77 lines
No EOL
2.1 KiB
JSON
77 lines
No EOL
2.1 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2016-07-19",
|
|
"extends_uuid": "",
|
|
"info": "Malspam 2016-07-19 .docm (campaign: \"Documents from work\")",
|
|
"publish_timestamp": "1468998357",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1468937188",
|
|
"uuid": "578e31c3-c0a4-4113-9df2-4449950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#3a7300",
|
|
"local": false,
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "download location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1468936868",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "578e32a4-bc7c-430f-a39f-44da950d210f",
|
|
"value": "http://kveldeil.no/0hb765"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "download location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1468936868",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "578e32a4-29fc-40ee-9f3a-4a27950d210f",
|
|
"value": "kveldeil.no"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "download location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1468936869",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "578e32a5-0e78-4715-aa41-41fb950d210f",
|
|
"value": "85.252.49.19"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1468937188",
|
|
"to_ids": false,
|
|
"type": "email-subject",
|
|
"uuid": "578e33e4-10d8-41da-b294-4732950d210f",
|
|
"value": "Documents from work"
|
|
}
|
|
]
|
|
}
|
|
} |