misp-circl-feed/feeds/circl/misp/56425772-8500-45c6-9575-6056950d210b.json

{
  "Event": {
    "analysis": "2",
    "date": "2015-11-09",
    "extends_uuid": "",
    "info": "OSINT Macro documents with XOR Encoded Payloads by PhishMe",
    "publish_timestamp": "1447223945",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1447223941",
    "uuid": "56425772-8500-45c6-9575-6056950d210b",
    "Orgc": {
      "name": "CthulhuSPRL.be",
      "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
    },
    "Tag": [
      {
        "colour": "#004646",
        "local": "0",
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": "0",
        "name": "tlp:white",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188388",
        "to_ids": false,
        "type": "link",
        "uuid": "564257a4-c8e4-45ee-85cb-68b9950d210b",
        "value": "http://phishme.com/macro-documents-with-xor-encoded-payloads/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188388",
        "to_ids": false,
        "type": "link",
        "uuid": "564257a4-dc24-4003-ba5d-68b9950d210b",
        "value": "http://phishme.com/wp-content/uploads/Intel.csv"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188441",
        "to_ids": true,
        "type": "url",
        "uuid": "564257d9-0874-4b4c-a7e7-41c1950d210b",
        "value": "http://vintageselects.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188441",
        "to_ids": true,
        "type": "url",
        "uuid": "564257d9-2698-4470-a9cf-4a37950d210b",
        "value": "http://finehotels.net/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188442",
        "to_ids": true,
        "type": "url",
        "uuid": "564257da-6700-4ad5-85c9-4f66950d210b",
        "value": "http://basislabel.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188442",
        "to_ids": true,
        "type": "url",
        "uuid": "564257da-bc04-40c4-a00c-4ee3950d210b",
        "value": "http://textidea.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188443",
        "to_ids": true,
        "type": "url",
        "uuid": "564257db-c1f4-40f5-bb86-4f46950d210b",
        "value": "http://camelcap.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188443",
        "to_ids": true,
        "type": "url",
        "uuid": "564257db-28e0-40b0-8ca7-450e950d210b",
        "value": "http://mgsmedia.ru/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188444",
        "to_ids": true,
        "type": "url",
        "uuid": "564257dc-a3c8-429f-ac03-454a950d210b",
        "value": "http://pausephone.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188444",
        "to_ids": true,
        "type": "url",
        "uuid": "564257dc-1118-4bf2-9236-4520950d210b",
        "value": "http://fievenghapun.ru/gate.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188445",
        "to_ids": true,
        "type": "url",
        "uuid": "564257dd-975c-4f08-8e5c-4a77950d210b",
        "value": "http://zilibrinixs.net/mizzo773/gate.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188445",
        "to_ids": true,
        "type": "url",
        "uuid": "564257dd-3508-4ea3-bc79-4aee950d210b",
        "value": "http://guesstrade.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188446",
        "to_ids": true,
        "type": "url",
        "uuid": "564257de-b044-4b6f-975e-4a1f950d210b",
        "value": "http://beheutsi.ru/gate.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188446",
        "to_ids": true,
        "type": "url",
        "uuid": "564257de-2384-4fc4-abb4-4787950d210b",
        "value": "http://wildclick.net/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188447",
        "to_ids": true,
        "type": "url",
        "uuid": "564257df-89e0-4c5f-adde-46aa950d210b",
        "value": "http://juskinsandfo.ru/gate.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188447",
        "to_ids": true,
        "type": "url",
        "uuid": "564257df-1000-41fb-86e2-46fc950d210b",
        "value": "http://ninthclub.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188447",
        "to_ids": true,
        "type": "url",
        "uuid": "564257df-ab7c-4b4a-bc73-43e2950d210b",
        "value": "http://yeebay.co/media/system/host.exe"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188448",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e0-cdc8-44b6-b522-4f0f950d210b",
        "value": "http://helloalliance.net/work/new/index.php"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188448",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e0-1050-4ff4-9bd5-440b950d210b",
        "value": "444e36f7f825164db3cb165526b38d7e"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188449",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e1-ba44-43e5-b26c-4459950d210b",
        "value": "4c4e81db339f03b0b5ab0d18d3a40202"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188449",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e1-0dc8-4d4d-8e82-4def950d210b",
        "value": "25cd7beff6db77752efda58b703c1acd"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188450",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e2-f604-43c4-9c84-4670950d210b",
        "value": "b198efe59d67728c7d0a339a7490222c"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188450",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e2-5b68-490b-838d-4f7c950d210b",
        "value": "539ffbf98931aaaea5b745640988071a"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188451",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e3-c77c-4eaa-88c1-4671950d210b",
        "value": "88c69cd7738b6c2228e3c602d385fab3"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188451",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e3-7d40-43c9-836d-4ff7950d210b",
        "value": "http://webshop.outsourcing4work.de/m1.exe"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188452",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e4-b6b4-489c-ae17-4ada950d210b",
        "value": "7b14b4a5c21168de932e3c9bdce5805e"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188452",
        "to_ids": true,
        "type": "md5",
        "uuid": "564257e4-6150-4492-b77c-44a6950d210b",
        "value": "6a2acafe7cd587351b3ef40b0f0384cd"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188453",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "564257e5-0a28-44b8-9746-424e950d210b",
        "value": "46.148.26.44"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188453",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e5-d794-49d1-923a-4b64950d210b",
        "value": "http://hungphatea.com.au/media/system/host.exe"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188454",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e6-90d0-4602-9126-4793950d210b",
        "value": "http://castuning.ru/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188454",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e6-2228-48a1-b657-4a8a950d210b",
        "value": "http://seaboy.net/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188455",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e7-1fb4-4784-9fbc-4d93950d210b",
        "value": "http://hybridtrend.com/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188455",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e7-b818-4071-8678-4126950d210b",
        "value": "http://gourmet.pergaz.com/media/system/host.exe"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188456",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e8-f91c-4c1f-a83d-4114950d210b",
        "value": "http://circlewear.net/work/new/index.php"
      },
      {
        "category": "Network activity",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447188456",
        "to_ids": true,
        "type": "url",
        "uuid": "564257e8-5450-4b7d-8107-4ea0950d210b",
        "value": "http://ideagreens.com/work/new/index.php"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223388",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e05c-b2ac-435e-8e69-cf3b950d210b",
        "value": "f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 6a2acafe7cd587351b3ef40b0f0384cd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223389",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e05d-5bd0-4654-9173-cf3b950d210b",
        "value": "0be14ac098d24b2ec3cd7f7560e2a47587c33f8f"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223389",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e05d-5c80-4e8b-b8bd-cf3b950d210b",
        "value": "https://www.virustotal.com/file/f6ff1eeb531beb2900b0c377eb684df87ebb146f86ab9397c935298fb0cf09f2/analysis/1446306023/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223389",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e05d-7228-48a1-878a-cf3b950d210b",
        "value": "dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 7b14b4a5c21168de932e3c9bdce5805e",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223390",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e05e-7f10-43eb-abf3-cf3b950d210b",
        "value": "0dcae2786f206149c06940c168945c58ae916be3"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223390",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e05e-fe34-4e45-bc71-cf3b950d210b",
        "value": "https://www.virustotal.com/file/dfe92f53d5dbae6390482383defaab2925a1f6da1116a086068ab85ca316aa00/analysis/1446984972/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223391",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e05f-21c8-4e6d-95de-cf3b950d210b",
        "value": "8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 88c69cd7738b6c2228e3c602d385fab3",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223391",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e05f-2524-4897-a9e4-cf3b950d210b",
        "value": "ba6c7c6139f293dc5c442bf838c0bf90967496ad"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223391",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e05f-f524-4a8e-964d-cf3b950d210b",
        "value": "https://www.virustotal.com/file/8b191a0aa1f1bbf485e2ca677a67a05539507c52358632b81f902295b5b3a597/analysis/1446927268/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223392",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e060-4254-4c74-a273-cf3b950d210b",
        "value": "f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 539ffbf98931aaaea5b745640988071a",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223392",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e060-83d4-4c39-83f0-cf3b950d210b",
        "value": "c0c2d67ed3cb2f684687c33846a62557faa20059"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223393",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e061-a414-4721-bb09-cf3b950d210b",
        "value": "https://www.virustotal.com/file/f0d27b51e8cb463777c7fc326212304e9cc7aa234d670e23838e507eb1b7afd4/analysis/1446984946/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223393",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e061-dbdc-40e1-9046-cf3b950d210b",
        "value": "2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: b198efe59d67728c7d0a339a7490222c",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223393",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e061-b8c0-4e7e-b9f2-cf3b950d210b",
        "value": "b0c27b220d32f2e94d75c0074835a8345f81b725"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223394",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e062-26e0-4b53-b43e-cf3b950d210b",
        "value": "https://www.virustotal.com/file/2b75705c538a522faafb6a19c57327ceeadbab0b29fcd02a417d392a4e849ba4/analysis/1447109802/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223394",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e062-1d50-48d9-aeb4-cf3b950d210b",
        "value": "7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 25cd7beff6db77752efda58b703c1acd",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223395",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e063-f650-40eb-8441-cf3b950d210b",
        "value": "69d552eec7853df9c92802ac8f4a0601366b1e72"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223395",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e063-ef9c-44b3-8f16-cf3b950d210b",
        "value": "https://www.virustotal.com/file/7bd0f161a9c3ca12fa8ef2ba04003c2a3ff93c19ab72e0ad9faec4f464b95aca/analysis/1446249621/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223395",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e063-1cc8-4af3-bedc-cf3b950d210b",
        "value": "5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 4c4e81db339f03b0b5ab0d18d3a40202",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223396",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e064-effc-4189-b0ea-cf3b950d210b",
        "value": "92eab2d3224bd1c465052dc48bca7e379c7c1cdf"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223396",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e064-3c6c-4e78-bc64-cf3b950d210b",
        "value": "https://www.virustotal.com/file/5654604e27918b86b891839254c1a9b7469c82193c78aa000aa3a9032482e340/analysis/1446927456/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223397",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5642e065-ab24-419d-90f4-cf3b950d210b",
        "value": "db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 444e36f7f825164db3cb165526b38d7e",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223397",
        "to_ids": true,
        "type": "sha1",
        "uuid": "5642e065-0828-45ae-9f47-cf3b950d210b",
        "value": "97ea5ac4bc95e6d660c362bf478b4d1f6bfaf7db"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1447223397",
        "to_ids": false,
        "type": "link",
        "uuid": "5642e065-d998-48b4-9b6e-cf3b950d210b",
        "value": "https://www.virustotal.com/file/db3e48670d013d9d0989175a2ace180f1b2403450985ae434472c813f8cdb401/analysis/1446472959/"
      }
    ]
  }
}