misp-circl-feed/feeds/circl/misp/599fc448-9ed0-46eb-89ae-93c2950d210f.json

531 lines
739 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2017-08-25",
"extends_uuid": "",
"info": "Malspam 2017-08-25 'Your Sage subscription invoice is ready'",
"publish_timestamp": "1503643423",
"published": true,
"threat_level_id": "3",
"timestamp": "1503643332",
"uuid": "599fc448-9ed0-46eb-89ae-93c2950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#3b7500",
"name": "circl:incident-classification=\"malware\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Locky\""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "url",
"uuid": "599fc45f-ade0-43f5-9c6f-42c1950d210f",
"value": "http://gumart.com/SINV0709.rar"
},
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "domain",
"uuid": "599fc45f-774c-49cf-b610-4576950d210f",
"value": "gumart.com"
},
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc45f-eddc-4839-b143-49fe950d210f",
"value": "204.197.248.45"
},
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "url",
"uuid": "599fc45f-f61c-4ec6-9bbb-4f91950d210f",
"value": "http://haleshomesales.com/SINV0709.rar"
},
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "domain",
"uuid": "599fc45f-fa40-40c6-92bf-40f9950d210f",
"value": "haleshomesales.com"
},
{
"category": "Network activity",
"comment": "1st stage download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503642719",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc45f-0400-4fea-93d2-44ce950d210f",
"value": "173.192.66.137"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"data": "UEsDBAoACQAAAMI0GUtE048G/wcAAPMHAAAgABwAMjRiMjcwYjRhMTA2ZGEzNWUzOTVkOTc3NjBjN2Q0YmZVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAIaPbfM7iTTvoxcmDVB04vr54TPZXBF1HTQcFDP0lfgXNipKMtQlwB48DRdChVhTGKdOYcxbWh1Isg/ZedV721TVm9HcSeGC5+zzuyhNs/GqLIIPoWmHeXoUUKabpwvkYwh7c0GfWcqzUc/qp/VND4DWqu0CqK2UjxdTaMbykEyu1d/NttmvkRm1hCjoVuPrmCkopapwd7g2Wc2GKfHzrvXuaNd/No/Jw65gVr678z/dWBP4C1GIIs3HZaKA5u9aLsPdygALHiEOE7oTFcKZzeDHpFTN7sdGmcysm+WXOiSfWEVqWfmgjDKiel3FqOpvDkX4K0bRgZp6WK1ooBS6lO59zlD4t62L2XDtT3izZKlSIRgDRouP2mOJWcig3xPW9a5QmuORPdRqHTXPfP6N/P5KMKNTKbxacqJDEy06Ju94bIaAuRMa532BCV4ahru56zt/iAOcqoIXu95nHiWTyO8Q26f7CNkT/x+FV24BGQ+L0S/ydX84VfbkGUx2gYTEt3jzDJIEIQUIxeJh5cLhoEME+l2K17vB+Z914hvg8UVbQX9o20nw07fag0cz1HOtlynsx//pjHdRUFgT51l9nusn6Bq29lCxKk7ZiFATABItOCrC2sJZB+RYYXuKB8gM82o2LYn374BFu4S4UjaTSvsahMeQGXHz60cZgWI0PLuw68oINh1JQXc+qsO9VXOfylh+f0r+5Wgp0PT2CLcife9qhigKBhjhthjDENR0cYVfQlmjmv5kTCzOwdH/LUYSMokPlKMezi6ATLw5U9lIBHSkbozpDqWUL7loQigCConVAR52/XNs4+bAYEDq9U77D+glF0yM0BfqhJ3z1Uid7/fDJ8gbOGzEP1IR0ysaKz/jaLkRQ4mzwyLrtJbrANCQLHVteS7nRZR49H8tONBrNXChSllB8ieT4Z7Zp4Sphl/XeXz68kBtjLB46/6m7FSUXRXbJ3uB1B5/YzYrQGr3pgUCKtt8GBmMlb9h5dIJZFIKcEUdFXBl4fUD64HcoOpdA6m+fGTM9s98EUErbY8rwvaWCrZVZHiJvwQVqbNpB/ffgtZyGrHSp4opWDAFbm+xYwIjVwbXvU7NPUgWIvGCsqcAjHyBCxlmm7rPOljUmVJI7EdAQsxBOht3kvUHRG2oPhvob/KYRPqehW93utKYHJYGS12nuQ10ULSZmRJ3LifwzSa/f2caC53YamCQzh7z80K9GIMl9JT6CgkoJ0M1tCPN3/gVM1Ot3l62WYey06JeMjuJ5cVYuAw6Y0gFEZetKZ5AiNAj+/0lrAJxB4FBpO6N9GILgH+RefplBqN2LE8qOADVvqxU6vaqMgfpgbbulDUS5KpxqvGHecMIVWTF0G8VYteMwEXf3SZO74i0mg3wRVR+dwspwyEbcF3Feo0B4iUtCXDjB73/BXev70Ugr5KuoDTt9VnhXcabuVaGB03VdEXj6LFsXAbTTAmHQzAWbIbMkg5jE2wfdcQG2aGSyLhkQvJd0NcHhv8ByciIbBXUs5UWMPP4HPYlYxmOX9fjpbAVdtuDqz66ePTXtLEHAxbCf94XsbYhr5PP3k2yDJgJ9sk+aeQTtluQC5vaemM015hYqPFPzWhwUbjckpbjQLlIb496OGkXa2XU9XzPN/NxekybYVEYEoBgtbZmNVQKwpVqoJz+q2K3LB9fU8uyN3Oi4pcQX5sdh0Pct3ieiAdGmQcWw4KWREnTybXenjdboRu1DN7E9faxM+NefLNw6WTT1KbQl6WsJaM4lMbvKCzS76WHIYGG37IWYGHyzwycN2Ceojqb3Y6M2bO8eYTajRyPwy2uwne2JBLTRRV57PRDXYmPBpRQaqeXaqVuOS6qoqIUII83ReX9N3IQVPPNs29ULuWjm5LQkP6WVjnBgqRBdx1n6mc2UjlHdgmfIyxFhpVWghtQ41ZOh4WJxaPqUWHWovkTmUvDd1LPEpDl1OtdBc/VBcsKLS7UbUw3Xi2jeIJJhFU/JctJ2mABPnAuXHjKQyR81uSeT42db91rVRtAdsUVIV75lE+y1XO53/rgKUhlyE9MCfUOqsqrtGIcj3v06MCJ/IqhURCUPLzf5+k+h/R9WscKin1t4mZrytFiOb6avi/lMeAS0Piq61Quf2ynKoHppOl1VDkiG7pBeJcPnkx2Ufh0aXzq345+GvfJsOBp7kNknHLLULknM4l/keM1nbVoRfT8aPetAzxs+zehqtB+pBXKd972ZSway2VxHorfvULh9CNgnI9DdOlwFFkW/qVR2VSqmiF2AZELr1xT/FzxOH/icMhEgsaQi3uyJZJOqT77eN5Nq3+IUE+76oJQDrem1sG7O5jiiPjPLh66L/+YizBxpWgKgmlbXEm6QjVgKWp26fYsd8clCFVzm1cMhn3yx3xEHXkvlY/EayjVrcinTkAwJqrp1UnkXragg4VxrjpMrRBXtfzJ7sLRnYS1Cz3wxUtD5jtY/dZLF1+tgYG7LrRPBGNLJrRg2+sxvocR/uG69k2pjPx4gxxYmO/xYkGFEOE38nmmZuwTyg0G9ndTBCJS3F/iiktqOobdK21vp7vkbHhF6iHaD237qudGLJ8rAwNW+/z2kVClIUBP/cl5GYnSuiBuWkflpGFpyqgLd2iH1GZjkFyF87l2AWhYvm5BiwZgpUjdiT/4gc+tyqq1VtEafUeLNvXkBmS19tL3D5esKJL7GJFQD4hSU/webOPWOl8KIK09AKjPAkVBLBwhE048G/wcAAPMHAABQSwMECgAJAAAAwjQZSyhdOYkYAAAADAAAAC0AHAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAVQMdOzr+zKj8fWfRqdjMY+Mj8TPBIkj3UEsHCChdOYkYAAAADAAAAFBLAQIeAwoACQAAAMI0GUtE048G/wcAAPMHAAAgABgAAAAAAAAAAACkgQAAAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZlVUBQADzMWfWXV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMI0GUsoXTmJGAAAAAwAAAAtABgAAAAAAAEAAACkgWkIAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA+AgAAAAA",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "malware-sample",
"uuid": "599fc5cc-07e0-4acb-a64d-93c2950d210f",
"value": "SINV0709.rar|24b270b4a106da35e395d97760c7d4bf"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "filename|sha1",
"uuid": "599fc5cc-87d8-44c8-8729-93c2950d210f",
"value": "SINV0709.rar|bace8533f660fa525072bb704973148504fdbf42"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "filename|sha256",
"uuid": "599fc5cc-febc-4fb1-a1d7-93c2950d210f",
"value": "SINV0709.rar|11e77e2b4ff4a3fd2cdd20f7896a2b44a426978d378a9557fbf60aee318e92bf"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"data": "UEsDBBQACQAIAMI0GUs3+d7LrAcAAIUVAAAgABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAmaNbMgCfeIQ7klwTn4UVCl/jD/NrsnzFBIXeKk8UxP4IAXsPsdC49MXxnyZrLZOECKpV7WDIR7ES+kPGP8tC/waJItjdncq0vAeUbpqbnlLnatzWOqNyBfhVsRZXL7eCLZcK6M/wX0qsBo0k1h0ysCwDAAJ8gL3pmzhaSbeSZVyx8SZxRotkRaxgUoIRk5KdtSiNDOTcoAKvraNz45tdRKoTx7NoKlAGIP+PpnL+5X1NgypacvwUKu/2ZdVSC+dAD0OQ9NzErVuQvZHKvT8ChgBi/I0EjGwLuPsRSibNWSYt27XneDAtkhx4mndbU8+1TbpGsV7v+slZa6bUw0JRU/pYGGUYo7w8j1aUmq3xIF3cTAzs5GnCahl5vR+UiP2Nm8+P9//27MaxWScm5A1/QcSJv8i2enpi4erF8T9TqM1A+tEYwoC4S7lfHlbovrNAlsk33C/SW0HJGlMKves0ZYKUIYImDe1i/2bAv7vCO/nyvHTCm/PMJafe97bg7H0BymTnfn7qJWFFgFbsuLxWxfCbyd7C/tjWbzbiigT9ogO5o+Legk6GrrAXnxAR+TwsaVQlpfvJBS798ZieWH5YufFqMaDMExKPA/PXLvJlB1+HZ8lVP6N/1ILep7Z2LupMI+IUZN7kbTImz2mSVFmLhrq4y7s1hN7Zt0BCScNCVb99s1AjsN3yW8hDjIac+J8GcXZUEFbn8Jn88BMLNiuvXZmN46wr1k1/S5tr6qZMPmQ+xn4im46/BYbV62hnsFOXdHojT3czccuRQOgLvgTLUBDysBGi4e/KEbh2CREKuS3CGoEF+vNmA6Bi1IW3okfKG+YI8ZoMx8bY/HhZ9PjesTmB3YF6lsm9+BqoWRtQQ67J6LsW60Bs/0JKl9b8OdZnr8r6zDGhN8dCiQqe4E+PMVENQLQbQKE6FDxT72RVJVfpRUcyoXtEFLx5MJDOSw8QzO6tplbtfb/+iMuf0Qv0MOnh90d6WuTWUUT5eVnOZIORvZNha6ky1gk9kYs/oGctYZfEn5obO9lFPo1qAPuSCMtiTr0FkzMQL5FHts1+cgmC2zl930l9RZ6MeOJMBfX0EIXSUIzIuS2xvYtw2nwg6VBYGYsOPII2qmNEYXUr6a763dZ+A7sOYhQaFnCARXDf8ndXYl9buZ2KKzylrrz14SfNvrgdKQ7L2g1ZMI5fHr1s10NMcDuf4VNmVK7PmkFnqwvViVUt0/PFiLjjO5nMHO8qIVqagXUxdBda5GWreUw+n9+n4cfs+R02UQjwCSHuFt71P86OrP4Xop5M4XK3Tqs9mCVNIwt852HJNXvd16bNaJSSLkmi+D7BmmTDAZ47NIKJa824CrMZoCTVx8ibZC9MPIwk8JkPpbZOG6Rsh7zbybMXU1T/G2MMVR4NDcze8AtXFdD6Jg5B0rRX8bB7aUk3hQTkyEM6LVaeWSsqK0xaZ/TWzEOk6IiqHXJd9Yy+7PMb0wglozVDKyd+0rxPrzYmnjnLXRxMcpk4t6spSTZmNIQ2u5a9ATijY0X8oejIrCSlLed76TNNmUg8fDEks0AOCwErN6+D3c2LqQU4+DUexN2KAX/vRcPbIgs3pA7aFDU+eMGm4a88clJluN96e2/sNK0Xy7JlXgwU7dhHF0vi++fRxo9OP+RigfJABqpUpafpVfmoD19FxfAg/AVqs+VvyLSM0bto+vRO72jNhYzIc3Luwx86Wa+IjX2IAwtqx8SypVNo669/6at03Jco9qyd3zaeWgBoD2XBQDSNu/X/JYZZLOYhq0AAMpOT+h5LKu6TwloDw5Y/dTxUBYCW/uvwPDdQdO7sWmVTtmDgutqtpNik8RS7KVZvXDrrLzL9CKFRwUGC1i0SegbgVGczIysoGklFe/uMvxsazJtlLPnBsqhqcwZuRa/ftXDTCXJ1NHVqdo4+qCpcmc6FOnN8n9+Bz9KxIv5Ujn/4QVSHQYXgRyDPhq28uAPQNgqfaI/96nonH6cOHjxSRa+Jx9AXS8Ih9gd4Cax1blyyxaQTJ5YU1qoFVmdbmPdJtkSG/2UqCGIq7j4WXX5F78fwjLHJah7JLZ5NffHhrncixFpf7Y66WjF04XK1JmAUFwwLJMVcRoxMAPUfGtQyFx8yFFRQYKxBwctKnaWVtNVnbCmRPV1gysNLtf8PP6jUa8K+9wDANoOL/v+MGCCnYZQpwBCMyEF1SCHHUTpHLOS2kL9Zlg4NZkaCPOK8MnOPKLkeFBux/N5btfZhbpw6Te3rtXNOqBAHPMRC6N/Oi7uRjYRB1ycXXhe35ia2wGotIYk9uToSFs5NnHEwwWh6sDfukdun4FqKLNarAiUG85lfMD6nFwOTsT7b2ARBlHbCQLtYlNO2Mo9XSpU73loA2/RQxjBOylfrsnu6e1qJsXcN6+qtYNv735fSF9+lVSsB7odleBn4wZgNjKQMsjefc7PflE94EDWZ4rEhbyLrCAizux7dYM89k+5DXIJmxdsskEP2lyoptw+iAU44jz9ifJasO/k5spn2/32yZhciCBtGO/FqpV1VsNSTiC+ijw4sveUILph2LtdykZ6unzVTN/ErQh8eW4kfWG35UaYJyac2MAKoJyvVUM/P9ZUrfxirzjVQSwcIN/ney6wHAACFFQAAUEsDBAoACQAAAMI0GUuhlhrSGAAAAAwAAAAtABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQJAAPMxZ9ZzMWfWXV4CwABBCEAAAAEIQAAAFTcqwWUTJbpdGcdbknhFqM1VyMgYhsnm1BLBwihlhrSGAAAAAwAAABQSwECHgMUAAkACADCNBlLN/ney6wHAACFFQAAIAAYAAAAAAABAAAApIEAAAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADCNBlLoZYa0hgAAAAMAAAALQAYAAAAAAABAAAApIEWCAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQFAAPMxZ9ZdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAKUIAAAAAA==",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "malware-sample",
"uuid": "599fc5cc-3ab0-4687-8040-93c2950d210f",
"value": "SINV0709.vbs|b2de4893f687e0416fde35ef9ea59095"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "filename|sha1",
"uuid": "599fc5cc-042c-4b2d-acbe-93c2950d210f",
"value": "SINV0709.vbs|3490bef54f73a02e244cdec001f871e271fd58e6"
},
{
"category": "Payload delivery",
"comment": "downloaded stage 1",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643084",
"to_ids": true,
"type": "filename|sha256",
"uuid": "599fc5cc-0cd4-4a76-ba09-93c2950d210f",
"value": "SINV0709.vbs|aa75f8ecb2a990615dc534155a15fd9d8ea99ca2db718e8bc6092dc07fda9b2c"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-a03c-43c8-923f-942d950d210f",
"value": "http://bromesterionod.net/af/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-3ae0-4f81-a101-942d950d210f",
"value": "bromesterionod.net"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-8f48-4237-b7b9-942d950d210f",
"value": "47.89.246.2"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-1064-4657-bba7-942d950d210f",
"value": "http://go-coo.jp/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-5d28-477b-ba6f-942d950d210f",
"value": "go-coo.jp"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-5800-419c-b00c-942d950d210f",
"value": "203.183.65.225"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-6d68-4d3b-b9cb-942d950d210f",
"value": "http://haboosh-law.com/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-bb74-4877-aa55-942d950d210f",
"value": "haboosh-law.com"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-9bbc-42c1-8832-942d950d210f",
"value": "80.244.168.26"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-4748-4e75-a0c2-942d950d210f",
"value": "http://hansstock.de/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-b1d8-4956-9986-942d950d210f",
"value": "hansstock.de"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-f1f8-4dd1-a886-942d950d210f",
"value": "85.25.124.78"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-62e4-42ad-b741-942d950d210f",
"value": "http://hartwig-mau.de/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-f7ec-41aa-9879-942d950d210f",
"value": "hartwig-mau.de"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-f260-488c-b6c2-942d950d210f",
"value": "81.169.168.153"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-7cb8-4c9d-be1c-942d950d210f",
"value": "http://hausgadum.de/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-9328-40d2-9561-942d950d210f",
"value": "hausgadum.de"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-9f0c-40fe-9f54-942d950d210f",
"value": "138.201.230.90"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-e828-4d76-9d63-942d950d210f",
"value": "http://hausgerhard.com/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-99d0-4da5-9f23-942d950d210f",
"value": "hausgerhard.com"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-378c-43a3-b7fd-942d950d210f",
"value": "92.51.164.62"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-0790-413a-bc3c-942d950d210f",
"value": "http://hbwconsultants.nl/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-8cd4-4776-9a74-942d950d210f",
"value": "hbwconsultants.nl"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-1564-475c-8d6d-942d950d210f",
"value": "109.237.218.40"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-a78c-414d-a9fc-942d950d210f",
"value": "http://hecam.de/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-2b74-4423-a192-942d950d210f",
"value": "hecam.de"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-09fc-40bd-a005-942d950d210f",
"value": "83.169.22.79"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "url",
"uuid": "599fc64f-cf84-4146-b631-942d950d210f",
"value": "http://heimatverein-menne.de/HygHGF"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "domain",
"uuid": "599fc64f-87c4-47e9-9f76-942d950d210f",
"value": "heimatverein-menne.de"
},
{
"category": "Network activity",
"comment": "stage 2 download location",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643215",
"to_ids": true,
"type": "ip-dst",
"uuid": "599fc64f-a9d8-40d7-9b10-942d950d210f",
"value": "62.75.191.150"
},
{
"category": "Payload delivery",
"comment": "stage 2 - Locky",
"data": "UEsDBBQACQAIAG01GUtNrqTVLWEIAAA+CgAgABwANWU4YTE4M2E1ZmUxYjBiMzZlYWY2YTdhMTBiMzBmYTVVVAkAAw3Hn1kNx59ZdXgLAAEEIQAAAAQhAAAAiClEyZ9QjAaIExJHEA8R6kuAv0Nx18NcSciLRQQYPIRTRx0M6w64Bk4NJO+WV5QEztdx8MYyjC4AWFPAcuDvr+47QPUDD0PrkWPC1jMa/RZr2/pq857o1JS79w7x46466SyS5ePYNf3GS2d9d8UhEtWGDj/pnaN1wH8KumH03ela32jt5CMiI7NCejEndxqEJiqBpfsBVfQsmvT44M1pWTUro23uQAEVuW/OkhlkG2n+XNoGbX+M74oDE0iCSb5jLPFL2RBpyNhHO62cbnrHhLL5684MoafPTvOS8LwwJQhVC1fycarvHNF1VxCRY8n1e2wCMlVaLw2xIz67g1f+SVu5aiyovhjBk9t17ntINjuiqYAXQ5wC+JYQTt1kSrgasdvUleAqvfvFbKPDok/eNaA45vQX4dwwG47cW9iJ2lR50dmvDFrUjg9jg/YJMU4Cw8CAA6xw7+ZUTwGybBX7c6kaVXMjfE45OImIjwKVorsNMQapP/F+vk5vpeRrFMuf6em5u4NtgCIVay6R++zQLslbtyLcT689PJxzPVw0oWT4I+Gh1Kihn0r6W6D6lQBjnHERkp34gJ8FRfxjc41Jx8rs8s5RpGEHWSCFTmeD9PDQ5Ku/LiZIRKPz6SCH7HDQLyUA4W+LUa9RXAhJbmmjKmqfrxBVtsCu9ck82zVuwYrTL95MiRrleJ2KoJ5MnEFGNO9W3DFad8ptkSVhRJYuWwnHE+1YC7BdTe2cSSGZ6Ab5CrcyLS08cxt8DbbGV7REQAMcOYI98hUw+Sa0kwll/VXW6u9T/4GUNpl0o+zTL6ZvH3GDDG1tUuxrdG0BH20DZnqOx3FdRrURMDVRxmj5bAUYKJ0FQXjAFjZpIFWMBYD4R71kF4xwPSekHCIhbVc+DAbrfr9lOPWk6HKF6jS6i6iZx4an/5RJzNG4DmHZyEwQQWQ1T70HvSDgJ76IUG2kcWlkmCrADQoHR8F9BWkztw2ckZme9g79Dlqvpp7Q2epxIgTJSiUo+ToYIoYcjwC+7IInSzc2XtULIsMBZ3z/JWniZAZx08UhrS8BhMdYvZohUCuDQeYTli7CuaTawUpeF1f5xvQbBpAfd+4+oRILrqQYcLAAMvfznzBvNaJ8OWoS53utOBNfi3MVMYLUj1oCwRuAb5acjw6hG9fKSBKwJ3I0kHfOXCPhrJipFh0EUsUZA+8Hqtd++j4ibU47QnZ5CdIvchubsy8QF4rX1DCkyAiw3EwLnekECrGZPrz1TmkNkO/6q1jT7dcTzGp3wXHl/bQ5A0BlY3okauy5wFKoaS9RTo3g49fv8FzyP3NK8hJLDyptXZwBZyiyklf0QBcx0Bv1qvbvGE81Dtd24QWNDOPRuquJcXHKbxfDFziUZ3NdEKah57DgyyXsjlpAXt8MftLK+TPxq0Gy30+moNXLHVa1kCBbsbow06EdHNZ7SOY6eXduNjfnbCda82lYUtNjrxBZmt1ajQPI8lD1yuQTTlf1SyHFpSXwLqr75KfXQN5wUooF4IAC8c2MC6Kb+5ESLZNkrXtcAU5F2zajJS+6lxJeGGL1ju3WiFR2vPNids+W7ity7sMVRQSscBkWD2BSF7NCGrsplwfeApraLIIAf1Yl6+x5/E1K+KgOuUFiV6m879w8xYgMl0s3Lc3f8jCcEC8/o+wYmf860XztsuNgOjRksPGQExLkA+As/XXoEDG1bvSDymxpwlukzFaYVZz76hIDYFu9A1MqpXugfxPPiiefwbALN+CX4V+IbxmOUhSE7wlYcbv/jfO3tIQzjyKRDt8YDt1HVRefbKH63dE3TggAS9nAY3OVWbDN8U+CbhPC6+quMxX27GOWI5c1WMyneGtmjuBM35YaxLnCgpWbDCOFs6At8Q2pdSwajRqcz0ue5ZPpeVIZvPsJpO+IW2W4pN7VASTTPA85X5CyRQ5/wJISH0gN5GhbrFHDPDhLJD1/iXJa5aYCw6ImMheS4SYa3jcZHKDqCP1fi+HaFpEAqIwgLMsQAvBZriXpNAJdzxM6meyRHGZUnzOY5jLuRx8ewjlHdNGgm5a7CI/Z7uV4Hx+aL1p3nqEAwkIxLzmu8TCBRgbZs6tuCQVJeU5TYaRbkfFO365YnVnd7Twy23PVikV/i1p3LIlcdBS1ykynauZSaUGiag+U+tS+9bvXgQQokzn1Rv4qGVaQutZ0LBE3u2NHKmH2QJ6Aquj9ZydGthVM6gtdBS8GegeCX2yFttBrB13fXqOkfWyEcHR3e2LZDS3ug88a5FDXwzzdM99ZxLQhq3Ox1iXpVkTT3oOZQO2rwyBUyKqbGQGMYgIfTlrcx3FKKFlplt0m0jyQ/0D1qmik5N6pCPv51WehCFbi+uYQL8SXlqHD5OEM0D88p1S0Ywnum2gLai5kNOJbtRtImZnw+2B6N7qux4k/KPxq1W2S8t+ncP6ZPqnDbcYMvRiClZoFpiuniAYCokBS/1oyNhgmiY/BmRDAgHYtHgM3GEyxEPmN0Uo189eQGW2xb3VCa8L3i+S7dlzB/qsc5XtSbznRXhgaWdIfmbLVqQJM4s+bePiitp/+EfqoQeOYCkmQf6O6MJHmcj+i9U3eKaYLj8PxtnEheulKS5lL3ge4KG50T2V7E71gkBbfXV/UhZTY/5n59JgiCBHcYtc2nL7IhGo0zBDgaCg7qgmLVl72zOHiz4tksCKRUVT57ZODX9TsUjX+Tz+Ee7SysGHlr4Iu1Tt4Gwt0LKdUxP6CUZas5aA2N6v+sjOHtRofA8jiWIN640XLZAvPjv9BFA0lapWhue2pYvsThnWM9nopjnMPSufd6DkU83pNeLWsRQUNfO6lK4ysD1pbzjxANpJnyUT5hQa6icQJZcHM1d/pCSIjfpWrkzxvY49Q+GCntQJTlgG37usrnhC1/pedv7s3pLQiqvNE7CDsRRTojKp9wRGmQruZ9qJscg93MirdkHYWOE5W0YdMhZ7jhAMuQtn0nVJnMGmgM3FJrndxTdR3H+xPlFI8AitpQwhh2sxQij6a+6JnFFckPjWtcKpGUIiGK+9+TlL6TDVOKim8To0BSdT2hyq2DQ8pmNDokQAe/RbGdKWo4DukQiRsL2FLQRQMv1f15ajleeqXVK5keqjdxuCTumVeGEkICRbfhBKhFjAomYKvR7qNmViaGTZap/GH2Knjg0+CdeX/SIde4ggZubGJI7842Vc+ee5pCu4QoJTFog9IOpkd+3XvDh/Jj74ktv3uSibIiV1ZhtP+togIWf4x45jBEkrD5C8ZeO+5pNmLFxhlhl7y83dPNnAj0Yg2QasBW3t9Hd3twjTReDXnyA0LXYDrCA14N6SQJnMxBypvqAdX7IFUEqIz2+of2BrqdMgykL24Z2YxkSun8ySQJHLfVCfmRdkwNdYFfZ2Aq2ATFFVFoQ2vG4NoBLIJzFF2WWuQ2VNqh+fVxvbM+rQACF3IZ6J+E/g2pp2ylfp6zPjtDfVYe+OjOJDsDKJNiJBwZQYDzlyRs4fRk/R95MKqO6nJc8dLJZGCJnKF2g9Q+kUAALHkes8amNkmXE0V8nyrVMCKIucv4QnO4gmSFXCdlY2VwDgt4F67fbxPTefTK6DL4WWaJLsgKf+m+XJ5gTMvBoeMi7oXZ/wCkHPx5d0x8LQ1CBJgkns0BdHtXNaBufXi7dEOHLoSQHsAVixETBX3Zj5qdNpzPOrDGz1MWe+Hyrym6FH7soKY7wMva5Gafq/fAhtCRWvqCsbqaI/lefpS2FefBOHhbtE6yOYTFmNUazcF6kTDKDAvNzq6+uMNgP/6Bjlsn1BfpqJ8OazgV1MaAmT01c8dB0Ff7Sn8N/MzjOxiHiv3iJq1ECGwwqoe3VrsgMHjcANR8MNmkG4X27ggeSJBgh5Xic7MVIwDFmPfz+zPfpTwx7H8dRXbqwDC1BSY6vlfDpoGgTDjT/9E967fCH9xx4Rd7+gIvvRoER
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643405",
"to_ids": true,
"type": "malware-sample",
"uuid": "599fc70d-0fc8-4047-83d1-4187950d210f",
"value": "HygHGF|5e8a183a5fe1b0b36eaf6a7a10b30fa5"
},
{
"category": "Payload delivery",
"comment": "stage 2 - Locky",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643405",
"to_ids": true,
"type": "filename|sha1",
"uuid": "599fc70d-9f98-43b0-a85d-4f79950d210f",
"value": "HygHGF|9d23067187d8e40380580db7c3c64e9e8ba14fd0"
},
{
"category": "Payload delivery",
"comment": "stage 2 - Locky",
"deleted": false,
"disable_correlation": false,
"timestamp": "1503643405",
"to_ids": true,
"type": "filename|sha256",
"uuid": "599fc70d-e998-494a-ac4b-4b11950d210f",
"value": "HygHGF|abacabfc7c6550bd8594fd0b758c3f890a01212fcc23d3a04b04f761684cc86e"
}
]
}
}