151 lines
No EOL
4.3 KiB
JSON
151 lines
No EOL
4.3 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2018-06-25",
|
|
"extends_uuid": "",
|
|
"info": "Registrant Tracking for \"earthalgerrity@armyspy.com\"",
|
|
"publish_timestamp": "1589183999",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1621849790",
|
|
"uuid": "5b310846-157c-46d7-8141-89f00acd0835",
|
|
"Orgc": {
|
|
"name": "Synovus Financial",
|
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#002b6b",
|
|
"local": "0",
|
|
"name": "ms-caro-malware-full:malware-family=\"Redirector\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#f02988",
|
|
"local": "0",
|
|
"name": "Bokbot",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:tool=\"Emotet\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529940130",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b3108a2-f534-4632-930a-aca80acd0835",
|
|
"value": "calorida.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529940130",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b3108a2-67fc-405b-baa6-aca80acd0835",
|
|
"value": "fuselect.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529940130",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b3108a2-7efc-4629-bdd2-aca80acd0835",
|
|
"value": "maneers.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529940130",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b3108a2-dd0c-4ae2-991a-aca80acd0835",
|
|
"value": "stradical.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529940130",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b3108a2-c2b4-4f31-94bd-aca80acd0835",
|
|
"value": "veryonid.com"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Whois records information for a domain name or an IP address.",
|
|
"meta-category": "network",
|
|
"name": "whois",
|
|
"template_uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
|
"template_version": "10",
|
|
"timestamp": "1529940229",
|
|
"uuid": "5b310905-f854-4665-a18b-ad0a0acd0835",
|
|
"Attribute": [
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrant-email",
|
|
"timestamp": "1529940229",
|
|
"to_ids": false,
|
|
"type": "whois-registrant-email",
|
|
"uuid": "5b310905-34a4-4399-96bf-ad0a0acd0835",
|
|
"value": "earthalgerrity@armyspy.com"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrant-name",
|
|
"timestamp": "1529940229",
|
|
"to_ids": false,
|
|
"type": "whois-registrant-name",
|
|
"uuid": "5b310905-cf48-4511-beee-ad0a0acd0835",
|
|
"value": "Eartha L. Gerrity"
|
|
},
|
|
{
|
|
"category": "Attribution",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "registrant-phone",
|
|
"timestamp": "1529940229",
|
|
"to_ids": false,
|
|
"type": "whois-registrant-phone",
|
|
"uuid": "5b310905-e174-419e-88db-ad0a0acd0835",
|
|
"value": "12143212804"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |