2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "1",
|
|
|
|
"date": "2017-09-28",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "M2M - Locky 2017-09-27 : Affid=3, offline, \".ykcol\" : \"Scanned image from MX-2600N\" - \"20170927_123456.7z\"",
|
|
|
|
"publish_timestamp": "1506690465",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"uuid": "59ccca18-b2fc-4249-8c20-49fd950d210f",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CIRCL",
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#ffffff",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:white",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#006c6c",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#0088cc",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "misp-galaxy:ransomware=\"Locky\"",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "59ccca19-e7bc-41aa-9755-4c55950d210f",
|
|
|
|
"value": "dd4d46b9612efc391469bba8553358b6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca19-27c0-4fc9-9f41-431c950d210f",
|
|
|
|
"value": "http://aeaccting.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca19-8a44-4121-add6-4253950d210f",
|
|
|
|
"value": "aeaccting.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "aeaccting.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1a-d7e4-49ed-acde-458f950d210f",
|
|
|
|
"value": "208.67.23.166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1a-a4ec-425d-ba06-4df4950d210f",
|
|
|
|
"value": "http://asecontrids.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1a-1acc-407f-9206-494e950d210f",
|
|
|
|
"value": "asecontrids.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "asecontrids.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1a-cebc-4657-8a62-4f08950d210f",
|
|
|
|
"value": "107.190.129.218"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1b-ea74-4440-948d-4571950d210f",
|
|
|
|
"value": "http://ashapeforlife.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1b-3d50-48a7-9547-4883950d210f",
|
|
|
|
"value": "ashapeforlife.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "ashapeforlife.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1b-6730-41ef-8202-4ae9950d210f",
|
|
|
|
"value": "198.46.85.238"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1b-0e20-4e60-bcc8-4415950d210f",
|
|
|
|
"value": "http://ashtontan.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1b-d1d4-4761-9bf5-4445950d210f",
|
|
|
|
"value": "ashtontan.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "ashtontan.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1c-9b44-45fc-a8f5-49c1950d210f",
|
|
|
|
"value": "103.6.198.208"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1c-0710-4e8f-b78c-4c92950d210f",
|
|
|
|
"value": "http://avsaroglubisiklet.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1c-97b8-4e9d-92da-4f34950d210f",
|
|
|
|
"value": "avsaroglubisiklet.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "avsaroglubisiklet.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1d-ea74-403f-b883-437f950d210f",
|
|
|
|
"value": "188.132.232.70"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1d-f3f8-4ee6-9cc2-4432950d210f",
|
|
|
|
"value": "http://bhs-news.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1d-9b40-453c-9325-4e49950d210f",
|
|
|
|
"value": "bhs-news.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "bhs-news.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1e-223c-4e44-b453-4943950d210f",
|
|
|
|
"value": "50.28.39.131"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1e-c54c-4133-9680-45cf950d210f",
|
|
|
|
"value": "http://borcom.de/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1e-4f58-45c4-9326-438d950d210f",
|
|
|
|
"value": "borcom.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "borcom.de",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1e-8be0-4430-86cb-4b8c950d210f",
|
|
|
|
"value": "83.220.144.30"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1e-ddd0-4582-a51b-4a5a950d210f",
|
|
|
|
"value": "http://bosphorustekneleri.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1f-44d4-48eb-9d44-4324950d210f",
|
|
|
|
"value": "bosphorustekneleri.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "bosphorustekneleri.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca1f-e198-4f18-87a8-4bd7950d210f",
|
|
|
|
"value": "209.140.18.67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca1f-45c8-44e2-8f41-47e5950d210f",
|
|
|
|
"value": "http://consultingfranquean.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca1f-4d24-4ef7-94c8-4335950d210f",
|
|
|
|
"value": "consultingfranquean.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "consultingfranquean.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca20-77bc-416e-b2fd-4d97950d210f",
|
|
|
|
"value": "151.80.184.39"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca20-212c-45c8-acb9-4700950d210f",
|
|
|
|
"value": "http://cortaestanciapolanco.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca20-8980-4ca3-bce4-45ca950d210f",
|
|
|
|
"value": "cortaestanciapolanco.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "cortaestanciapolanco.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca20-1994-481e-8e48-4aeb950d210f",
|
|
|
|
"value": "63.247.141.99"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca21-2844-410b-8bf2-407b950d210f",
|
|
|
|
"value": "http://crna-macka.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca21-e85c-492e-82c4-43e4950d210f",
|
|
|
|
"value": "crna-macka.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "crna-macka.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca21-cf98-48b4-8d2f-41e0950d210f",
|
|
|
|
"value": "212.72.103.166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca21-35c4-4dd1-a121-4e86950d210f",
|
|
|
|
"value": "http://dic-astra.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca22-9bcc-49b0-95df-47f2950d210f",
|
|
|
|
"value": "dic-astra.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "dic-astra.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca22-a5f0-4b5d-a304-4d8a950d210f",
|
|
|
|
"value": "138.201.161.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca22-c564-4462-b7f1-4373950d210f",
|
|
|
|
"value": "http://gug-gummi.com/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca22-eb8c-43f9-a006-475b950d210f",
|
|
|
|
"value": "gug-gummi.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "gug-gummi.com",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca23-21ac-4fc4-9b53-4120950d210f",
|
|
|
|
"value": "78.138.88.232"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca23-a6e8-4ebb-b50b-44e5950d210f",
|
|
|
|
"value": "http://poemsan.info/p66/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca23-09f8-4cfc-85f2-4103950d210f",
|
|
|
|
"value": "poemsan.info"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "url",
|
|
|
|
"uuid": "59ccca41-3204-4881-8aaa-4fab950d210f",
|
|
|
|
"value": "http://www.fasching-hallbergmoos.de/d8743fgh"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "hostname",
|
|
|
|
"uuid": "59ccca41-c0a4-4f8f-acc8-4136950d210f",
|
|
|
|
"value": "www.fasching-hallbergmoos.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "www.fasching-hallbergmoos.de",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "59ccca41-c174-40af-828b-4973950d210f",
|
|
|
|
"value": "78.138.88.40"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "59ccca48-59a0-42a3-b65a-4c1d02de0b81",
|
|
|
|
"value": "3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "59ccca48-578c-4e68-a971-4d7a02de0b81",
|
|
|
|
"value": "b83fa30809ca80e981546cf1bae8f3f9a9cca206"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690464",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59ccca48-de94-482b-9489-4baf02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506591639/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "- Xchecked via VT: dd4d46b9612efc391469bba8553358b6 - Xchecked via VT: 3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1506690465",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "59ce45a1-3ff8-4e6a-a052-79d102de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506685598/"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|