2023-12-14 14:30:15 +00:00
|
|
|
{"Event": {"info": "M2M - Locky 2017-10-03 : Affid=3, offline, \".ykcol\" : \"Emailing - DOC123\" - \"DOC123.7z\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}], "publish_timestamp": "1507106042", "timestamp": "1507106049", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "59d480bb-aba8-45fd-b40a-46bd950d210f", "timestamp": "1507106041", "to_ids": true, "value": "b75bd60dc3686fe62eb4a4a8372be966", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59d480bb-e56c-4642-8e7c-dd82950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://420ent.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480bb-616c-478c-9cb6-4fb8950d210f", "timestamp": "1507106041", "to_ids": true, "value": "420ent.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "420ent.com", "category": "Network activity", "uuid": "59d480bc-ab8c-41ce-a602-6a98950d210f", "timestamp": "1507106041", "to_ids": false, "value": "98.124.251.72", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-827c-4805-addc-4fcd950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://acaciainvestigations.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-11ec-4a1e-a167-dd7d950d210f", "timestamp": "1507106041", "to_ids": true, "value": "acaciainvestigations.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "acaciainvestigations.com", "category": "Network activity", "uuid": "59d480bd-add8-4985-b92f-40c8950d210f", "timestamp": "1507106041", "to_ids": false, "value": "208.79.200.25", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480bd-bd08-4a33-af0e-dbc4950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://aimonino.info/p66/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480be-5fd0-42af-9334-4890950d210f", "timestamp": "1507106041", "to_ids": true, "value": "aimonino.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59d480dc-287c-49e2-ab55-4224950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://atez.vn/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480dc-4c14-4b62-891e-dd7d950d210f", "timestamp": "1507106041", "to_ids": true, "value": "atez.vn", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "atez.vn", "category": "Network activity", "uuid": "59d480de-5b54-4988-a5e9-430f950d210f", "timestamp": "1507106041", "to_ids": false, "value": "203.162.31.116", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59d480de-a008-4552-8903-4ed9950d210f", "timestamp": "1507106041", "to_ids": true, "value": "http://chimachinenow.com/uyitfu65uy", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59d480de-55b0-476b-93dc-43c2950d210f", "timestamp": "1507106041", "to_ids": true, "value": "chimachinenow.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "chimachinenow.com", "category": "Network activity", "uuid": "59d480de-f6fc-40c4-9d6d-4846950d210f", "timestamp":
|