953 lines
No EOL
36 KiB
JSON
953 lines
No EOL
36 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-04-27",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Malware Campaign Using Google Docs Intercepted, Thousands of Users Affected",
|
|
"publish_timestamp": "1461738802",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1461738768",
|
|
"uuid": "57205b50-c19c-4411-ae0e-4414950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738351",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205b6f-c7b4-41ee-8106-4c9d950d210f",
|
|
"value": "http://ddanchev.blogspot.com/2016/04/google-docs-malware-serving-campaign.htm"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738412",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57205bac-01ac-4e84-ae00-4fee950d210f",
|
|
"value": "495f05d7ebca1022da2cdd1700aeac39"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738412",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57205bac-2254-455c-aa7c-471a950d210f",
|
|
"value": "68abd8a3a8c18c59f638e50ab0c386a4"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738412",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57205bac-c15c-4a44-8959-4aa1950d210f",
|
|
"value": "65b4bdba2d3b3e92b8b96d7d9ba7f88e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738413",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57205bad-8330-433b-ab79-4f70950d210f",
|
|
"value": "64b5c6b20e2d758a008812df99a5958e"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4)",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738413",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57205bad-daa0-4453-9005-4f2a950d210f",
|
|
"value": "a0869b751e4a0bf27685f2f8677f9c62"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738455",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205bd7-ffec-455c-87b9-4073950d210f",
|
|
"value": "http://smartoptionsinc.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738455",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57205bd7-cc08-4eed-aa4a-4576950d210f",
|
|
"value": "216.70.228.110"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738456",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205bd8-0054-484f-8d00-4b6a950d210f",
|
|
"value": "http://ppc.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738456",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57205bd8-0524-47ca-b34d-44ba950d210f",
|
|
"value": "95.211.80.4"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738456",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205bd8-8554-4dc0-a3c6-4347950d210f",
|
|
"value": "http://apps.identrust.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738457",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57205bd9-5b08-421f-8063-4972950d210f",
|
|
"value": "192.35.177.64"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738457",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205bd9-d1b4-4bbe-a480-468f950d210f",
|
|
"value": "http://cargol.cat"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738458",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57205bda-46ec-49bb-96c1-462c950d210f",
|
|
"value": "217.149.7.213"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738458",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205bda-74e4-44d3-b55b-45cc950d210f",
|
|
"value": "http://bikeceuta.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Once executed the sample phones back to the following C&C servers",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738458",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57205bda-e268-49af-8607-4903950d210f",
|
|
"value": "91.142.215.77"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738529",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c21-023c-481a-afda-4114950d210f",
|
|
"value": "http://barbedosgroup.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738530",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c22-a168-4167-9a7e-4fa8950d210f",
|
|
"value": "http://brutalforce.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738530",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c22-1398-4cbd-9ac3-4d00950d210f",
|
|
"value": "http://christophar-hacker.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738530",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c22-233c-4985-b975-4a9d950d210f",
|
|
"value": "http://moto-przestrzen.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738531",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c23-31d0-4046-b5ad-407d950d210f",
|
|
"value": "http://eturva.y0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738531",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c23-3620-4a83-a688-4ccc950d210f",
|
|
"value": "http://lingirlie.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738532",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c24-da7c-4484-af22-462d950d210f",
|
|
"value": "http://ogladajmecz.com.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738532",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c24-b574-4ed2-92ba-478a950d210f",
|
|
"value": "http://oriflamekonkurs2l16.c0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738533",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c25-5c68-4b45-8315-4ffe950d210f",
|
|
"value": "http://umeblowani.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738533",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c25-3b24-4f3e-a00b-4561950d210f",
|
|
"value": "http://webadminvalidation.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738533",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c25-f728-401e-8b9c-44c2950d210f",
|
|
"value": "http://adamr.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738534",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c26-4810-4a03-b0e9-4742950d210f",
|
|
"value": "http://alea.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738534",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c26-3344-4069-9bc3-4aa0950d210f",
|
|
"value": "http://artbymachonis.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738535",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c27-189c-4dc4-9eda-47c9950d210f",
|
|
"value": "http://beqwqgdu.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738535",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c27-4dd0-48db-9bd7-4067950d210f",
|
|
"value": "http://bleachonline.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738536",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c28-4920-4b79-ba19-45c8950d210f",
|
|
"value": "http://facebook-profile-natalia9320.j.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738536",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c28-da34-43a2-a251-4803950d210f",
|
|
"value": "http://fllrev1978.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738537",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c29-f698-4d8a-8091-458a950d210f",
|
|
"value": "http://gotowesms.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738537",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c29-5e94-4235-9d4b-42c3950d210f",
|
|
"value": "http://kbvdfuh.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738537",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c29-cfa0-4029-bef1-4309950d210f",
|
|
"value": "http://maplka1977.c0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738538",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2a-e428-48ae-996e-40ba950d210f",
|
|
"value": "http://nagrobkiartek.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738538",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2a-834c-42fd-be1a-4eff950d210f",
|
|
"value": "http://nyzusbojpxnl.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738539",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2b-4940-40ae-8a69-43cd950d210f",
|
|
"value": "http://okilh1973.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738539",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2b-8fb8-4043-810e-4ac4950d210f",
|
|
"value": "http://pucusej.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738540",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2c-6da4-4afb-a957-47f7950d210f",
|
|
"value": "http://sajtom.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738540",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2c-d7bc-41fe-968a-421c950d210f",
|
|
"value": "http://tarnowiec.net.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738540",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2c-985c-4924-8599-47a3950d210f",
|
|
"value": "http://techtell.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738541",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2d-6140-4a0b-a246-449a950d210f",
|
|
"value": "http://testujemypl.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738541",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2d-ef20-47f6-b090-4dd5950d210f",
|
|
"value": "http://lawendowawyspa.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738542",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2e-f4c0-4073-b330-4f74950d210f",
|
|
"value": "http://younglean.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738542",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2e-2e70-4277-a3fa-4fd2950d210f",
|
|
"value": "http://delegaturaszczecin.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738543",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2f-2098-407f-94de-417c950d210f",
|
|
"value": "http://metzmoerex.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738543",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2f-dfc4-4dbf-8d0a-4e3d950d210f",
|
|
"value": "http://kmpk.c0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738543",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c2f-a484-4078-80e0-4168950d210f",
|
|
"value": "http://500plus.c0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738544",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c30-6fb0-4205-b015-41f8950d210f",
|
|
"value": "http://erxhxrrb1981.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738544",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c30-5020-4fea-af7c-4832950d210f",
|
|
"value": "http://exztwsl.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738545",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c31-baac-464a-b87e-4386950d210f",
|
|
"value": "http://fafrvfa.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738545",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c31-a74c-4ada-9b62-4645950d210f",
|
|
"value": "http://fastandfurios.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738546",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c32-c28c-429c-9d14-4a39950d210f",
|
|
"value": "http://filmonline.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738546",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c32-5a00-4a19-a073-40e0950d210f",
|
|
"value": "http://fragcraft.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738546",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c32-95ec-4196-b201-433e950d210f",
|
|
"value": "http://fryzjer.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738547",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c33-1df4-4ee4-9d38-48b9950d210f",
|
|
"value": "http://hgedkom1973.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738547",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c33-c1bc-420f-a1f5-4e0d950d210f",
|
|
"value": "http://luyfiv1972.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738548",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c34-f7dc-4e0e-8fcb-47e2950d210f",
|
|
"value": "http://oliviasekulska.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738548",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c34-3ef8-403e-86d4-4464950d210f",
|
|
"value": "http://opziwr-zamosc.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738549",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c35-d224-42db-8751-4254950d210f",
|
|
"value": "http://ostro.ga"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738549",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c35-36d4-4ce6-8027-4567950d210f",
|
|
"value": "http://rodzina500plus.c0.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738549",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c35-f1fc-429d-876a-4213950d210f",
|
|
"value": "http://roknasilowni.tk"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known to have responded to the same malicious (95.211.80.4) are also the following malicious domains",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738550",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205c36-b78c-4b94-8122-48d2950d210f",
|
|
"value": "http://vfqqgr1971.cba.pl"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Sample malicious URL hosting location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738732",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205cec-06ac-4da2-bddc-495a950d210f",
|
|
"value": "http://ecku.cba.pl/js/bin.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Sample malicious URL hosting location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738733",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205ced-af5c-4f92-a38b-4098950d210f",
|
|
"value": "http://mondeodoslubu.cba.pl/js/bin.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Sample malicious URL hosting location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738733",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205ced-e3f0-4316-90c4-4e57950d210f",
|
|
"value": "http://piotrkochanski.cba.pl/js/bin.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Sample malicious URL hosting location",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738734",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "57205cee-5bc4-46c8-9b51-47c6950d210f",
|
|
"value": "http://szczuczynsp.cba.pl/122/091.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738769",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57205d11-9314-4d11-8dac-454202de0b81",
|
|
"value": "34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738769",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57205d11-f4a8-45c5-9395-4eed02de0b81",
|
|
"value": "3b5417b1a045e382658fcf6c4d46b79265ab0d61"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: a0869b751e4a0bf27685f2f8677f9c62",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738769",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205d11-2f34-4150-bef4-4f8102de0b81",
|
|
"value": "https://www.virustotal.com/file/34230e2479d02dddc73b6e42784e6363f7b3a4192f939cf5f98b302a86070b07/analysis/1459233130/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738770",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57205d12-9f80-432a-b9de-4f5f02de0b81",
|
|
"value": "1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738770",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57205d12-82bc-49ad-a42e-4c0e02de0b81",
|
|
"value": "ae1caf7ed76f4f412ff5c469cd61379d911a1da6"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 64b5c6b20e2d758a008812df99a5958e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738771",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205d13-6748-4b8a-a367-446e02de0b81",
|
|
"value": "https://www.virustotal.com/file/1d81d9e9724c9cd333beb128a3a347ff2cc3cc71500486853fd0045db2539d5d/analysis/1460771233/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738771",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57205d13-4448-43bd-b7a4-4d2c02de0b81",
|
|
"value": "16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738771",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57205d13-4c60-417f-903b-4ac702de0b81",
|
|
"value": "dc2f8e277d45446077e6891bec2530317d8dbbfd"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 65b4bdba2d3b3e92b8b96d7d9ba7f88e",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738772",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205d14-485c-48ba-b8f2-4eab02de0b81",
|
|
"value": "https://www.virustotal.com/file/16b6fdb28b3aebc369760c9561bfd00d34362039836dee455550606d96e97d5d/analysis/1460857119/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738772",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57205d14-3510-4769-979c-485d02de0b81",
|
|
"value": "8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738773",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57205d15-b7bc-4b31-b7de-434d02de0b81",
|
|
"value": "9cf70b8ba95e606e7e3fff44230c4d014688396e"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 68abd8a3a8c18c59f638e50ab0c386a4",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738773",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205d15-feb0-439b-a6d9-4b2202de0b81",
|
|
"value": "https://www.virustotal.com/file/8f9eaae6fef0657cb4bdd25d386e3696f79ae5a1a944a4c329f3bdc4e8421ec7/analysis/1460972860/"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738773",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57205d15-a5ec-4e07-8c09-49fb02de0b81",
|
|
"value": "c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738774",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57205d16-af14-4474-bd1b-4ed302de0b81",
|
|
"value": "f476d4197ec7c59b1ecb25362f00a8fb2f4c93b7"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Sample malicious MD5s known to have phoned back to the same malicious IP (95.211.80.4) - Xchecked via VT: 495f05d7ebca1022da2cdd1700aeac39",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1461738774",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57205d16-6e60-4f83-b2f9-4b2502de0b81",
|
|
"value": "https://www.virustotal.com/file/c218a2e5a46d40df832f5a735e272465a798a4d19c8fb88ac6a2d0d40ec9dd36/analysis/1461280641/"
|
|
}
|
|
]
|
|
}
|
|
} |