misp-circl-feed/feeds/circl/misp/5af14dc2-e6fc-41be-a917-865d950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Malicious Documents Targeting Security Professionals", "Tag": [{"colour": "#12e000", "exportable": true, "name": "admiralty-scale:information-credibility=\"4\""}, {"colour": "#0022d6", "exportable": true, "name": "estimative-language:confidence-in-analytic-judgment=\"low\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\""}, {"colour": "#12e000", "exportable": true, "name": "misp-galaxy:threat-actor=\"Sofacy\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1537778612", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af19b1d-a4b4-4ceb-8f5d-4d23950d210f", "sharing_group_id": "0", "timestamp": "1525783325", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af19b1e-3bb4-4131-879f-4c94950d210f", "timestamp": "1525783326", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19b1d-b028-4b3a-8e81-472d950d210f", "timestamp": "1525783325", "to_ids": true, "value": "522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af19b2f-11f0-400f-a7c0-4d86950d210f", "sharing_group_id": "0", "timestamp": "1525783343", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af19b30-b930-4a45-b93b-42c5950d210f", "timestamp": "1525783344", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19b30-92f0-4568-be79-4572950d210f", "timestamp": "1525783344", "to_ids": true, "value": "c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af19b44-a0ac-4250-b880-4b8b950d210f", "sharing_group_id": "0", "timestamp": "1525783364", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af19b45-3764-42ca-8ced-4511950d210f", "timestamp": "1525783365", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19b45-d800-4c3e-a72e-44fd950d210f", "timestamp": "1525783365", "to_ids": true, "value": "e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af19b54-e774-4814-9e53-4631950d210f", "sharing_group_id": "0", "timestamp": "1525783380", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af19b55-165c-4f61-bf68-4f99950d210f", "timestamp": "1525783381", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19b54-7448-494f-b20f-4d84950d210f", "timestamp": "1525783380", "to_ids": true, "value": "ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af19b65-88d4-4364-b0e2-473f950d210f", "sharing_group_id": "0", "timestamp": "1525783397", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af19b65-e7b8-4c39-8619-4c87950d210f", "timestamp": "1525783397", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19b65-6a88-4b62-804c-4250950d210f", "timestamp": "1525783397", "to_ids": true, "value": "efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "b2f4c01b-8691-431e-95ef-0f5c5e6d9cef", "sharing_group_id": "0", "timestamp": "1525783864", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "b2f4c01b-8691-431e-95ef-0f5c5e6d9cef", "uuid": "5af19d41-5c24-4cd9-9e54-4a7a02de0b81", "timestamp": "1525783873", "referenced_uuid": "6dcce3e6-fc8f-4baa-971e-d34c306859d6", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af19d36-3d54-438a-bf9c-4bcd02de0b81", "timestamp": "1525783862", "to_ids": true, "value": "522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d35-3a98-42c3-ab47-4fe002de0b81", "timestamp": "1525783861", "to_ids": true, "value": "60bc999ff14ee2f359130d6c1375b033", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d36-b7a8-488d-bfdf-45ee02de0b81", "timestamp": "1525783862", "to_ids": true, "value": "142f524121fe16e1c67031f12015be4adec42bb7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "6dcce3e6-fc8f-4baa-971e-d34c306859d6", "sharing_group_id": "0", "timestamp": "1525783863", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af19d37-9f6c-4806-9332-476502de0b81", "timestamp": "1525783863", "to_ids": false, "value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5af19d37-72a0-4dc4-a527-474002de0b81", "timestamp": "1525783863", "to_ids": false, "value": "49/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5af19d37-43b0-48fb-b246-48b602de0b81", "timestamp": "1525783863", "to_ids": false, "value": "2018-05-01 22:15:25", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "35bebeb6-e3a6-49e9-a792-e27c8bd58680", "sharing_group_id": "0", "timestamp": "1525783867", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "35bebeb6-e3a6-49e9-a792-e27c8bd58680", "uuid": "5af19d41-b00c-4219-925b-458202de0b81", "timestamp": "1525783873", "referenced_uuid": "471ea070-b931-49b8-84f1-3aa17142616e", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af19d39-7074-485e-bf75-419c02de0b81", "timestamp": "1525783865", "to_ids": true, "value": "efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d38-0814-491e-9826-424802de0b81", "timestamp": "1525783864", "to_ids": true, "value": "169c8f3e3d22e192c108bc95164d362ce5437465", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d38-0a64-4d36-91a7-417d02de0b81", "timestamp": "1525783864", "to_ids": true, "value": "f52ea8f238e57e49bfae304bd656ad98", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "471ea070-b931-49b8-84f1-3aa17142616e", "sharing_group_id": "0", "timestamp": "1525783865", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af19d39-9aa8-49a4-b505-44de02de0b81", "timestamp": "1525783865", "to_ids": false, "value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5af19d39-b33c-4eaf-b9dd-4cd502de0b81", "timestamp": "1525783865", "to_ids": false, "value": "37/59", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5af19d39-4144-45f2-92ae-4c0202de0b81", "timestamp": "1525783865", "to_ids": false, "value": "2018-05-08 00:23:54", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "8caa1fad-a8c8-4a0b-9018-713c9b43f2ab", "sharing_group_id": "0", "timestamp": "1525783869", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "8caa1fad-a8c8-4a0b-9018-713c9b43f2ab", "uuid": "5af19d41-b92c-4a73-ab5e-46b602de0b81", "timestamp": "1525783873", "referenced_uuid": "19df72d9-0e07-4e64-b85a-a67e7cbd5461", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af19d3b-abe8-4325-9b9c-459502de0b81", "timestamp": "1525783867", "to_ids": true, "value": "e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3a-4300-40f9-8565-4fb002de0b81", "timestamp": "1525783866", "to_ids": true, "value": "4873bafe44cff06845faa0ce7c270c4ce3c9f7b9", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3a-9798-48c7-a5ad-4f5702de0b81", "timestamp": "1525783866", "to_ids": true, "value": "94b288154e3d0225f86bb3c012fa8d63", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "19df72d9-0e07-4e64-b85a-a67e7cbd5461", "sharing_group_id": "0", "timestamp": "1525783867", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af19d3c-b5b4-4987-9f35-4dce02de0b81", "timestamp": "1525783868", "to_ids": false, "value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5af19d3c-fcc8-4055-9b18-47e702de0b81", "timestamp": "1525783868", "to_ids": false, "value": "38/59", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5af19d3b-59d8-4a09-8ac8-488b02de0b81", "timestamp": "1525783867", "to_ids": false, "value": "2018-05-08 00:14:43", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "3afb1d2d-918f-4ee3-8883-a746fcefb16c", "sharing_group_id": "0", "timestamp": "1525783871", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "3afb1d2d-918f-4ee3-8883-a746fcefb16c", "uuid": "5af19d41-5d7c-4965-b38d-422902de0b81", "timestamp": "1525783873", "referenced_uuid": "56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af19d3d-cf60-4649-bf09-436b02de0b81", "timestamp": "1525783869", "to_ids": true, "value": "ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3d-2534-4bbc-a7be-4fa802de0b81", "timestamp": "1525783869", "to_ids": true, "value": "8a68f26d01372114f660e32ac4c9117e5d0577f1", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3c-fcd8-464e-94db-415602de0b81", "timestamp": "1525783868", "to_ids": true, "value": "fc7d4cde5d2266082966d80f5f1566b9", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330", "sharing_group_id": "0", "timestamp": "1525783870", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af19d3e-0e54-4b99-8f39-437f02de0b81", "timestamp": "1525783870", "to_ids": false, "value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5af19d3e-1f50-4efc-afa7-437902de0b81", "timestamp": "1525783870", "to_ids": false, "value": "49/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5af19d3e-4af0-416d-ba8e-45ab02de0b81", "timestamp": "1525783870", "to_ids": false, "value": "2018-05-08 00:25:24", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "17ef59e9-90d1-419f-8e13-876d80929841", "sharing_group_id": "0", "timestamp": "1525783874", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "17ef59e9-90d1-419f-8e13-876d80929841", "uuid": "5af19d41-d5a0-4418-a0e5-427702de0b81", "timestamp": "1525783873", "referenced_uuid": "d4a9873f-1361-4dca-86f4-46145a25efde", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af19d3f-cbe4-4b75-abd6-4d1d02de0b81", "timestamp": "1525783871", "to_ids": true, "value": "c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3f-b870-4dd7-9aaf-42b302de0b81", "timestamp": "1525783871", "to_ids": true, "value": "cc7607015cd7a1a4452acd3d87adabdd7e005bd7", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5af19d3f-a0f4-45af-a628-467a02de0b81", "timestamp": "1525783871", "to_ids": true, "value": "085be1b8b8f3e90be00f6a3bcea2879f", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "d4a9873f-1361-4dca-86f4-46145a25efde", "sharing_group_id": "0", "timestamp": "1525783872", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af19d40-d9e0-49c1-83a5-455602de0b81", "timestamp": "1525783872", "to_ids": false, "value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5af19d40-0110-49fa-8fbd-4c5502de0b81", "timestamp": "1525783872", "to_ids": false, "value": "31/60", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5af19d40-d024-4c29-8c9b-40c002de0b81", "timestamp": "1525783872", "to_ids": false, "value": "2018-05-08 00:01:00", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af14e94-9914-4907-b0fe-86a0950d210f", "timestamp": "1525783839", "to_ids": false, "value": "https://www.jigsawsecurityenterprise.com/single-post/2017/11/01/Malicious-Documents-Targeting-Security-Professionals", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5af19b99-e94c-4553-8161-4273950d210f", "timestamp": "1525783839", "to_ids": false, "value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u2026). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5af19a71-83f8-4b1d-a40a-474a950d210f", "timestamp": "1525783840", "to_ids": true, "value": "www.sdhjjekfp4k.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a70-3148-49a0-a827-4f48950d210f", "timestamp": "1525783840", "to_ids": true, "value": "www.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a70-2078-4023-9df3-4ac7950d210f", "timestamp": "1525783841", "to_ids": true, "value": "www.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a70-2a3c-456c-9960-4241950d210f", "timestamp": "1525783841", "to_ids": true, "value": "windows81.duckdns.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6f-fd10-4266-b7d6-4c3c950d210f", "timestamp": "1525783841", "to_ids": true, "value": "windows.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6f-e62c-425c-a2f8-4873950d210f", "timestamp": "1525783842", "to_ids": true, "value": "w9umi9wrvzsvlvstvfvslbumdfdvda5tl.1.d.255.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6e-5498-42df-b551-40cd950d210f", "timestamp": "1525783842", "to_ids": true, "value": "vascothreatscan.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6e-6540-41da-8bad-43b8950d210f", "timestamp": "1525783843", "to_ids": true, "value": "sinkhole.tigersecurity.pro", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6d-8f4c-4bbb-8e2a-411a950d210f", "timestamp": "1525783843", "to_ids": true, "value": "runssnetworks.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6d-5c48-4ee1-83ad-43bb950d210f", "timestamp": "1525783843", "to_ids": true, "value": "protectingsearch.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6c-49cc-4ec7-a001-4b81950d210f", "timestamp": "1525783844", "to_ids": true, "value": "peacefund.eu", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6c-0180-4082-a38a-43eb950d210f", "timestamp": "1525783844", "to_ids": true, "value": "ns3.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6c-9c20-42c3-8068-4531950d210f", "timestamp": "1525783845", "to_ids": true, "value": "ns2.ntpupdateserver.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6b-043c-446b-b689-4f22950d210f", "timestamp": "1525783845", "to_ids": true, "value": "ns2.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6b-1e40-41b1-9eab-409f950d210f", "timestamp": "1525783846", "to_ids": true, "value": "ns1.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6a-4adc-4e8d-b17f-4443950d210f", "timestamp": "1525783846", "to_ids": true, "value": "networkschecker.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6a-7868-4680-b1f4-42f7950d210f", "timestamp": "1525783847", "to_ids": true, "value": "n.n.c.303ff7b225c14f1498a2.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a6a-931c-49f2-a751-4fd5950d210f", "timestamp": "1525783847", "to_ids": true, "value": "n.n.c.26055.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a69-0ae0-4e62-8641-4ab3950d210f", "timestamp": "1525783847", "to_ids": true, "value": "n.n.c.255.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a69-7294-47e3-b9f7-49f7950d210f", "timestamp": "1525783848", "to_ids": true, "value": "n.3.f.255.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a68-1acc-473c-913c-4ad9950d210f", "timestamp": "1525783848", "to_ids": true, "value": "myinvestgroup.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a68-4948-4be3-b110-4037950d210f", "timestamp": "1525783849", "to_ids": true, "value": "msoffice-cdn.comns3.cdnmsnupdate.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a68-ab70-472f-9767-466c950d210f", "timestamp": "1525783849", "to_ids": true, "value": "microsoftupdated.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a67-84fc-406c-8f62-4f8b950d210f", "timestamp": "1525783850", "to_ids": true, "value": "maskulan.dynu.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a67-a17c-4c26-8311-435a950d210f", "timestamp": "1525783850", "to_ids": true, "value": "maskulan.duckdns.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a66-9c64-4813-8edb-46fb950d210f", "timestamp": "1525783851", "to_ids": true, "value": "jflynci.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a66-58a0-4c24-8b76-43cc950d210f", "timestamp": "1525783851", "to_ids": true, "value": "jeremizo888.ddns.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a66-62bc-42e3-9963-40a1950d210f", "timestamp": "1525783851", "to_ids": true, "value": "ip113.ip-91-134-203.eu", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a65-51e8-4408-9455-4f56950d210f", "timestamp": "1525783852", "to_ids": true, "value": "ikmtrust.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a65-68f0-4291-b9d8-4157950d210f", "timestamp": "1525783852", "to_ids": true, "value": "hhcghibvywzedwa2iyvsuzzhx8.2.d.255.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a64-682c-4b97-a62b-458b950d210f", "timestamp": "1525783853", "to_ids": true, "value": "googlea.net63.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a64-d5e0-4675-9dda-426d950d210f", "timestamp": "1525783853", "to_ids": true, "value": "fsportal.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a64-054c-49d7-a3fe-4559950d210f", "timestamp": "1525783853", "to_ids": true, "value": "flashcontentdelivery.net", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a63-f814-405d-8d73-4470950d210f", "timestamp": "1525783854", "to_ids": true, "value": "faststoragefiles.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a63-f0d8-4576-90d9-4d5d950d210f", "timestamp": "1525783854", "to_ids": true, "value": "fastfileconverter.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a62-58e0-4b68-a495-4718950d210f", "timestamp": "1525783855", "to_ids": true, "value": "elaxo.org", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a62-3544-4c09-810c-40e2950d210f", "timestamp": "1525783855", "to_ids": true, "value": "d6261034c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a62-3f68-4337-915d-45c8950d210f", "timestamp": "1525783856", "to_ids": true, "value": "d6261024c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a61-dbac-4eef-87e3-461b950d210f", "timestamp": "1525783856", "to_ids": true, "value": "d6261013c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a60-446c-4ca8-9ff8-4232950d210f", "timestamp": "1525783857", "to_ids": true, "value": "d6238210c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5f-246c-4f93-8b55-4121950d210f", "timestamp": "1525783857", "to_ids": true, "value": "d6238158c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5f-fcf4-4915-b11d-4a1f950d210f", "timestamp": "1525783857", "to_ids": true, "value": "d6238111c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5f-9e70-48d0-abfb-4df5950d210f", "timestamp": "1525783858", "to_ids": true, "value": "d6238051c34.placehol-6f699a.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5e-0e20-4e33-9a94-405c950d210f", "timestamp": "1525783858", "to_ids": true, "value": "d6231738c34.john-pc.c.mswordupdate17.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5e-6b84-4031-8012-43c7950d210f", "timestamp": "1525783859", "to_ids": true, "value": "carlos88.ddns.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5d-01c0-4ed9-9b6d-4493950d210f", "timestamp": "1525783859", "to_ids": true, "value": "bonjourcheck.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5d-999c-4530-9b17-4c88950d210f", "timestamp": "1525783859", "to_ids": true, "value": "ahr0cdovlzkyljiymi4ymdkundkvywn0a.0.d.255.adobeproduct.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5c-a474-4a26-8cc0-4666950d210f", "timestamp": "1525783860", "to_ids": true, "value": "91.134.203.113", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5c-9cb4-4fbd-9981-4b68950d210f", "timestamp": "1525783860", "to_ids": true, "value": "357.duckdns.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5af19a5b-4044-4cf8-a777-46b3950d210f", "timestamp": "1525783861", "to_ids": true, "value": "200200.duckdns.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}], "extends_uuid": "", "published": false, "date": "2017-11-02", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5af14dc2-e6fc-41be-a917-865d950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink