672 lines
No EOL
28 KiB
JSON
672 lines
No EOL
28 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-04-13",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Callisto Group",
|
|
"publish_timestamp": "1492583302",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1492583294",
|
|
"uuid": "58f0bb56-ce80-4f18-88b6-4577950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#002b4a",
|
|
"name": "osint:source-type=\"technical-report\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492583285",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "58f0bbbe-e894-46cb-a3a4-4893950d210f",
|
|
"value": "https://www.f-secure.com/documents/996508/1030745/callisto-group",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492583294",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "58f0bc0e-f638-48c5-bf34-4012950d210f",
|
|
"value": "The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "RCS Galileo",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "58f0bd25-d0b0-49c8-a4db-47c8950d210f",
|
|
"value": "07cdc67d211d175cd9d418dc5482b3f17d93526a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Upon infection, known samples of Callisto Group \u00e2\u20ac\u2122s RCS Galileo have stored copies of themselves in this file",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "58f0bdbc-b000-4b18-862d-4b23950d210f",
|
|
"value": "%TEMP%\\Microsoft Word.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Upon infection, known samples of Callisto Group \u00e2\u20ac\u2122s RCS Galileo have stored copies of themselves in this file",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "58f0bdbd-8168-40ce-a65e-4387950d210f",
|
|
"value": "%TEMP%\\WinWord.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Upon infection, known samples of Callisto Group \u00e2\u20ac\u2122s RCS Galileo have stored copies of themselves in this file",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "58f0bdbe-f9c0-454c-a9b7-41df950d210f",
|
|
"value": ">startup folder<\\bleachbit.exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Upon infection, known samples of Callisto Group \u00e2\u20ac\u2122s RCS Galileo have stored copies of themselves in this file",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "58f0bdbf-6c60-486a-8b7f-4843950d210f",
|
|
"value": ">startup folder<\\BluetoothView.exe"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Known command & control server",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "58f0be72-d58c-4d76-a05b-4802950d210f",
|
|
"value": "89.46.102.43"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c02e-97fc-4c35-9abc-4035950d210f",
|
|
"value": "accounts-google.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c02f-8d18-45e3-bac9-4e64950d210f",
|
|
"value": "accounts-mail.asia"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c030-4d0c-4283-9412-450b950d210f",
|
|
"value": "authentification-request.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c031-b6e0-43af-861f-4daa950d210f",
|
|
"value": "auth-login.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c032-4e2c-4277-830c-43f7950d210f",
|
|
"value": "drive-login.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c033-3a68-44e6-be82-464a950d210f",
|
|
"value": "drive-meet-goodle.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c034-31f8-4465-93a8-4176950d210f",
|
|
"value": "emailapp.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c035-2f80-4af8-8fc7-45c8950d210f",
|
|
"value": "fco-gov.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c036-62a0-4d64-b29c-4d14950d210f",
|
|
"value": "fco-net.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c037-a0d0-4ef6-b82a-4d46950d210f",
|
|
"value": "google-accounts.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c038-6688-4b84-a82b-46ff950d210f",
|
|
"value": "google-plus.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c039-445c-4146-a593-4f27950d210f",
|
|
"value": "google-service.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03a-b1e0-4d01-b936-4e2b950d210f",
|
|
"value": "hotmail-online.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03b-8800-4562-b9c5-4616950d210f",
|
|
"value": "icloud-service.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03c-3ec0-454d-b1af-4e4b950d210f",
|
|
"value": "live-com.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03d-2640-484d-aa0c-46f5950d210f",
|
|
"value": "live-login.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03e-7a30-4b63-90da-4d4c950d210f",
|
|
"value": "login-access.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c03f-4820-4b35-8f9c-4824950d210f",
|
|
"value": "login-live.review"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c040-b1b8-4fb8-ab62-4242950d210f",
|
|
"value": "login-livecom.in"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c041-3e9c-4436-8bc3-4115950d210f",
|
|
"value": "login-livecom.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c042-e464-4d3b-a60e-4358950d210f",
|
|
"value": "login-live-com.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c043-63e0-48c8-8c2b-43ea950d210f",
|
|
"value": "misrcosofts.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c044-ee88-4161-8b4b-483f950d210f",
|
|
"value": "node005-prevention-aol.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c045-83f4-4750-9cf0-4696950d210f",
|
|
"value": "node03-prevention-icloud.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c046-cd24-4a4f-ab09-4e75950d210f",
|
|
"value": "platforma.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c047-4028-43f3-8897-4b92950d210f",
|
|
"value": "prevention-aol.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c048-23f4-4ee5-98ec-421e950d210f",
|
|
"value": "prevention-aol.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c049-c9a8-47e6-9b31-4982950d210f",
|
|
"value": "prevention-icloud.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04a-adc8-4565-b72f-463d950d210f",
|
|
"value": "qooqle-support-mail.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04b-8c34-4099-853c-4c39950d210f",
|
|
"value": "screenname.click"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04c-e104-4f4f-9239-44c3950d210f",
|
|
"value": "screenname-aol.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04d-6fa4-452e-9c1b-4d89950d210f",
|
|
"value": "secure-lcloud.accountant"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04e-a0cc-4462-9bc5-4b1a950d210f",
|
|
"value": "secure-store-lcloud.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c04f-ba40-42e0-b686-49bb950d210f",
|
|
"value": "service-mail.asia"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c050-7edc-426e-857f-47d9950d210f",
|
|
"value": "service-mail.in"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c051-6e4c-4036-8cc3-4adb950d210f",
|
|
"value": "serv-login-com.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c052-2368-4374-8de2-48cd950d210f",
|
|
"value": "shared-docs.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c053-7140-4ee4-a008-4e0b950d210f",
|
|
"value": "store-icloud.link"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c054-02c0-412e-949d-4a58950d210f",
|
|
"value": "support-gmail.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c055-844c-4d2d-afde-451f950d210f",
|
|
"value": "support-mail.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c056-c3f8-4881-9b54-4cc2950d210f",
|
|
"value": "support-mail.top"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c057-cff0-4a37-a009-4d49950d210f",
|
|
"value": "updatemail.in"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c058-abd8-45d1-be03-4fb6950d210f",
|
|
"value": "yahoocentermail.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c059-1c24-46c5-a097-4224950d210f",
|
|
"value": "yahoocentermail.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c05a-f060-4e21-9353-4659950d210f",
|
|
"value": "yahoomailfree.pw"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "PHISHING INFRASTRUCTURE - Domains known or believed to be used in relation to phishing . These may be used as targets of links or as domains for sender email addresses.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173673",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "58f0c176-c274-4acf-af04-49b5950d210f",
|
|
"value": "go-veryfication.link"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "RCS Galileo - Xchecked via VT: 07cdc67d211d175cd9d418dc5482b3f17d93526a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173816",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "58f0c3f8-4404-450c-819d-4aed02de0b81",
|
|
"value": "974f6ceebeb889bd97e6641100dddf823376561ddde9e4749f3ea3d77f63a8f9"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "RCS Galileo - Xchecked via VT: 07cdc67d211d175cd9d418dc5482b3f17d93526a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173818",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "58f0c3fa-aa58-405c-a77f-419e02de0b81",
|
|
"value": "99a18bf3c04a491b256f7d60eb6e0f26"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "RCS Galileo - Xchecked via VT: 07cdc67d211d175cd9d418dc5482b3f17d93526a",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1492173819",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "58f0c3fb-ad4c-4134-8a50-4a9202de0b81",
|
|
"value": "https://www.virustotal.com/file/974f6ceebeb889bd97e6641100dddf823376561ddde9e4749f3ea3d77f63a8f9/analysis/1492108895/"
|
|
}
|
|
]
|
|
}
|
|
} |