1 line
No EOL
25 KiB
JSON
1 line
No EOL
25 KiB
JSON
{"Event": {"info": "OSINT - How we discovered a Ukranian cybercrime hotspot", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"win.gandcrab\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"GandCrab\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1540287402", "Object": [{"comment": "Windows security center stops monitoring the \r\nstatus of an antivirus protection", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcdd845-8e88-4c09-a35d-4e4f950d210f", "sharing_group_id": "0", "timestamp": "1540216901", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd845-ce48-46cd-b50d-4b19950d210f", "timestamp": "1540216901", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\AntiVirusOverride", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd847-b4d4-423c-9397-4759950d210f", "timestamp": "1540216903", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcdd851-bbe8-41a7-ae9b-47bd950d210f", "timestamp": "1540216913", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd851-5cf8-4f2f-825e-4aae950d210f", "timestamp": "1540216913", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "No clear documentation available but it seems like it disables the antivirus updates.", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecafe-9d14-4881-9aa2-4f6f950d210f", "sharing_group_id": "0", "timestamp": "1540279038", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecaff-033c-47e3-ba7a-4e7c950d210f", "timestamp": "1540279039", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\UpdatesOverride", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecb02-6c6c-4cee-95a0-4bbf950d210f", "timestamp": "1540279042", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecb07-158c-4c76-9a5a-48a4950d210f", "timestamp": "1540279047", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecb09-2000-4994-b7e0-48f8950d210f", "timestamp": "1540279049", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Turns of the firewall", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecdb3-6f40-48b7-b0a8-429a950d210f", "sharing_group_id": "0", "timestamp": "1540280108", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecdb3-b774-47a1-8cc2-4360950d210f", "timestamp": "1540280108", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\FirewallOverride", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecdb5-3280-4233-882c-4972950d210f", "timestamp": "1540280108", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecdb6-b3f4-4c09-956c-4857950d210f", "timestamp": "1540280108", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecdb6-b9fc-4595-bd11-4e16950d210f", "timestamp": "1540280108", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Disables the antivirus notifications", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcece32-99e0-4322-9fa2-43c0950d210f", "sharing_group_id": "0", "timestamp": "1540280026", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcece33-8ba4-48c6-b655-4a6f950d210f", "timestamp": "1540280026", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\AntiVirusDisableNotify", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcece33-bb78-4a3a-b429-49e2950d210f", "timestamp": "1540280026", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcece34-11c8-42ee-80b1-401b950d210f", "timestamp": "1540280026", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcece34-6ec8-4bf3-8756-46da950d210f", "timestamp": "1540280026", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Disables security center update notifications", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecec6-dd44-469f-946d-4a7a950d210f", "sharing_group_id": "0", "timestamp": "1540280006", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecec6-fa40-4d90-9a19-4c92950d210f", "timestamp": "1540280006", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\AutoUpdateDisableNotify", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecec7-67e0-43ff-b7dc-4c5f950d210f", "timestamp": "1540280007", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecec7-7c14-4876-bbac-42df950d210f", "timestamp": "1540280007", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecec7-6708-4d24-bd8a-48ff950d210f", "timestamp": "1540280007", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Disables firewall notifications", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecf53-7f38-40ef-8354-432a950d210f", "sharing_group_id": "0", "timestamp": "1540280147", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecf53-8cb4-4fcf-a41c-451f950d210f", "timestamp": "1540280147", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\FirewallDisableNotify", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecf57-7b54-497e-baea-4704950d210f", "timestamp": "1540280151", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecf5c-bf34-4bff-aa08-4f33950d210f", "timestamp": "1540280156", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecf60-51f0-4547-b756-464d950d210f", "timestamp": "1540280160", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Disables system restore points", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecfb1-80e4-42f4-a579-4322950d210f", "sharing_group_id": "0", "timestamp": "1540280241", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecfb1-5750-427b-bc78-4c94950d210f", "timestamp": "1540280241", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore\\DisableSR", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecfb5-d910-4c4d-bfa2-48aa950d210f", "timestamp": "1540280245", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecfb6-5e00-458e-9303-4abb950d210f", "timestamp": "1540280246", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecfb6-3e58-4c2e-b8ec-453e950d210f", "timestamp": "1540280246", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Creates an autostart entry", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bced0b7-10c8-45ae-80a2-45c3950d210f", "sharing_group_id": "0", "timestamp": "1540280503", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bced0b8-4b7c-4434-bdd3-4e12950d210f", "timestamp": "1540280504", "to_ids": true, "value": "HKCU\\SOFTWARE\\Microsoft\\CurrentVersion\\Run", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bced0bc-88c8-442e-966a-44dd950d210f", "timestamp": "1540280508", "to_ids": false, "value": "%WINDIR%\\T08606085085860\\winsvc32.exe", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bced0be-f340-4405-80de-40c2950d210f", "timestamp": "1540280510", "to_ids": false, "value": "HKCU", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bced0be-6684-470b-937a-4630950d210f", "timestamp": "1540280510", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5bced4a8-5a28-4d6b-bb6d-4dd6950d210f", "sharing_group_id": "0", "timestamp": "1540281512", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5bced4a9-ccc4-442e-89ff-4b8d950d210f", "timestamp": "1540281513", "to_ids": true, "value": "DEVICEMANAGER.EXE", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5bced4aa-d274-44e6-96b3-41af950d210f", "timestamp": "1540281514", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "uuid": "5bcee70d-6b2c-4c7c-baaa-4f5a950d210f", "sharing_group_id": "0", "timestamp": "1540286221", "description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.", "template_version": "7", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5bcee70e-7614-4580-a2cf-4c1d950d210f", "timestamp": "1540286222", "to_ids": true, "value": "92.63.197.48", "disable_correlation": false, "object_relation": "ip", "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5bcee712-41f8-42d7-a151-45ef950d210f", "timestamp": "1540286226", "to_ids": false, "value": "8080", "disable_correlation": true, "object_relation": "dst-port", "type": "port"}], "distribution": "5", "meta-category": "network", "name": "ip-port"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5bcdcd3d-b248-4bd4-ab70-4506950d210f", "timestamp": "1540214113", "to_ids": false, "value": "https://www.gdatasoftware.com/blog/2018/10/31187-ukranian-cybercrime-hotspot-ransomware", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5bcdcd58-6534-4bad-bb67-492e950d210f", "timestamp": "1540214125", "to_ids": false, "value": "While analysing a new version of the GandCrab Ransomware, G DATA security researchers discovered a whole network of criminal activities that are operated from a continuous IP range out of Ukraine. The IP addresses, registered presumably under false addresses, show indications of illegal cryptojacking, phishing sites and dating portals.\r\n\r\n\r\nRansomware is sold or rented to criminals in underground forums. This is probably also the case with GandCrab v5. However, the person behind the IP address obviously doesn't want to rely on just one criminal activity to generate revenue.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5bcdcefc-00f4-47c4-9068-4fe6950d210f", "timestamp": "1540214524", "to_ids": true, "value": "92.63.197.48", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd029-4864-47f3-8cdd-45e3950d210f", "timestamp": "1540214825", "to_ids": true, "value": "92.63.197.127", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Payload delivery", "uuid": "5bcdd233-69fc-494d-aadc-4100950d210f", "timestamp": "1540215347", "to_ids": true, "value": "%WINDIR%\\T08606085085860\\winsvc32.exe", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd305-0238-4969-bd26-413c950d210f", "timestamp": "1540215557", "to_ids": true, "value": "http://92.63.197.48/v/t.php?new=1", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "External analysis", "uuid": "5bcdd390-2688-4da1-91bb-4c39950d210f", "timestamp": "1540215696", "to_ids": false, "value": "https://www.gdata.de/fileadmin/web/de/documents/whitepaper/G_Data_WhitePaper_-_Analysis_of_Win32.Trojan-Ransom.GandCrab.R.pdf", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd3ca-80c8-43b5-ad3a-4206950d210f", "timestamp": "1540215754", "to_ids": true, "value": "http://92.63.197.48/v/t.exe", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd3ce-ec90-4d71-8203-4e87950d210f", "timestamp": "1540215758", "to_ids": true, "value": "http://92.63.197.48/v/m.exe", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd3cf-4374-4018-ba1a-4de5950d210f", "timestamp": "1540215759", "to_ids": true, "value": "http://92.63.197.48/v/p.exe", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd3cf-51e8-4649-a47d-4c62950d210f", "timestamp": "1540215759", "to_ids": true, "value": "http://92.63.197.48/v/s.exe", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5bcdd3d0-09a4-4360-a306-4111950d210f", "timestamp": "1540215760", "to_ids": true, "value": "http://92.63.197.48/v/o.exe", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5bced66e-80b8-49be-8deb-4d58950d210f", "timestamp": "1540281966", "to_ids": false, "value": "92.63.197.0/24", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "Active domain", "category": "Network activity", "uuid": "5bced6fe-5f3c-4ecc-85b6-43f9950d210f", "timestamp": "1540284713", "to_ids": true, "value": "frim0ney.info", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee105-b24c-4d8e-8d2e-4aed950d210f", "timestamp": "1540284677", "to_ids": true, "value": "lucky-chances.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee108-2bb0-4f5c-b1df-4dae950d210f", "timestamp": "1540284680", "to_ids": true, "value": "earn-your-money.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee10d-eaa8-4991-a98f-4600950d210f", "timestamp": "1540284685", "to_ids": true, "value": "global-profits1.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee110-38cc-4ba0-82d0-4288950d210f", "timestamp": "1540284688", "to_ids": true, "value": "best-profits-here12.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Active domain", "category": "Network activity", "uuid": "5bcee503-21e0-4ed9-bf4c-4161950d210f", "timestamp": "1540285699", "to_ids": true, "value": "dating-future69.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Active domain", "category": "Network activity", "uuid": "5bcee509-e4b0-4e8f-ad1e-4bca950d210f", "timestamp": "1540285705", "to_ids": true, "value": "sewryus.xyz", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5c3-26e8-4577-abc3-4580950d210f", "timestamp": "1540285891", "to_ids": true, "value": "100sexual-partner-found.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5c6-4c94-4ab9-8fa8-4552950d210f", "timestamp": "1540285894", "to_ids": true, "value": "realflirtdating11.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5c6-d8a4-4b23-851e-4bc9950d210f", "timestamp": "1540285894", "to_ids": true, "value": "your-dating-now11.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5c7-e168-4467-a78e-4090950d210f", "timestamp": "1540285895", "to_ids": true, "value": "great-hookup-online.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5cd-185c-4d57-8a3f-448a950d210f", "timestamp": "1540285901", "to_ids": true, "value": "dating-hearts.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5d2-8254-4162-9a48-40cd950d210f", "timestamp": "1540285906", "to_ids": true, "value": "yourdating-menus.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5d7-5298-4268-8120-4935950d210f", "timestamp": "1540285911", "to_ids": true, "value": "hotdatingspot.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5d8-8cb0-47c1-a166-4fc5950d210f", "timestamp": "1540285912", "to_ids": true, "value": "datingsworld1.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5d9-0c20-47cd-89c8-4a93950d210f", "timestamp": "1540285913", "to_ids": true, "value": "dating-opportunities.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5d9-7418-49d7-8d72-49a0950d210f", "timestamp": "1540285913", "to_ids": true, "value": "hot-kisses-finder.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5da-ae30-44df-a5ab-4059950d210f", "timestamp": "1540285914", "to_ids": true, "value": "night-calldates.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - Under construction", "category": "Network activity", "uuid": "5bcee5da-edf8-4a29-8a79-407f950d210f", "timestamp": "1540285914", "to_ids": true, "value": "secret-flirtparadise.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - resolves a streaming site", "category": "Network activity", "uuid": "5bcee5db-6454-4ec3-a083-4d79950d210f", "timestamp": "1540285915", "to_ids": true, "value": "findyour-dating1.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Inactive domain - resolves a warez site", "category": "Network activity", "uuid": "5bcee5db-b0a0-4d0e-ba3d-4a91950d210f", "timestamp": "1540285915", "to_ids": true, "value": "myhookup-clubs.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Shows a casino offer", "category": "Network activity", "uuid": "5bcee646-01b0-42e3-bd41-4941950d210f", "timestamp": "1540286022", "to_ids": true, "value": "os-print.win", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "ERR_CONNECTION_TIMED_OUT", "category": "Network activity", "uuid": "5bcee649-0e68-4881-90e0-4f65950d210f", "timestamp": "1540286025", "to_ids": true, "value": "vrb-kontosicherheit.top", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Empty page", "category": "Network activity", "uuid": "5bcee64a-8494-4b6f-8848-4656950d210f", "timestamp": "1540286026", "to_ids": true, "value": "enterwords.ru", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Empty page", "category": "Network activity", "uuid": "5bcee64a-d5e0-4c64-a981-43ad950d210f", "timestamp": "1540286026", "to_ids": true, "value": "improbablead.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Empty page", "category": "Network activity", "uuid": "5bcee64b-d4c8-4398-9710-4ad6950d210f", "timestamp": "1540286027", "to_ids": true, "value": "honeyindoc.ru", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "Empty page", "category": "Network activity", "uuid": "5bcee64b-ba50-417e-a7d7-4561950d210f", "timestamp": "1540286027", "to_ids": true, "value": "vivedoc.ru", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "appears to be a cryptocurrency exchange website", "category": "Network activity", "uuid": "5bcee6d6-c9e0-4aa6-8e7b-4300950d210f", "timestamp": "1540286166", "to_ids": true, "value": "wex.ac", "disable_correlation": false, "object_relation": null, "type": "domain"}], "extends_uuid": "", "published": false, "date": "2018-10-19", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5bcdcd27-03e4-4118-9f82-46c3950d210f"}} |