Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
2059 lines (2058 sloc) 81 KB
{"response":[{
"Event": {
"id": "1731",
"orgc_id": "1",
"org_id": "1",
"date": "2017-05-15",
"threat_level_id": "1",
"info": "CVE-2017-0144_4607_170514",
"published": true,
"uuid": "5919921a-2820-4b37-8022-6348c0a8a8de",
"attribute_count": "111",
"analysis": "2",
"timestamp": "1495202218",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1495202229",
"sharing_group_id": "0",
"disable_correlation": false,
"event_creator_email": "kafeine@dontneedcoffee.com",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Attribute": [
{
"id": "32107",
"type": "filename|sha1",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591993fc-3134-466c-b491-6347c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848508",
"comment": "CVE-2017-0147_Drop (Adylkuzz)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233|262c22ffd66c33da641558f3da23f7584881a782",
"ShadowAttribute": []
},
{
"id": "32136",
"type": "filename|sha1",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "59199616-a26c-4adb-8bfb-6346c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494849046",
"comment": "CVE-2017-0147_Drop (Adylkuzz - 2017-05-15)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "6f74f7c01503913553b0a6118b0ea198c5a419be86fca4aaae275663806f68f3|12a718b71bc81c7c965837f0bd2a487ae6d02693",
"ShadowAttribute": []
},
{
"id": "32166",
"type": "filename|sha1",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591a2560-8314-42ee-9408-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494885727",
"comment": "Adylkuzz 2017-05-15",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "3165616.kaf|cdf4b76d6fd16061cfe8fb390ad171b8cbeb2b5c",
"ShadowAttribute": []
},
{
"id": "32108",
"type": "filename|sha256",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591993fc-c18c-4643-bc25-6347c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848508",
"comment": "CVE-2017-0147_Drop (Adylkuzz)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233|8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233",
"ShadowAttribute": []
},
{
"id": "32137",
"type": "filename|sha256",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "59199616-c758-4789-bc93-6346c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494849046",
"comment": "CVE-2017-0147_Drop (Adylkuzz - 2017-05-15)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "6f74f7c01503913553b0a6118b0ea198c5a419be86fca4aaae275663806f68f3|6f74f7c01503913553b0a6118b0ea198c5a419be86fca4aaae275663806f68f3",
"ShadowAttribute": []
},
{
"id": "32167",
"type": "filename|sha256",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591a2560-868c-430c-8ba6-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494885728",
"comment": "Adylkuzz 2017-05-15",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "3165616.kaf|d73c9230811f1075d5697679b6007f5c15a90177991e238c5adc3ed55ce04988",
"ShadowAttribute": []
},
{
"id": "32106",
"type": "malware-sample",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591993fc-8d3c-47e0-a6f5-6347c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848508",
"comment": "CVE-2017-0147_Drop (Adylkuzz)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233|f2e1d236c5d2c009e1749fc6479a9ede",
"ShadowAttribute": []
},
{
"id": "32135",
"type": "malware-sample",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "59199616-dd00-4271-b58a-6346c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494849046",
"comment": "CVE-2017-0147_Drop (Adylkuzz - 2017-05-15)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "6f74f7c01503913553b0a6118b0ea198c5a419be86fca4aaae275663806f68f3|301fae7f055e044b998dd0f4f92f34b5",
"ShadowAttribute": []
},
{
"id": "32165",
"type": "malware-sample",
"category": "Artifacts dropped",
"to_ids": true,
"uuid": "591a255f-fe9c-4266-b8a2-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494885727",
"comment": "Adylkuzz 2017-05-15",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "3165616.kaf|1db3cfb81651db0ff82a937c69bce107",
"ShadowAttribute": []
},
{
"id": "32169",
"type": "link",
"category": "External analysis",
"to_ids": false,
"uuid": "591a4d77-4e90-4626-b05f-6346c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494895991",
"comment": "Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue\/DoublePulsar - 2017-05-15",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar",
"ShadowAttribute": []
},
{
"id": "32138",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5919a06a-8630-402f-bb59-6348c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494851690",
"comment": "Domain used by Adylkuzz",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "super5566.com",
"ShadowAttribute": []
},
{
"id": "32139",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5919a06a-2864-4c65-8481-6348c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494851690",
"comment": "Domain used by Adylkuzz",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "super1024.com",
"ShadowAttribute": []
},
{
"id": "32140",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5919a06a-0dfc-42e5-95d4-6348c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494851690",
"comment": "Domain used by Adylkuzz",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "disgogoweb.com",
"ShadowAttribute": []
},
{
"id": "32141",
"type": "domain",
"category": "Network activity",
"to_ids": true,
"uuid": "5919a06a-357c-4ff5-b364-6348c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494851690",
"comment": "Domain used by Adylkuzz",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "microsoftcloudserver.com",
"ShadowAttribute": []
},
{
"id": "32116",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-a4c0-4c6a-8cc6-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "08.super5566.com|45.76.51.128",
"ShadowAttribute": []
},
{
"id": "32117",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-dadc-4382-b7ec-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "a1.super5566.com|45.77.28.163",
"ShadowAttribute": []
},
{
"id": "32118",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-4ad8-4de9-b8d0-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "aa1.super5566.com|45.77.28.163",
"ShadowAttribute": []
},
{
"id": "32119",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-26c8-48d8-92bf-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "08.super5566.com|104.27.156.82",
"ShadowAttribute": []
},
{
"id": "32120",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-ba50-429d-802d-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "08.super5566.com|104.27.157.82",
"ShadowAttribute": []
},
{
"id": "32121",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-e334-43c6-b331-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "a1.super5566.com|104.27.156.82",
"ShadowAttribute": []
},
{
"id": "32122",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-ce60-4a17-8449-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "a1.super5566.com|104.27.157.82",
"ShadowAttribute": []
},
{
"id": "32123",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-8e4c-4b02-aab5-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "aa1.super5566.com|104.27.156.82",
"ShadowAttribute": []
},
{
"id": "32124",
"type": "domain|ip",
"category": "Network activity",
"to_ids": true,
"uuid": "591994f0-33a0-4693-8b92-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848752",
"comment": "Adylkuzz C2\/Binary Server",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "aa1.super5566.com|104.27.157.82",
"ShadowAttribute": []
},
{
"id": "32105",
"type": "ip-dst|port",
"category": "Network activity",
"to_ids": false,
"uuid": "5919937d-33b8-476f-967b-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848381",
"comment": "Binary Server hosting Adylkuzz",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "104.238.150.145|443",
"ShadowAttribute": []
},
{
"id": "32303",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-cbec-4bdf-8813-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.39.180",
"ShadowAttribute": []
},
{
"id": "32304",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-b6e8-43a5-af6f-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.50.49",
"ShadowAttribute": []
},
{
"id": "32305",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-5bd0-4aa0-bcff-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.66.200",
"ShadowAttribute": []
},
{
"id": "32306",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-1278-4acc-8609-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.80.38",
"ShadowAttribute": []
},
{
"id": "32307",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-f510-4f24-9327-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.91.190",
"ShadowAttribute": []
},
{
"id": "32308",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-ec90-4a06-af79-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.115.94",
"ShadowAttribute": []
},
{
"id": "32309",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-4cb8-4f5c-a9e3-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.123.115",
"ShadowAttribute": []
},
{
"id": "32310",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-4590-48c5-b476-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.123.233",
"ShadowAttribute": []
},
{
"id": "32311",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-0954-4f87-98d7-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.136.226",
"ShadowAttribute": []
},
{
"id": "32312",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-e558-464e-a7c2-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.159.133",
"ShadowAttribute": []
},
{
"id": "32313",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-98a8-4404-b747-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.243.156",
"ShadowAttribute": []
},
{
"id": "32314",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-fd14-4966-8df4-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.249.26",
"ShadowAttribute": []
},
{
"id": "32315",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-b92c-489a-852e-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.11.199",
"ShadowAttribute": []
},
{
"id": "32316",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-73cc-4c46-9eed-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.46.29",
"ShadowAttribute": []
},
{
"id": "32317",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-e238-499a-a131-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "104.238.150.145",
"ShadowAttribute": []
},
{
"id": "32318",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591eb452-27a0-4d6f-86f3-3511c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495184466",
"comment": "Host with same signature as Attacking Host (set 2 after first takedown)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.209.246",
"ShadowAttribute": []
},
{
"id": "32142",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919fee5-0390-4804-8cb3-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031608",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.23.225",
"ShadowAttribute": []
},
{
"id": "32143",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919fee5-eb4c-4603-8c64-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031588",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.5.176",
"ShadowAttribute": []
},
{
"id": "32144",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919fee5-0904-4363-ba7a-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031585",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.31.219",
"ShadowAttribute": []
},
{
"id": "32145",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919fee5-78d4-434b-9872-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031573",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.29.51",
"ShadowAttribute": []
},
{
"id": "32146",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919ff6b-1cdc-4eb0-b3ed-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031570",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.21.159",
"ShadowAttribute": []
},
{
"id": "32147",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "5919ff6b-07ec-491c-9eea-0f35c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031568",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.56.87",
"ShadowAttribute": []
},
{
"id": "32148",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-cfd0-4ec6-a1b2-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031565",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.15.183",
"ShadowAttribute": []
},
{
"id": "32149",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-33fc-40e9-8dea-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031561",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.15.243",
"ShadowAttribute": []
},
{
"id": "32150",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-d224-43b2-a41c-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031555",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.52.181",
"ShadowAttribute": []
},
{
"id": "32151",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-f8f0-4fd2-ad60-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031552",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.53.37",
"ShadowAttribute": []
},
{
"id": "32152",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-9fc0-435d-a7e9-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031549",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.54.207",
"ShadowAttribute": []
},
{
"id": "32153",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-1b38-4a59-ab80-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031544",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.56.114",
"ShadowAttribute": []
},
{
"id": "32154",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-4be4-44ad-a19d-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031541",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.56.66",
"ShadowAttribute": []
},
{
"id": "32155",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-9f8c-4d9e-b2c3-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031538",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.57.190",
"ShadowAttribute": []
},
{
"id": "32156",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-5f54-4caf-a2c1-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031534",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.57.194",
"ShadowAttribute": []
},
{
"id": "32157",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-8cbc-427c-a9bf-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031529",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.57.36",
"ShadowAttribute": []
},
{
"id": "32158",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-beb0-425e-9f06-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031526",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.58.10",
"ShadowAttribute": []
},
{
"id": "32159",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-ca5c-437e-94fa-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031523",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.58.147",
"ShadowAttribute": []
},
{
"id": "32160",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-b218-4f75-ad9d-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031519",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.58.40",
"ShadowAttribute": []
},
{
"id": "32161",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a00a7-8614-4053-9b34-16cec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031515",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.58.70",
"ShadowAttribute": []
},
{
"id": "32162",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a252a-5a2c-4d72-8f71-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031510",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.3.179",
"ShadowAttribute": []
},
{
"id": "32163",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a252a-4378-4ad7-950c-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031507",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.58.134",
"ShadowAttribute": []
},
{
"id": "32164",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a252a-0fe4-4db2-b0bc-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495033326",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.59.27",
"ShadowAttribute": []
},
{
"id": "32168",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591a31f4-52a4-460e-b684-14bec0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494888948",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.39.29",
"ShadowAttribute": []
},
{
"id": "32185",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591aca53-69d0-4763-b007-54dcc0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494927955",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.123.172",
"ShadowAttribute": []
},
{
"id": "32201",
"type": "ip-src",
"category": "Network activity",
"to_ids": false,
"uuid": "591ad195-a18c-4ac7-a482-54d9c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495040247",
"comment": "False Positive",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.77.52.127",
"ShadowAttribute": []
},
{
"id": "32211",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591b0e78-75c0-47c4-893f-54dcc0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494945400",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.52.8",
"ShadowAttribute": []
},
{
"id": "32212",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591b2692-23a8-40ad-9bad-1053c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494951570",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "104.238.185.251",
"ShadowAttribute": []
},
{
"id": "32224",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591b6160-3900-47f0-ac61-57c7c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494966624",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.76.45.58",
"ShadowAttribute": []
},
{
"id": "32231",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c481d-8774-4d11-b088-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495025693",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "104.156.238.31",
"ShadowAttribute": []
},
{
"id": "32232",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5b4f-fe84-4cb5-b4e1-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495030607",
"comment": "Attacking Host (Captured)",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "108.61.198.33",
"ShadowAttribute": []
},
{
"id": "32233",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-174c-49af-b2e6-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.1.224",
"ShadowAttribute": []
},
{
"id": "32234",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-f288-40df-bfdb-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.5.186",
"ShadowAttribute": []
},
{
"id": "32235",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-634c-4da7-a273-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.21.6",
"ShadowAttribute": []
},
{
"id": "32236",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-3834-4dcf-93a2-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.28.60",
"ShadowAttribute": []
},
{
"id": "32237",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-6118-420f-b1df-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.29.196",
"ShadowAttribute": []
},
{
"id": "32238",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-0144-4280-aa68-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.33.61",
"ShadowAttribute": []
},
{
"id": "32239",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-b8e0-4d56-95ca-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.35.188",
"ShadowAttribute": []
},
{
"id": "32240",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-991c-4eb3-8dca-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.38.114",
"ShadowAttribute": []
},
{
"id": "32241",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-f7bc-4de0-83a4-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.145.69",
"ShadowAttribute": []
},
{
"id": "32242",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-db18-4b95-9d26-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.61.117",
"ShadowAttribute": []
},
{
"id": "32243",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-7be8-48ff-ac87-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.164.106",
"ShadowAttribute": []
},
{
"id": "32244",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-29c0-4474-a7aa-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.172.110",
"ShadowAttribute": []
},
{
"id": "32245",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-1294-4b67-a4c3-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.175.112",
"ShadowAttribute": []
},
{
"id": "32246",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-bd4c-443b-8783-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.231.238",
"ShadowAttribute": []
},
{
"id": "32247",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-c2cc-471b-82ae-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.232.255",
"ShadowAttribute": []
},
{
"id": "32248",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-77b0-4323-bb99-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.246.184",
"ShadowAttribute": []
},
{
"id": "32249",
"type": "ip-src",
"category": "Network activity",
"to_ids": true,
"uuid": "591c5eb6-39c8-4a55-8f03-4713c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1495031478",
"comment": "Host with same signature as Attacking Host",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "45.32.251.213",
"ShadowAttribute": []
},
{
"id": "32225",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b62e5-ca14-4cfa-b0b5-737cc0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967013",
"comment": "Adylkuzz Monero Mining Address - 2017-05-16",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "48np7fEXZBwPVzhDk5MeZoai4iLAAharXK62ziZe8SFpdmGW87n8GHoTxC5RftYLqwQNaSUjj5bHvXUTVBWgsm7PTBW7xM3",
"ShadowAttribute": []
},
{
"id": "32226",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b6313-3770-414c-b620-1053c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967059",
"comment": "Adylkuzz Monero Mining Address",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "41e865C7LukiMhsZVdWQTy5AFEqBD1jdj9XpRJsLyyy9d8WxWfZz7YVZdo54gazL13ZBcXHU5w2XzZKKsDYKifFkL9CKLj7\u2002\u2002",
"ShadowAttribute": []
},
{
"id": "32227",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b631b-a0f4-47eb-ab7e-54ddc0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967067",
"comment": "Adylkuzz Monero Mining Address",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "49v1V2suGMS8JyPEU5FTtJRTHQ9YmraW7Mf2btVCTxZuEB8EjjqQz3i8vECu7XCgvUfiW6NtSRewnHF5MNA3LbQTBQV3v9i\u2002\u2002",
"ShadowAttribute": []
},
{
"id": "32228",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b6323-8c74-4bc3-bb27-18d4c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967075",
"comment": "Adylkuzz Monero Mining Address",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "43QQVin3CQ3cissW2ThASdjVnN7adDkqLcxiKRxauMnTRPuFqKAzZ2b2GgVtPfkCMc9emEAZRmpcydeobe2GbvTu9dQbhq9",
"ShadowAttribute": []
},
{
"id": "32229",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b6373-3db8-438b-bd20-46f1c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967155",
"comment": "Adylkuzz Monero Mining Address - 2017-05-16",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "4AUwCvi1ySzCsVrmmMQp9BEsSDMv2sRL6bRFy5UmwkEyXwVNwRUqi3nS94kNxGbVNn6Yg3aposmb3eWbFwGAZzvVQKmgpmX",
"ShadowAttribute": []
},
{
"id": "32230",
"type": "pattern-in-traffic",
"category": "Network activity",
"to_ids": false,
"uuid": "591b646f-7740-40ac-acee-1053c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494967407",
"comment": "Adylkuzz Monero Mining Address - 2017-05-16",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "47YGDuw3gd8CKmiRgrq9DmGcH3VuwPP5P2M2S8ZmVQFqHfsebMTEdRgbW9H81mNqFTg8GmC8XXbTUL2YBB6Yko9MHA6hfRv",
"ShadowAttribute": []
},
{
"id": "32109",
"type": "url",
"category": "Network activity",
"to_ids": false,
"uuid": "59199425-f058-4e2d-a62f-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/icanhazip.com\/",
"ShadowAttribute": []
},
{
"id": "32110",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-0d58-4a4a-a739-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/08.super5566.com\/mine.txt",
"ShadowAttribute": []
},
{
"id": "32111",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-c770-489a-9d98-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/08.super5566.com\/86.exe",
"ShadowAttribute": []
},
{
"id": "32112",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-a000-492a-a77f-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/08.super5566.com\/install\/106:0%20-%3e%20127:2%20-%3e%2065:0%20-%3e%2067:2%20-%3e%2080:2%20-%3e%2081:2%20-%3e%2082:2%20-%3e%2094:2%20-%3e%2095:2",
"ShadowAttribute": []
},
{
"id": "32113",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-ff30-4a8e-a253-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/08.super5566.com\/report?hasWanIP=false&ver=cpu1.0&os=Windows%207&arch=x86&cpufreq=2%2e243642&cpunum=2&mem=2&id=b261e76261c59d800fd6f21422551f6e&m_procnum=0&m_exists=true",
"ShadowAttribute": []
},
{
"id": "32114",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-ef4c-4991-89ca-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/a1.super5566.com\/07.lua",
"ShadowAttribute": []
},
{
"id": "32115",
"type": "url",
"category": "Network activity",
"to_ids": true,
"uuid": "59199425-dc2c-4211-ab13-635ac0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848549",
"comment": "Adylkuzz Callback",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "http:\/\/aa1.super5566.com\/445.exe",
"ShadowAttribute": []
},
{
"id": "32126",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-3518-46c0-80f6-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\Fonts\\msiexev.exe",
"ShadowAttribute": []
},
{
"id": "32127",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-8690-4c40-8c39-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\TEMP\\\\s2bk.1_.exe",
"ShadowAttribute": []
},
{
"id": "32128",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-fc58-4cb2-89de-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\TEMP\\\\s2bk.2_.log",
"ShadowAttribute": []
},
{
"id": "32129",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-a368-4539-8264-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "msiexev.exe",
"ShadowAttribute": []
},
{
"id": "32130",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-a9d0-4197-8bbc-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\445.bat",
"ShadowAttribute": []
},
{
"id": "32131",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-5ea0-45ff-a8eb-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\system32\\SecEdit.exe",
"ShadowAttribute": []
},
{
"id": "32132",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-5abc-47ee-9868-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%WINDIR%\\netbios.sdb",
"ShadowAttribute": []
},
{
"id": "32133",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-3d78-4c1a-b3fa-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%PROGRAMFILES%\\Google\\Chrome\\Application\\chrome.txt",
"ShadowAttribute": []
},
{
"id": "32134",
"type": "filename",
"category": "Payload delivery",
"to_ids": false,
"uuid": "591995b2-291c-4391-82b8-6345c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848946",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "%PROGRAMFILES%\\Hardware Driver Management\\windriver.exe",
"ShadowAttribute": []
},
{
"id": "32125",
"type": "text",
"category": "Payload installation",
"to_ids": false,
"uuid": "5919951f-a924-411e-a4a5-6348c0a8a8de",
"event_id": "1731",
"distribution": "5",
"timestamp": "1494848799",
"comment": "Executed commands",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"value": "taskkill \/f \/im hdmanager.exe\r\n%WINDIR%\\system32\\wbem\\wmiprvse.exe -secured -Embedding\r\ntaskkill \/f \/im mmc.exe\r\nsc stop WELM\r\nsc delete WELM\r\nnetsh ipsec static add policy name=netbc\r\nnetsh ipsec static add filterlist name=block\r\nnetsh ipsec static add filteraction name=block action=block\r\nnetsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445\r\nnetsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block\r\nnetsh ipsec static set policy name=netbc assign=y\r\n%WINDIR%\\Fonts\\wuauser.exe --server\r\n%WINDIR%\\Fonts\\msiexev.exe -a cryptonight -o stratum+tcp:\/\/xmr.crypto-pool.fr:443 -u 49v1V2suGMS8JyPEU5FTtJRTHQ9YmraW7Mf2btVCTxZuEB8EjjqQz3i8vECu7XCgvUfiW6NtSRewnHF5MNA3LbQTBQV3v9i -p x -t 1\r\n%WINDIR%\\TEMP\\\\s2bk.1_.exe \/stab %WINDIR%\\TEMP\\\\s2bk.2_.log\r\ntaskkill \/f \/im msiexev.exe\r\nnetsh advfirewall firewall delete rule name=\"Chrome\"\r\nnetsh advfirewall firewall delete rule name=\"Windriver\"\r\nnetsh advfirewall firewall add rule name=\"Chrome\" dir=in program=\"%PROGRAMFILES%\\Google\\Chrome\\Application\\chrome.txt\" action=allow\r\nnetsh advfirewall firewall add rule name=\"Windriver\" dir=in program=\"%PROGRAMFILES%\\Hardware Driver Management\\windriver.exe\" action=allow\r\n%WINDIR%\\445.bat \r\n%WINDIR%\\system32\\PING.EXE ping 127.0.0.1\r\nnet stop Windows32_Update\r\nattrib +s +a +r +h wuauser.exe\r\n%WINDIR%\\system32\\SecEdit.exe secedit \/configure \/db %WINDIR%\\netbios.sdb\r\n%WINDIR%\\system32\\net1 stop Windows32_Update",
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [
{
"Event": {
"id": "1740",
"date": "2017-05-18",
"threat_level_id": "1",
"info": "Malspam_MWI_4620_170516",
"published": true,
"uuid": "591d6d42-a248-45b3-ace3-3ba9c0a8a8de",
"analysis": "2",
"timestamp": "1495101870",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1735",
"date": "2017-05-16",
"threat_level_id": "1",
"info": "RIG_4615_170515",
"published": true,
"uuid": "591b5722-4f64-45ff-9037-54dac0a8a8de",
"analysis": "2",
"timestamp": "1494964261",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1700",
"date": "2017-05-06",
"threat_level_id": "1",
"info": "doc-lnk_4568_170426",
"published": true,
"uuid": "590dcab5-ad58-4df4-a0bc-7802c0a8a8de",
"analysis": "2",
"timestamp": "1494077376",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1701",
"date": "2017-05-06",
"threat_level_id": "1",
"info": "url-to-doc_4569_170504",
"published": true,
"uuid": "590dd624-e274-4c7a-9ddd-66d0c0a8a8de",
"analysis": "2",
"timestamp": "1494080566",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1688",
"date": "2017-05-02",
"threat_level_id": "1",
"info": "malspam_docm_4555_170502",
"published": true,
"uuid": "59087a62-ba00-4a5b-851e-2f7dc0a8a8de",
"analysis": "2",
"timestamp": "1493728287",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1680",
"date": "2017-04-27",
"threat_level_id": "1",
"info": "doc-lnk_4546_170426",
"published": true,
"uuid": "5901e9b5-cab8-4d10-af94-0509c0a8a8de",
"analysis": "2",
"timestamp": "1493306101",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1658",
"date": "2017-04-21",
"threat_level_id": "1",
"info": "Malspam_linktozippedjs_4521_170420",
"published": true,
"uuid": "58f9d790-78f4-43a8-87cf-1355c0a8a8de",
"analysis": "2",
"timestamp": "1492769025",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
},
{
"Event": {
"id": "1649",
"date": "2017-04-19",
"threat_level_id": "1",
"info": "malspam_linktozippedjs_4510_170418",
"published": true,
"uuid": "58f7c099-a094-4150-a814-4f8fc0a8a8de",
"analysis": "2",
"timestamp": "1492635381",
"distribution": "2",
"org_id": "1",
"orgc_id": "1",
"Org": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
},
"Orgc": {
"id": "1",
"name": "DNC",
"uuid": "5749cdb1-1e74-450f-8baf-3ba5c0a8a8de"
}
}
}
],
"Galaxy": [],
"Tag": [
{
"id": "378",
"name": "dnc:infrastructure-type=\"exploit\"",
"colour": "#7f09a6",
"exportable": true,
"hide_tag": false
},
{
"id": "705",
"name": "dnc:exploit=\"CVE 2017-0144\"",
"colour": "#0078d6",
"exportable": true,
"hide_tag": false
},
{
"id": "707",
"name": "dnc:malware=\"Adylkuzz\"",
"colour": "#fff500",
"exportable": true,
"hide_tag": false
},
{
"id": "708",
"name": "dnc:malware-type=\"CoinMiner\"",
"colour": "#a0a300",
"exportable": true,
"hide_tag": false
},
{
"id": "709",
"name": "dnc:packerp=\"VMProtect\"",
"colour": "#cc6600",
"exportable": true,
"hide_tag": false
},
{
"id": "530",
"name": "dnc:cdnp=\"Cloudflare\"",
"colour": "#f5821f",
"exportable": true,
"hide_tag": false
}
]
}
}]}