909 lines
No EOL
29 KiB
JSON
909 lines
No EOL
29 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-06-29",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Prince of Persia \u00e2\u20ac\u201c Game Over",
|
|
"publish_timestamp": "1467190574",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1467190467",
|
|
"uuid": "57738bb1-bcc4-443e-a002-4590950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190268",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57738bfc-31fc-425d-91ad-4083950d210f",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190282",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "57738c0a-9760-49c3-b44a-4338950d210f",
|
|
"value": "Unit 42 published a blog at the beginning of May titled \u00e2\u20ac\u0153Prince of Persia,\u00e2\u20ac\u009d in which we described the discovery of a decade-long campaign using a formerly unknown malware family, Infy, that targeted government and industry interests worldwide.\r\nSubsequent to the publishing of this article, through cooperation with the parties responsible for the C2 domains, Unit 42 researchers successfully gained control of multiple C2 domains. This disabled the attacker\u00e2\u20ac\u2122s access to their victims in this campaign, provided further insight into the targets currently victimized in this operation, and enabled the notification of affected parties."
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c40-0f4c-4c38-97f4-4e76950d210f",
|
|
"value": "5.9.94.34"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c40-bdc8-473c-9a3a-46dd950d210f",
|
|
"value": "138.201.0.134"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c40-6400-49b5-b055-415e950d210f",
|
|
"value": "138.201.47.150"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c40-3a10-44bd-aa2f-43cb950d210f",
|
|
"value": "144.76.250.205"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190336",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c40-c410-443a-b154-4453950d210f",
|
|
"value": "138.201.47.158"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190337",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "57738c41-bb5c-4f61-80de-4740950d210f",
|
|
"value": "138.201.47.153"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190337",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c41-ca7c-4349-b929-48d5950d210f",
|
|
"value": "us1s2.strangled.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190337",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c41-2778-4d1e-9934-4deb950d210f",
|
|
"value": "uvps1.cotbm.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190337",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c41-5f24-48e4-bd48-4e9d950d210f",
|
|
"value": "gstat.strangled.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190337",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c41-c350-4a35-a9ae-4f19950d210f",
|
|
"value": "secup.soon.it"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190338",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c42-61cc-4674-bac7-42d3950d210f",
|
|
"value": "p208.ige.es"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190338",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c42-19e8-4fee-b9e4-4392950d210f",
|
|
"value": "lu.ige.es"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190338",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c42-9120-41b5-913d-471a950d210f",
|
|
"value": "updateserver1.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190338",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c42-df30-4ee3-83ef-4ed5950d210f",
|
|
"value": "updateserver3.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190338",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c42-9164-47d3-9abb-4035950d210f",
|
|
"value": "updatebox4.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190339",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c43-5144-4c7c-933e-4f66950d210f",
|
|
"value": "bestupdateserver.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190339",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c43-9480-4cec-887e-4d1c950d210f",
|
|
"value": "bestupdateserver2.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190339",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c43-9124-4446-b4c8-4ff2950d210f",
|
|
"value": "bestbox3.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190339",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c43-daa4-432f-a0b4-4438950d210f",
|
|
"value": "safehostline.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190339",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c43-96c0-4daf-86b5-42fb950d210f",
|
|
"value": "youripinfo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190340",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "57738c44-c1b4-4870-a965-4551950d210f",
|
|
"value": "bestupser.awardspace.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190340",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c44-83f4-463c-8096-4abb950d210f",
|
|
"value": "box4035.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190340",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c44-8290-41bb-a024-42ec950d210f",
|
|
"value": "box4036.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190340",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c44-095c-4ef4-a2b7-40d5950d210f",
|
|
"value": "box4037.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190340",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c44-6c58-47a2-909b-4c90950d210f",
|
|
"value": "box4038.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-cdfc-4e40-857d-4da1950d210f",
|
|
"value": "box4039.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-b760-414e-95d4-49c7950d210f",
|
|
"value": "box4040.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-d27c-4dd0-9698-49a0950d210f",
|
|
"value": "box4041.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-1760-419b-8799-4046950d210f",
|
|
"value": "box4042.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-66f8-43d2-81b1-4978950d210f",
|
|
"value": "box4043.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190341",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c45-da10-47f7-ae81-44b0950d210f",
|
|
"value": "box4044.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-7e00-4a86-9b29-45e2950d210f",
|
|
"value": "box4045.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-49a0-4986-89cc-4d37950d210f",
|
|
"value": "box4046.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-f6e4-456c-a380-4448950d210f",
|
|
"value": "box4047.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-f0a0-43af-bcbd-4ddb950d210f",
|
|
"value": "box4048.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-0af4-4d1d-ba6b-4a03950d210f",
|
|
"value": "box4049.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190342",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c46-6428-43b0-a890-4522950d210f",
|
|
"value": "box4050.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-b2c8-4d63-9893-4e0e950d210f",
|
|
"value": "box4051.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-5098-425e-9b14-41ca950d210f",
|
|
"value": "box4052.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-f7e4-42a8-857f-4ab1950d210f",
|
|
"value": "box4053.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-fa08-4e36-b64a-4cdd950d210f",
|
|
"value": "box4054.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-c4d0-4f8b-bd99-4029950d210f",
|
|
"value": "box4055.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190343",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c47-91e4-4916-96de-4f40950d210f",
|
|
"value": "box4056.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-15cc-48c8-b484-4b95950d210f",
|
|
"value": "box4057.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-4480-438b-b346-4127950d210f",
|
|
"value": "box4058.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-da9c-479c-b6dc-450d950d210f",
|
|
"value": "box4059.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-1a14-4aed-b047-426d950d210f",
|
|
"value": "box4060.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-f808-40af-9923-4b0a950d210f",
|
|
"value": "box4061.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190344",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c48-6e94-4cf0-9851-4c0b950d210f",
|
|
"value": "box4062.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190345",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c49-a8b8-4c6b-9f96-4294950d210f",
|
|
"value": "box4063.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190345",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c49-0040-4316-9d9d-432e950d210f",
|
|
"value": "box4064.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190345",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c49-2aec-4cab-a011-4a0e950d210f",
|
|
"value": "box4065.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190345",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c49-7f8c-453c-b072-4694950d210f",
|
|
"value": "box4066.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190345",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c49-aac4-41f8-bfe8-497d950d210f",
|
|
"value": "box4067.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4a-35c0-41b2-959a-4cce950d210f",
|
|
"value": "box4068.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4a-4f90-47ac-b51d-4ce7950d210f",
|
|
"value": "box4069.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4a-fcc8-4e17-b7fe-4dff950d210f",
|
|
"value": "box4070.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4a-a550-4a14-b6d7-492a950d210f",
|
|
"value": "box4071.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190346",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4a-b45c-4462-b509-46e0950d210f",
|
|
"value": "box4072.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4b-ea94-4aa0-8aba-46fc950d210f",
|
|
"value": "box4075.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4b-2044-4a5c-bbbc-409d950d210f",
|
|
"value": "box4078.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4b-fb0c-44cd-9e52-44c0950d210f",
|
|
"value": "box4079.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4b-8314-4dbf-b1fa-4a8a950d210f",
|
|
"value": "box4080.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190347",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4b-cb20-44fa-adbe-478c950d210f",
|
|
"value": "box4081.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190348",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4c-ce88-4ea0-9196-4c5c950d210f",
|
|
"value": "box4082.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190348",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4c-e59c-41a7-ae29-487f950d210f",
|
|
"value": "box4083.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190348",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4c-7828-4450-b0e9-47cf950d210f",
|
|
"value": "box4084.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190348",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4c-1e20-4881-836a-48a2950d210f",
|
|
"value": "box4085.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190349",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4d-f8f8-402c-9f12-4a7a950d210f",
|
|
"value": "box4086.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190349",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4d-940c-4a2e-86fd-489b950d210f",
|
|
"value": "box4087.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190349",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4d-dfc8-4623-b3ad-4e33950d210f",
|
|
"value": "box4088.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190349",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4d-4778-46ff-8c26-4f9d950d210f",
|
|
"value": "box4089.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the Freetext Import Tool",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190349",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "57738c4d-7938-4015-a89e-4c0d950d210f",
|
|
"value": "box4090.net"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Infy version 31",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57738c6b-f884-4152-b8f2-484d950d210f",
|
|
"value": "f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Infy \u00e2\u20ac\u0153M\u00e2\u20ac\u009d version 8.0",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190379",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "57738c6b-c3dc-4fe5-9144-4f78950d210f",
|
|
"value": "583349b7a2385a1e8de682a43351798ca113cbbb80686193ecf9a61e6942786a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Infy version 31 - Xchecked via VT: f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190468",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "57738cc4-18b4-4dbd-bce1-43d702de0b81",
|
|
"value": "53e145f8b3be90f11d40d88a2decd80c168610f7"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Infy version 31 - Xchecked via VT: f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190468",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "57738cc4-8dd4-4fc5-ae44-4e8502de0b81",
|
|
"value": "4053ea6a7aa9cde6d28a85c6d35f8e4d"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Infy version 31 - Xchecked via VT: f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1467190468",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "57738cc4-beb0-4b72-b853-476102de0b81",
|
|
"value": "https://www.virustotal.com/file/f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27/analysis/1463612524/"
|
|
}
|
|
]
|
|
}
|
|
} |