
"value": "87.98.254.64"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668364",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4c-00c0-46e1-8d8a-47e3950d210f",
"value": "91.233.116.174"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668365",
"to_ids": true,
"type": "ip-dst",
"uuid": "57a89e4d-f93c-470c-9eb1-4ebd950d210f",
"value": "94.242.254.51"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668400",
"to_ids": true,
"type": "yara",
"uuid": "57a89e70-2270-4df0-ad4c-495f950d210f",
"value": "rule AdGholas_mem\r\n{\r\n meta:\r\n malfamily = \"AdGholas\"\r\n\r\n strings:\r\n $a1 = \"(3e8)!=\" ascii wide\r\n $a2 = /href=\\x22\\.\\x22\\+[a-z]+\\,mimeType\\}/ ascii wide\r\n $a3 = /\\+[a-z]+\\([\\x22\\x27]divx[^\\x22\\x27]+torrent[^\\x22\\x27]*[\\x22\\x27]\\.split/ ascii wide\r\n $a4 = \"chls\" nocase ascii wide\r\n $a5 = \"saz\" nocase ascii wide\r\n $a6 = \"flac\" nocase ascii wide\r\n $a7 = \"pcap\" nocase ascii wide\r\n\r\n condition:\r\n all of ($a*)\r\n}"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668412",
"to_ids": true,
"type": "yara",
"uuid": "57a89e7c-1090-44a6-8d7e-4be2950d210f",
"value": "rule AdGholas_mem_MIME\r\n{\r\n meta:\r\n malfamily = \"AdGholas\"\r\n\r\n strings:\r\n $b1=\".300000000\" ascii nocase wide fullword\r\n $b2=\".saz\" ascii nocase wide fullword\r\n $b3=\".py\" ascii nocase wide fullword\r\n $b4=\".pcap\" ascii nocase wide fullword\r\n $b5=\".chls\" ascii nocase wide fullword\r\n\r\n condition:\r\n all of ($b*)\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668439",
"to_ids": true,
"type": "yara",
"uuid": "57a89e97-d100-4a36-a731-41e6950d210f",
"value": "rule AdGholas_mem_antisec_M2\r\n{\r\n meta:\r\n malfamily = \"AdGholas\"\r\n\r\n strings:\r\n $s1 = \"ActiveXObject(\\\"Microsoft.XMLDOM\\\")\" nocase ascii wide\r\n $s2 = \"loadXML\" nocase ascii wide fullword\r\n $s3 = \"parseError.errorCode\" nocase ascii wide\r\n $s4 = /res\\x3a\\x2f\\x2f[\\x27\\x22]\\x2b/ nocase ascii wide\r\n $s5 = /\\x251e3\\x21\\s*\\x3d\\x3d\\s*[a-zA-Z]+\\x3f1\\x3a0/ nocase ascii wide\r\n\r\n condition:\r\n all of ($s*)\r\n}"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668452",
"to_ids": true,
"type": "yara",
"uuid": "57a89ea4-0130-4423-bba4-4c31950d210f",
"value": "rule AdGholas_mem_MIME_M2\r\n{\r\n meta:\r\n malfamily = \"AdGholas\"\r\n\r\n strings:\r\n $s1 = \"halog\" nocase ascii wide fullword\r\n $s2 = \"pcap\" nocase ascii wide fullword\r\n $s3 = \"saz\" nocase ascii wide fullword\r\n $s4 = \"chls\" nocase ascii wide fullword\r\n $s5 = /return[^\\x3b\\x7d\\n]+href\\s*=\\s*[\\x22\\x27]\\x2e[\\x27\\x22]\\s*\\+\\s*[^\\x3b\\x7d\\n]+\\s*,\\s*[^\\x3b\\x7d\\n]+\\.mimeType/ nocase ascii wide\r\n $s6 = /\\x21==[a-zA-Z]+\\x3f\\x210\\x3a\\x211/ nocase ascii wide\r\n\r\n condition:\r\n all of ($s*)\r\n}"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 09ba8463a09bbb430987ac1cbcbb7004c3be6b9bcf72b2db2333e599cc4203eb)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668582",
"to_ids": true,
"type": "md5",
"uuid": "57a89f26-2de4-4480-8200-4cbf950d210f",
"value": "59e964c3556c3edee5ec46047d22334f"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 0ca994d7e06405793f8fc9b9ced5364bd0dd46119031b8b0d09f03e8bbffb85e)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668584",
"to_ids": true,
"type": "md5",
"uuid": "57a89f28-0cb8-47cc-956b-46c3950d210f",
"value": "6ab935d12654160bb9dc2c423330b04c"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 5962b458a0d3852a6974836951dc072593ecd4407b58dccad4a38eccc39dc54c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668587",
"to_ids": true,
"type": "md5",
"uuid": "57a89f2b-fbe4-4dbe-bd19-4213950d210f",
"value": "f3b3266a92725d42c2bc8a1a6fb49a69"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 676ea2b87029e18edf3a1b221e5173cbc7a5dc73da9e48b09644eac65ab544f0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668589",
"to_ids": true,
"type": "md5",
"uuid": "57a89f2d-62f8-4437-9b65-4c69950d210f",
"value": "9b03a798139e9509322ce95755ac4250"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via a5881a71d46346224e3d23d49a0577ea898fab3ea619d0e1acc77c982787fca0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668593",
"to_ids": true,
"type": "md5",
"uuid": "57a89f31-6610-4e18-95f6-4299950d210f",
"value": "c8f5b2b6507d0fd7e421c5b59699deb7"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via b46408cefa56cd09faa2d994271f03fcae9aa27dee279ea2eb71e163a15c3d44)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668596",
"to_ids": true,
"type": "md5",
"uuid": "57a89f34-3640-4efb-bf6e-4457950d210f",
"value": "fd6b65fc06598d473baa02d4c81b26f0"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via e06b753aa98e1b8fdc7c8ee1cbd07f5d46b2bbf88ebc8d450c8f24c6e79520a4)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668599",
"to_ids": true,
"type": "md5",
"uuid": "57a89f37-a410-4538-9926-4924950d210f",
"value": "92094b6882ce0584feb37de21266d38b"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via e7febe0cdfa798c3bb78e5ca8fd143b4721b04ff4d81cfea2b4c7b9da039fa19)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668601",
"to_ids": true,
"type": "md5",
"uuid": "57a89f39-9594-4912-a651-4c88950d210f",
"value": "88e1bd67c7bd0554fda176d5621d08dc"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 09ba8463a09bbb430987ac1cbcbb7004c3be6b9bcf72b2db2333e599cc4203eb)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668583",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f27-1940-4f9c-9e98-4729950d210f",
"value": "997d1ecef80855818be02c2faf8aba21f813c090"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 0ca994d7e06405793f8fc9b9ced5364bd0dd46119031b8b0d09f03e8bbffb85e)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668585",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f29-378c-418b-b5a0-458a950d210f",
"value": "5500fbff24ef6d5de69970794ac0a1296099f6bc"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 5962b458a0d3852a6974836951dc072593ecd4407b58dccad4a38eccc39dc54c)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668588",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f2c-5070-44d4-aed7-41b8950d210f",
"value": "da9b18ff7f24fb9c80cab35bf93b7269416ed761"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via 676ea2b87029e18edf3a1b221e5173cbc7a5dc73da9e48b09644eac65ab544f0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668590",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f2e-297c-48df-b8be-437d950d210f",
"value": "ebeef25bc783181cdb52f287c4dea3cc870e7bf2"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via a5881a71d46346224e3d23d49a0577ea898fab3ea619d0e1acc77c982787fca0)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668594",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f32-0920-44c2-bc0b-4570950d210f",
"value": "5bd373b0c41890881a4e0e6b51452291fb63df62"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via b46408cefa56cd09faa2d994271f03fcae9aa27dee279ea2eb71e163a15c3d44)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668596",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f34-ad98-4946-badd-43fe950d210f",
"value": "6da1337d040189ea6d5c869e6aedd7baf5762cd8"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via e06b753aa98e1b8fdc7c8ee1cbd07f5d46b2bbf88ebc8d450c8f24c6e79520a4)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668599",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f37-f7ac-408c-ace5-4609950d210f",
"value": "63ed0f2fda0005f302b4ca9a810a76011cbe7045"
},
{
"category": "Artifacts dropped",
"comment": "Automatically added (via e7febe0cdfa798c3bb78e5ca8fd143b4721b04ff4d81cfea2b4c7b9da039fa19)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1470668602",
"to_ids": true,
"type": "sha1",
"uuid": "57a89f3a-58cc-4f61-b95b-446a950d210f",
"value": "e52ecfdca76e20d8fa23957388e0ce3043047c98"
}
]
}
}
Reference in a new issue View git blame Copy permalink