misp-circl-feed/feeds/circl/misp/34493f6d-9441-45df-9cb4-4de473709081.json

2499 lines
924 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2022-06-30",
"extends_uuid": "",
"info": "#StopRansomware: MedusaLocker",
"publish_timestamp": "1666694899",
"published": true,
"threat_level_id": "1",
"timestamp": "1657009711",
"uuid": "34493f6d-9441-45df-9cb4-4de473709081",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Safe Mode Boot - T1562.009\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\""
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#000000",
"name": "dnc:malware-type=\"Ransomware\""
},
{
"colour": "#39b300",
"name": "enisa:nefarious-activity-abuse=\"ransomware\""
},
{
"colour": "#006c6c",
"name": "ecsirt:malicious-code=\"ransomware\""
},
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
},
{
"colour": "#00acd1",
"name": "veris:action:malware:variety=\"Ransomware\""
},
{
"colour": "#000000",
"name": "Ransomware"
},
{
"colour": "#420053",
"name": "ms-caro-malware:malware-type=\"Ransom\""
},
{
"colour": "#001739",
"name": "ms-caro-malware-full:malware-type=\"Ransom\""
},
{
"colour": "#1f2325",
"name": "Intel 471:GIR=\"1.2.2 - Ransomware-as-a-Service (RaaS)\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:malpedia=\"MedusaLocker\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"MedusaLocker\""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "c98115ff-fa16-480b-aab5-94f7cd6feff6",
"value": "willyhill1960@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "33ed009d-9cb3-4b98-bb68-7976b1df1536",
"value": "unlockfile@cock.li"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "53d9f2be-dbfa-419c-a553-b80006c9cd7d",
"value": "zlo@keem.ne"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "4961d7c9-4669-4556-afad-396a98d1af0e",
"value": "unlockmeplease@airmail.cc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "4ab3b41b-4f44-40b3-b84c-c48bbadd4903",
"value": "zlo@keemail.me"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "ad855082-779a-4638-8cf9-724471b140ed",
"value": "unlockmeplease@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "6a6f0613-1284-4db4-bf63-353ff8bbeb15",
"value": "zlo@tfwno.gf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "5c19f454-be75-4f6f-874d-edc17931b5c5",
"value": "willyhill1960@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "bb793a7e-dc86-432b-9e98-145fff226ad9",
"value": "support@ypsotecs.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "a1f968f7-e29a-4b36-86fd-3740c71db919",
"value": "support@imfoodst.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680987",
"to_ids": true,
"type": "email-src",
"uuid": "bdb9b095-3dee-441f-bd0a-2bb8555b8f4f",
"value": "traceytevin@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "0c778edb-d952-4e48-a55a-049893447286",
"value": "support@itwgset.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "0d39bcfa-b8e0-4850-b77f-ca7836958da3",
"value": "unlock_file@aol.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "64359805-055e-470e-9c03-e00e5786bbe2",
"value": "support@novibmaker.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "d0dca853-a828-4480-bf23-24b96f2f90d2",
"value": "unlock_file@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "d3204522-0b24-452e-8a3a-439533c4db9b",
"value": "support@securycasts.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "ab44f789-8464-4a35-92c8-6714c5f7cd19",
"value": "support@exoprints.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "cd58ff7e-c862-4808-83f3-5d6f66d48e93",
"value": "rewmiller-1974@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "a2d7f1a4-b93b-4e3a-810a-21f3b47695be",
"value": "support@exorints.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "5c524b5d-f40b-4fb1-a603-cf0ee4fc9dd6",
"value": "rpd@keemail.me"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "5bb830fd-d9ad-4d2b-a926-e097275b1d70",
"value": "support@fanbridges.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "2c79df75-48ac-4995-86cf-46ca7d1d74c3",
"value": "soterissylla@wyseil.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "1c3de5f3-6aa7-4cf9-a930-3cb7eeee7add",
"value": "support@faneridges.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "7bfcf076-b946-4025-8d7f-632abcd6ed6c",
"value": "support@careersill.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "06e0d3f6-a98e-48ca-af2d-b75a662b3349",
"value": "perfection@bestkoronavirus.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "704c6093-9063-491f-b4b5-aeae05e0db73",
"value": "karloskolorado@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "17ba8ed1-7980-4102-9ba6-c655372e9dab",
"value": "pool1256@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "8c00e93e-a932-475c-a44b-671dce7e6b7d",
"value": "kevynchaz@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "d0dd0337-6aa7-4049-acd6-85ef3dcfb6ec",
"value": "rapid@aaathats3as.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "d4c83f23-97d1-469c-b1c6-562024839838",
"value": "korona@bestkoronavirus.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "44d6e0e5-0f3b-4a14-b540-d6f64d3d2647",
"value": "rescuer@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "15c2fcd2-629d-41b1-99c7-4245b238a1ba",
"value": "lockperfection@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "e4570362-af05-4e6d-8588-e7be5fc5e39b",
"value": "ithelp01@decorous.cyou"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "67af9843-261f-480e-8014-ac89ef9e07ed",
"value": "ithelp01@wholeness.business"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "5b9cfc17-f64b-4e34-bc44-1feb780276bf",
"value": "mulierfagus@rdhos.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "c5ea899f-5e09-41e1-aae2-c30d1a68fed9",
"value": "ithelp02@decorous.cyou"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "54c105da-bbcb-485a-95d1-9bf22d74be7a",
"value": "ithelp02@wholness.business"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "f6aafb4e-1942-465b-bf0e-51e714232845",
"value": "107btc@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "b35fe755-07e9-42d1-a946-26575f5e3e27",
"value": "ithelpresotre@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "3db0cf25-9be5-43c6-a306-22b3b6744d7a",
"value": "33btc@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "f1bf7d56-2167-492b-838d-6df4bd37e906",
"value": "cmd@jitjat.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "bb5a7749-c41f-44ad-b86f-fb383f010431",
"value": "777decoder777@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "5cbe5c53-c6f0-436a-ad95-528db471c389",
"value": "coronaviryz@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "98ecee0e-92b0-4a74-a866-4a74624c8c00",
"value": "777decoder777@tfwno.gf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "3a879352-8790-4003-b493-968e74eb192b",
"value": "dec_helper@dremno.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "45ce0956-c866-437e-916f-9ff4d2279c36",
"value": "andrewmiller-1974@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "60c94b70-6aea-4481-ab03-0610ff8c6725",
"value": "dec_helper@excic.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "ae497c03-1c0a-4b6d-a374-469598af2628",
"value": "angelomartin-1980@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "07cca850-556f-44c2-a350-0a5ed617f8df",
"value": "dec_restore@prontonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "bdb2556f-698d-481c-a3a9-9acd3f929ff9",
"value": "ballioverus@quocor.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "41558b31-6d45-4343-9ee4-9f6d034c7e52",
"value": "dec_restore1@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "0a7f65fc-36c3-4d97-ab82-0c4122e3e849",
"value": "beacon@jitjat.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "7b4d8106-1954-45a0-9d7d-02d3d7d32eac",
"value": "bitcoin@sitesoutheat.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "79a0d62d-8b08-4744-8bf9-173c0dc8d2b7",
"value": "beacon@msgsafe.io"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "712dfb1a-88d1-483b-ad51-e37944f05b25",
"value": "briansalgado@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "22e9b19d-eb86-4191-9466-326966fc4ea1",
"value": "best666decoder@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "345b4871-3ac0-4200-ae81-37aa75fce5a8",
"value": "bugervongir@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "ff5b02aa-05b5-4c9d-9234-3b6aedb45993",
"value": "bitcoin@mobtouches.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "06708900-d105-4965-b3b1-2fde8eb7c00a",
"value": "best666decoder@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "adad2178-b001-41c7-9d8d-665338466ba1",
"value": "encrypt2020@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "e3f397f9-cf27-4506-a0b9-e2825170001e",
"value": "decoder83540@cock.li"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "134be71f-e062-4f19-9763-0aad30721923",
"value": "fast-help@inbox.lv"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "0a7b100d-0abc-4101-a889-d3c96f296aa2",
"value": "decra2019@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "1eb5f7c3-c0de-440e-af42-a233a729b2dd",
"value": "fuc_ktheworld1448@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "bfd0d9d5-aa65-43b8-b9d5-131182ae9b72",
"value": "diniaminius@winrof.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "e3376d83-4f5a-4554-8e11-aa23fcdf7b1a",
"value": "fucktheworld1448@cock.li"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "58c9bf08-3713-4cb5-8b83-8a779c21798a",
"value": "dirhelp@keemail.me"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "888a0a2c-88dd-4b4b-a81e-8a13bb55924a",
"value": "gartaganisstuffback@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "479e8bcd-e531-4f93-9848-527e2d5daff2",
"value": "emaila.elaich@iav.ac.ma"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "693aadcb-a601-461e-b510-614b25c68101",
"value": "gavingonzalez@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "67c75f8e-5402-4265-9ff5-511f04bb7663",
"value": "emd@jitjat.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "12355d43-008c-4ad5-9fe3-f666f4c34e7e",
"value": "gsupp@onionmail.org"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "e86178a8-e72f-4972-b577-06dbb8756067",
"value": "encrypt2020@cock.li"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "68caeb24-1abb-4d17-af6c-d0d4fc357a14",
"value": "gsupp@techmail.info"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "f87c84d1-87de-4194-832e-59252c1b6aac",
"value": "helper@atacdi.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "cf5764cc-526c-4207-b635-c298ae5eb4dd",
"value": "ithelp@decorous.cyou"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "8899c0bb-f1c4-4274-ac97-bc2090888e04",
"value": "helper@buildingwin.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "cf93afb2-47e5-42f2-a742-c937e7976be9",
"value": "ithelp@decorous.cyoum"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "e96cd637-d225-4f31-ae55-0fd7ebf72387",
"value": "helprestore@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "08716e06-ac1d-4fdd-9467-651e84a3e6a8",
"value": "ithelp@wholeness.business"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656680988",
"to_ids": true,
"type": "email-src",
"uuid": "ba7f7120-15c8-47ba-965d-c24de237596c",
"value": "helptorestore@outlook.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656682727",
"to_ids": true,
"type": "email-src",
"uuid": "21472250-40cb-4032-8146-89498d1f1473",
"value": "rescuer@cock.li"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "a611936d-86f2-4c43-893b-cef4def6ed68",
"value": "how_to_ recover_data.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "612490f6-c0cb-4b85-8418-a7d2695a2e25",
"value": "how_to_recover_data.html.marlock01"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "e5bf00f7-cde5-4771-8d9c-c60145e29d4a",
"value": "instructions.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "d90bafeb-fcb8-49c0-99d7-8d9ca4b82d6e",
"value": "READINSTRUCTION.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "7ab046c6-1467-4888-85d8-5b9fa65fabdb",
"value": "!!!HOW_TO_DECRYPT!!!"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "7762779d-92af-4997-aabc-e3d4d53ae21b",
"value": "How_to_recovery.txt"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "d0b6e769-9762-4dde-8800-5ed9c85e0f7f",
"value": "readinstructions.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "6e8b7970-442d-41e0-a1b1-2b8fd9c3e32a",
"value": "readme_to_recover_files"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "e8c99bfb-e553-425a-9760-5fc0bb6c8e4f",
"value": "recovery_instructions.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "1e518ccc-1b05-47f0-ae03-f418f7808e4b",
"value": "HOW_TO_RECOVER_DATA.html"
},
{
"category": "Payload delivery",
"comment": "Ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656939787",
"to_ids": false,
"type": "filename",
"uuid": "7b4397f5-4169-40e2-bebd-b075e1314c68",
"value": "recovery_instruction.html"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "6cf5fc69-f09f-45c6-908b-fe9dc78dbaaf",
"value": "14oxnsSc1LZ5M2cPZeQ9rFnXqEvPCnZikc"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "e03b46ad-ad4b-4610-a73c-51243858e0d6",
"value": "1DRxUFhvJjGUdojCzMWSLmwx7Qxn79XbJq"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "75f8faf6-f1b1-4fd3-b365-0a07396f9fcb",
"value": "18wRbb94CjyTGkUp32ZM7krCYCB9MXUq42"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "21d949a7-ce94-481f-bf25-9577e78eb5f2",
"value": "1AbRxRfP6yHePpi7jmDZkS4Mfpm1ZiatH5"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "1dfdd7c2-8484-4072-b350-db4a02947152",
"value": "1Edcufenw1BB4ni9UadJpQh9LVx9JGtKpP"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "afea7ac1-28ec-4b95-908c-91088400557b",
"value": "1DyMbw6R9PbJqfUSDcK5729xQ57yJrE8BC"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "dabd44a8-95a9-4d94-8d1d-18dc4a8ba58a",
"value": "184ZcAoxkvimvVZaj8jZFujC7EwR3BKWvf"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "296f5194-d6b7-4026-a431-c804532fce0e",
"value": "14oH2h12LvQ7BYBufcrY5vfKoCq2hTPoev"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "dd719fdd-1c43-4b28-aefe-c00da93ae6af",
"value": "bc1qy34v0zv6wu0cugea5xjlxagsfwgunwkzc0xcjj"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "53346bef-c79c-42c5-8b8e-7af05f2e0506",
"value": "bc1q9jg45a039tn83jk2vhdpranty2y8tnpnrk9k5q"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "43e5bd1f-437b-46e0-9599-b67e34fd9249",
"value": "bc1qz3lmcw4k58n79wpzm550r5pkzxc2h8rwmmu6xm"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "fd604bdb-98bb-464e-80fc-8a2b9b7cca62",
"value": "1AereQUh8yjNPs9Wzeg1Le47dsqC8NNaNM"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "7af3cba0-fdf2-4ca9-981e-d5fdccafcaaa",
"value": "1DeNHM2eTqHp5AszTsUiS4WDHWkGc5UxHf"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "aadf4226-5cac-4d18-a705-36d48bd5dbcb",
"value": "1HEDP3c3zPwiqUaYuWZ8gBFdAQQSa6sMGw"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "756ac5e4-684c-4861-aaf3-65aa27e8755a",
"value": "1HdgQM9bjX7u7vWJnfErY4MWGBQJi5mVWV"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "1f979729-5e8f-467c-9998-4e7e2a550ab2",
"value": "1nycdn9ebxht4tpspu4ehpjz9ghxlzipll"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "b65ba82b-36f1-4237-b170-da9c50dee3dc",
"value": "12xd6KrWVtgHEJHKPEfXwMVWuFK4k1FCUF"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "bd73085f-9605-4a38-b447-f34e04b8372a",
"value": "1HZHhdJ6VdwBLCFhdu7kDVZN9pb3BWeUED"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "266f4b5e-1ab7-486d-8296-fca9d7d176a5",
"value": "1PormUgPR72yv2FRKSVY27U4ekWMKobWjg"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "381bb06f-04f0-42f9-8284-60e9ba61da6f",
"value": "14cATAzXwD7CQf35n8Ea5pKJPfhM6jEHak"
},
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1656941038",
"to_ids": true,
"type": "btc",
"uuid": "3ab44efb-7487-4b85-833f-41e7351e03e1",
"value": "1PopeZ4LNLanisswLndAJB1QntTF8hpLsD"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "fd141de6-e44b-426b-96f4-41b9099981b3",
"value": "http://gvlay6u4g53rxdi5.onion/6-iSm1B1Ehljh8HYuXGym4Xyu1WdwsR2Av-6tXiw1BImsqoLh7pd207Rl6XYoln7sId"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "b10225b9-1578-47e8-81f1-b80bfe381eaa",
"value": "http://gvlay6u4g53rxdi5.onion/8-grp514hncgblilsjtd32hg6jtbyhlocr5pqjswxfgf2oragnl3pqno6fkqcimqin"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "df2dd421-1329-4b7e-b9de-93eb6b2b3c2b",
"value": "http://gvlay6y4g53rxdi5.onion/21-8P4ZLCsMETPaLw9MkSlXJsNZWdHe0rxjt-XmBgZLWlm5ULGFCOJFuVdEymmxysofwu"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "c83df49e-e37b-4e6a-9951-19fc4c17c638",
"value": "http://gvlay6u4g53rxdi5.onion/2l-8P4ZLCsMTPaLw9MkSlXJsNZWdHeOrxjtE9lck1MuXPYo29daQys6gomZZXUImN7Z"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "1fdbb119-e0d0-48f4-9c59-93f8297a4910",
"value": "http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-DcaE9HeHywqSHvdcIwOndCS4PuWASX8g"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "ca361320-8559-48db-8036-c8cc508610e3",
"value": "http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-kB4rQXGKyxGiLyw7YDsMKSBjyfdwcyxo"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "a1540724-c8da-4131-b7a4-1995510c4c43",
"value": "http://gvlay6u4g53rxdi5.onion/21-8P4ZLCsMTPaLw9MkSlXJsNZWdHe0rxjt-bET6JbB9vEMZ7qYBPqUMCxOQExFx4iOi"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "8a803583-a6d1-434c-90f1-3ec952fe558e",
"value": "http://gvlay6u4g53rxdi5.onion/8-MO0Q7O97Hgxvm1YbD7OMnimImZJXEWaG-RbH4TvdwVTGQB3X6VOUOP3lgO6YOJEOW"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "9d36edd8-2236-4956-b553-e3950cbfa4a9",
"value": "http://gvlay6u4g53rxdi5.onion/8-gRp514hncgb1i1sjtD32hG6jTbUh1ocR-Uola2Fo30KTJvZX0otYZgTh5txmKwUNe"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "be9673eb-dc13-4edf-ab0f-96a64c73e118",
"value": "http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-OWQwD1w1Td7hY7IGUUjxmHMoFSQW6blg"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "bb17a48c-ce0a-4cdc-8e2b-009387b7add5",
"value": "http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-uGHwkkWCoUtBbZWN50sSS4Ds8RABkrKy"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "5ff5592b-4f1d-4245-8ec7-af0ea19d683c",
"value": "http://gvlay6u4g53rxdi5.onion/21-E6UQFCEuCn4KvtAh4TonRTpyHqFo6F6L-Tj3PRnQlpHc9OftRVDGAWUulvE80yZbc"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "c672869e-486b-40ae-996e-8a1bf986b776",
"value": "http://gvlay6u4g53rxdi5.onion/8-Ww5sCBhsL8eM4PeAgsfgfa9lrqa81r31-tDQRZCAUe4164X532j9Ky16IBN9StWTH"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "a9e0fda9-1e32-4cef-8b3d-466d51654a15",
"value": "http://gvlay6u4g53rxdi5.onion/21-wIq5kK9gGKiTmyups1U6fABj1VnXIYRB-I5xek6PG2EbWlPC7C1rXfsqJBlWlFFfY"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "domain",
"uuid": "254b2b47-8712-40df-b8ec-f6140f34d140",
"value": "qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion"
},
{
"category": "Network activity",
"comment": "TOR Addresses",
"deleted": false,
"disable_correlation": false,
"timestamp": "1657002132",
"to_ids": true,
"type": "url",
"uuid": "59178c14-47de-41bc-80e2-3797d651a49f",
"value": "http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onion/leakdata/paigesmusic-leakdata-closed-part1"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002472",
"uuid": "bde85597-f1de-410d-b8a7-271f8e0f4b89",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002472",
"to_ids": true,
"type": "ip-dst",
"uuid": "29a9d2ac-2876-414c-aff6-5e3077f66e5c",
"value": "195.123.246.138"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002472",
"to_ids": false,
"type": "datetime",
"uuid": "162128e2-4fc3-4b9b-a522-380fccea3210",
"value": "2021-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002499",
"uuid": "3cbfada9-55da-4fe9-8acf-7987b0ae934f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002499",
"to_ids": true,
"type": "ip-dst",
"uuid": "3d891026-590c-48dc-a4df-7b5398e8b0e2",
"value": "138.124.186.221"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002499",
"to_ids": false,
"type": "datetime",
"uuid": "174ea217-04c2-4368-b503-53f87bdbeccc",
"value": "2021-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002538",
"uuid": "34704201-a988-4218-979a-0311b49efe49",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002538",
"to_ids": true,
"type": "ip-dst",
"uuid": "ec6825d1-6533-4a34-94ed-2efe868829a9",
"value": "159.223.0.9"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002538",
"to_ids": false,
"type": "datetime",
"uuid": "b33451ac-3010-46bd-8e22-05de11bde376",
"value": "2021-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002605",
"uuid": "0f267df7-a56e-48cb-959e-48e18538a218",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002605",
"to_ids": true,
"type": "ip-dst",
"uuid": "ac844b7a-4d71-47c0-b6c2-c243081ebc5c",
"value": "45.146.164.141"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002605",
"to_ids": false,
"type": "datetime",
"uuid": "40147337-d8c4-4aa0-962e-2a94e5bb4cc1",
"value": "2021-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002667",
"uuid": "0cbf72ae-eb07-4fda-ace9-1ce40c9d89a8",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002667",
"to_ids": true,
"type": "ip-dst",
"uuid": "ea908c2f-d8bc-4772-b57c-2dd536b767d5",
"value": "185.220.101.35"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002667",
"to_ids": false,
"type": "datetime",
"uuid": "c8b5a35b-23a9-427a-9ff2-c3c444c65def",
"value": "2021-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002694",
"uuid": "9d61fa66-4dce-4cf0-9ac7-689385585954",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002694",
"to_ids": true,
"type": "ip-dst",
"uuid": "84a0a97e-8dc2-4999-91f1-7c28c3e7e61b",
"value": "185.220.100.249"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002694",
"to_ids": false,
"type": "datetime",
"uuid": "b00955b1-7bf9-4bc4-a73e-38a973beb01e",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002712",
"uuid": "991ea7de-2222-4272-a317-e97ad6bd13fb",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002712",
"to_ids": true,
"type": "ip-dst",
"uuid": "f0803210-f7aa-4c39-8273-f25b2b6c0210",
"value": "50.80.219.149"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002712",
"to_ids": false,
"type": "datetime",
"uuid": "0900fd2a-e8f2-424d-a3d0-984ebbe6e994",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002737",
"uuid": "6bcc63cf-e0df-45f9-a1f0-5c94f2ad6c2b",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002737",
"to_ids": true,
"type": "ip-dst",
"uuid": "9a1c3347-381e-45ff-94b1-ea52c5b55c7e",
"value": "185.220.101.146"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002737",
"to_ids": false,
"type": "datetime",
"uuid": "cd38065d-4481-450c-8c28-733350dc002f",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002759",
"uuid": "b5d96350-0cf6-48a5-8ef0-03d26303d1a6",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002759",
"to_ids": true,
"type": "ip-dst",
"uuid": "4be58ee1-b1ef-45fb-ba5f-e8c5c711a170",
"value": "185.220.101.252"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002759",
"to_ids": false,
"type": "datetime",
"uuid": "02383919-6187-4cb6-aa6a-9c70fa105aeb",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002776",
"uuid": "02ac26a2-5aea-491b-8344-7abc13dec002",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002777",
"to_ids": true,
"type": "ip-dst",
"uuid": "32d2c5c8-cac7-41fc-a67d-8b317c92b55e",
"value": "179.60.150.97"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002777",
"to_ids": false,
"type": "datetime",
"uuid": "aa7eab91-a2c7-4bd8-8cea-7c8fa81c5a39",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002797",
"uuid": "56a00c45-d1bc-48e7-9c07-3ac05572a9fe",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002797",
"to_ids": true,
"type": "ip-dst",
"uuid": "7aa7bc6d-92f5-4b5e-962a-ab341034f5c9",
"value": "84.38.189.52"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002797",
"to_ids": false,
"type": "datetime",
"uuid": "77770af4-71bf-4274-a216-b80f21199d45",
"value": "2021-09-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002829",
"uuid": "455dca2e-ac35-4510-a2a0-676ef484e431",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002829",
"to_ids": true,
"type": "ip-dst",
"uuid": "e4c88d9c-bb5f-4b30-8c97-efe106f5913c",
"value": "94.232.43.63"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002829",
"to_ids": false,
"type": "datetime",
"uuid": "7e83fb94-0ea0-4089-9054-75d4f27ad20d",
"value": "2021-07-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002858",
"uuid": "5279ad55-77fe-4c42-a5db-25bfd83994fc",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002858",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a283f7c-ad60-4a82-8a35-272748a20dfb",
"value": "108.11.30.103"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002858",
"to_ids": false,
"type": "datetime",
"uuid": "f799e651-4208-432a-bb8c-089da52ef1aa",
"value": "2021-04-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002872",
"uuid": "86d04351-b977-4aca-b9c4-dabdae42c5aa",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002872",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a2d3dd8-b95a-44c3-b360-f139c49860c9",
"value": "194.61.55.94"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002872",
"to_ids": false,
"type": "datetime",
"uuid": "2747abf3-a1bf-432c-b5da-12234bb106b0",
"value": "2021-04-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002899",
"uuid": "e32c9026-d991-4161-9de8-d3f9b73fb0c4",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002899",
"to_ids": true,
"type": "ip-dst",
"uuid": "975ced96-da90-44cb-af2d-be1a2215490f",
"value": "198.50.233.202"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002899",
"to_ids": false,
"type": "datetime",
"uuid": "b91ec0a2-119e-464c-b34f-a7e83de23422",
"value": "2021-04-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002940",
"uuid": "9e1ac15c-56fe-49b3-b889-f69fea7a8096",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002940",
"to_ids": true,
"type": "ip-dst",
"uuid": "f61cc350-b251-4491-b014-de69c0a990da",
"value": "40.92.90.105"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002940",
"to_ids": false,
"type": "datetime",
"uuid": "fb03ffc7-7c52-49df-a096-c43a041fe4b0",
"value": "2021-01-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002977",
"uuid": "15bb11c8-7ef2-4207-a542-7777bc2cb09f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002977",
"to_ids": true,
"type": "ip-dst",
"uuid": "f5788e36-4979-47de-9394-4b2492604750",
"value": "188.68.216.23"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002977",
"to_ids": false,
"type": "datetime",
"uuid": "baa72145-7fbb-411b-8b90-f3630125b290",
"value": "2020-12-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657002996",
"uuid": "9d3ce22e-70a1-4298-a721-3de55bb33f03",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657002996",
"to_ids": true,
"type": "ip-dst",
"uuid": "945c30ee-49ff-4c0d-9cd3-c6701ae00f41",
"value": "87.251.75.71"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657002996",
"to_ids": false,
"type": "datetime",
"uuid": "22092cfd-4e04-4128-9be5-11cc535e8b2c",
"value": "2020-12-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003029",
"uuid": "4cdd7f32-7a9a-4e59-9378-1a6f044522a3",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003029",
"to_ids": true,
"type": "ip-dst",
"uuid": "eabe43c6-a0b5-4062-bec2-f92f4d1c4901",
"value": "196.240.57.20"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003029",
"to_ids": false,
"type": "datetime",
"uuid": "fae87ca6-e96c-4876-8c41-fea355ce269f",
"value": "2020-10-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003047",
"uuid": "118a311b-d391-4e9f-8f56-8e5a44895306",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003047",
"to_ids": true,
"type": "ip-dst",
"uuid": "8fd2684e-a2cf-415f-b305-eb57dd8358ed",
"value": "198.0.198.5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003047",
"to_ids": false,
"type": "datetime",
"uuid": "0c72e650-efab-4e3e-81bb-82098bdbd993",
"value": "2020-08-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003368",
"uuid": "688cdd57-4ca8-4835-b385-88b788473014",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003368",
"to_ids": true,
"type": "ip-dst",
"uuid": "8495a1b3-74b6-4bd2-b61a-f35820ac6e4a",
"value": "194.5.220.122"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003368",
"to_ids": false,
"type": "datetime",
"uuid": "41b7fc50-bb35-4a77-b94d-c4d13a341e86",
"value": "2020-03-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003492",
"uuid": "506c144c-3b58-4e70-9a9d-a25791af430c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003492",
"to_ids": true,
"type": "ip-dst",
"uuid": "ed97b544-d1e8-4219-af98-0a1c1ca7c2fb",
"value": "194.5.250.124"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003492",
"to_ids": false,
"type": "datetime",
"uuid": "7c37eb20-5291-4cf7-9848-9de914bb68c4",
"value": "2020-03-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003508",
"uuid": "f866c7ec-03de-4b97-b15f-541e480e9372",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003508",
"to_ids": true,
"type": "ip-dst",
"uuid": "5c5cf34d-2982-4386-baff-6594fa504c84",
"value": "194.5.220.124"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003508",
"to_ids": false,
"type": "datetime",
"uuid": "80421b11-16d7-4e49-a889-e0eea044cd42",
"value": "2020-03-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "A domain/hostname and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
"template_version": "10",
"timestamp": "1657003702",
"uuid": "62183cf6-8688-4102-bfa8-eaa7d4aa611c",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1657003702",
"to_ids": true,
"type": "ip-dst",
"uuid": "4691e8e4-95be-4fae-ba5c-562088c7c687",
"value": "104.210.72.161"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "last-seen",
"timestamp": "1657003702",
"to_ids": false,
"type": "datetime",
"uuid": "c7577228-a23b-4610-8dc5-5214d335f7b6",
"value": "2019-11-01T00:00:00+00:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Metadata used to generate an executive level report",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "5",
"timestamp": "1657009711",
"uuid": "79844e5f-4db1-493a-a006-20e5e4309117",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1657009711",
"to_ids": false,
"type": "link",
"uuid": "a6d6f274-c7e0-4fb8-8c84-e8e66680a338",
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-181a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1657009711",
"to_ids": false,
"type": "link",
"uuid": "3eceb8cf-bd52-4c01-a95f-5c1e60e75b35",
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/AA22-181A_stopransomware_medusalocker.pdf"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "summary",
"timestamp": "1657009711",
"to_ids": false,
"type": "text",
"uuid": "c4ccb926-906e-41ff-8588-f4380fde0638",
"value": "The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims\u2019 networks. The MedusaLocker actors encrypt the victim's data and leave a ransom note with communication instructions in every folder containing an encrypted file. The note directs victims to provide ransomware payments to a specific Bitcoin wallet address. MedusaLocker appears to operate as a Ransomware-as-a-Service (RaaS) model based on the observed split of ransom payments. Typical RaaS models involve the ransomware developer and various affiliates that deploy the ransomware on victim systems. MedusaLocker ransomware payments appear to be consistently split between the affiliate, who receives 55 to 60 percent of the ransom; and the developer, who receives the remainder."
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1657009711",
"to_ids": false,
"type": "text",
"uuid": "81705f55-816b-4006-92c5-fb40d55adeb6",
"value": "Alert"
},
{
"category": "External analysis",
"comment": "",
"data": "JVBERi0xLjYNJeLjz9MNCjE1NTAgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgNjQ4NzgzL08gMTU1Mi9FIDQwNTY4MC9OIDExL1QgNjQ4MjI1L0ggWyA1ODggNDM2XT4+DWVuZG9iag0gICAgICAgICAgDQoxNTkwIDAgb2JqDTw8L0RlY29kZVBhcm1zPDwvQ29sdW1ucyA1L1ByZWRpY3RvciAxMj4+L0ZpbHRlci9GbGF0ZURlY29kZS9JRFs8MkZBM0YzNUU0QzU3M0M0QThCOENFRDMxNjRFRjY3NTI+PDI4NjU4QzBBNzg4OUJDNDZBQUMzNTZGNzFFQkY2NjMyPl0vSW5kZXhbMTU1MCA3Ml0vSW5mbyAxNTQ5IDAgUi9MZW5ndGggMTc0L1ByZXYgNjQ4MjI2L1Jvb3QgMTU1MSAwIFIvU2l6ZSAxNjIyL1R5cGUvWFJlZi9XWzEgMyAxXT4+c3RyZWFtDQpo3mJiZGAQYGBiYGD5ACIZVoFIJkkQyZEBZuuCySYQyToLrNIdLPISTD4Fi8iD2V0gknERWOUEsLgTmBQHi+uBxWVApPUKEMnsAhYPA5H8n4Ek4+ZMEDt3KYhUUgKRqlkg8dT/ILbeDxDp+wRsVyGIlO0Hs3OBJJOCIojNlQwis4RBZHokWEQCZELKchCbOx5I/p7rwcDEyMA2F+xfBsYhQ/5n+GP9GCDAABqWHOANCmVuZHN0cmVhbQ1lbmRvYmoNc3RhcnR4cmVmDQowDQolJUVPRg0KICAgICAgIA0KMTYyMSAwIG9iag08PC9DIDQwNi9GaWx0ZXIvRmxhdGVEZWNvZGUvSSA0MjgvTGVuZ3RoIDM0MC9PIDM5MC9TIDI3Nj4+c3RyZWFtDQpo3mJgYGACom8MbAwMQtsYhBkQQJiBFSjKwsAxIQDE5TE4cFiLiVeDsanBbgLvBkYboBjjbbb6A8+uGFY39IRNWaqd/IgBGQgck5l5TpNzkq9baGSBs0TRMke30BiBY3IpIqkBzhKVEwKnOvIkPgMKshi2z2SVDAGpBwqGAblqlVCGxcxnjipXUkMbeRLPqWhC2DMYmJTNKjo6OhoYGJXTQQwGBvYKIA9IMDCUIzPYykGSjGBS0L0CrEUUrAWPX4AcZQaOoLlAWg2INcCeCWMQZHjYeKTB6oHSASUF/iPMaoz9jE8afBk0G5wXyCfwszBuYD4mu5JhN1D7y6szZm60cZ6hKmIU0p3ROfGA4IaXJ1ji7Kdx8Zrcm9lw0MLNVSDA22SXwzTGubDAUmXgLDUEOQOIloNt5iy7AaT5GRhCdsCD1JyB80E4RBWTOECAAQCMInXcDQplbmRzdHJlYW0NZW5kb2JqDTE1NTEgMCBvYmoNPDwvTGFuZyj+/wBFAE4ALQBVAFMpL01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSA1MyAwIFIvT3V0bGluZXMgNzEgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VzIDE1NDYgMCBSL1N0cnVjdFRyZWVSb290IDg0IDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNMTU1MiAwIG9iag08PC9Bbm5vdHMgMTU5MSAwIFIvQ29udGVudHNbMTU1NiAwIFIgMTU1NyAwIFIgMTU2MCAwIFIgMTU2MyAwIFIgMTU2NCAwIFIgMTU2NSAwIFIgMTU2NyAwIFIgMTU2OSAwIFJdL0Nyb3BCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vR3JvdXAgMTYyMCAwIFIvTWVkaWFCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vUGFyZW50IDE1NDcgMCBSL1Jlc291cmNlczw8L0V4dEdTdGF0ZTw8L0dTMCAxNTk1IDAgUj4+L0ZvbnQ8PC9DMl8wIDE2MDAgMCBSL1RUMCAxNjAyIDAgUi9UVDEgMTYwNCAwIFIvVFQyIDE2MDYgMCBSL1RUMyAxNjA4IDAgUi9UVDQgMTYxMCAwIFIvVFQ1IDE2MTIgMCBSL1RUNiAxNjE0IDAgUi9UVDcgMTYxNiAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUNdL1hPYmplY3Q8PC9JbTAgMTU2OCAwIFIvSW0xIDE1ODIgMCBSL0ltMiAxNTg0IDAgUi9JbTMgMTU4NSAwIFIvSW00IDE1ODcgMCBSL0ltNSAxNTg5IDAgUj4+Pj4vUm90YXRlIDAvU3RydWN0UGFyZW50cyAwL1RhYnMvUy9UeXBlL1BhZ2U+Pg1lbmRvYmoNMTU1MyAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMjg3L0xlbmd0aCAxNzk2L04gMzAvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN60mW1T2zgQgP+KPsJ0iCVZr51O5pJQaOagtISWXpl8MIkBD0mcSUxb/v3tSrYTu3nv3XiMZWlXu5KeXcmBScsIJUxaTqTEZ0iYVlgQhFuDBUkEdyKKSOaaNJHKNRlimMCCJVZxwhSlxGpXYIRRY7EEryFnWIK+jVFYgs4Zl1iShKvQYEkRbozAkiYhs07OkFCErs6S0EisY5QIxkIsMSKkpFjiRBiG/UGDZOi3AsekUK5VEmmkxpIioOXkNFFCoFfMQMmiz8wSJUPUgPEqqRm5cxNDybWfmbwg8gK4nRfKGifcf/cuaHkb8Ba0e/Deg+vmdRoH7XQ2jGfBLaHNZv5yR0GO9oMPQTe4jgcZWJUN45wzDZwqDQ8DXsPTKtEPei/3GfZ1kUyefa+tySTNms3CsDnUsGYNZWCmuGjAxBMuZEPA4rJQNrjSO1i2B1oWXDbACpG8oa0xRIasIcOQqLChObdbLHd75CEazcHUZfAxnY2jUdABdxo0uPqUt1x9uiQs6LVINnuJg95lNH8G0Uns+3r/KzvvZVEWB4PI6aVTr+f6v0KXk8njUXcYT7Ikez0Gpx+TeTZ7PWoN0/v4GNybTkfxGJpxlOjTfIAvjFIZdLqnvRjKUlM3PZ1o+iFOHp8yoikNTmMvesI5Dc5G0eOciOAsnWTtdvoLJgrrCXPIQ2d913QWjZPR61HvdXyfjo59VTKKOdpgzgZWfYzGcXD76Z/33Ys3XvTyxjX0slmcDZ6KucKqW++QAIe6WTRKBq3J4ygmNOhl8fgr0dJPFIqiw7NkmqWz4Fs+Dkn9qNvRPEaR36ziFLzOoavu5CH1ycTNRPf0Jj3vnl5G06CY3OD0FkdKa7Z84kGlAgVQRhH0iy+8C27vGKd3EPr9frN557JUHpRrvfNLMIxgFqF57jMamno/GaRDWPnSuZMPpXm0SIOb9MskAaEYlJQfVOlKFQRBlxeeqcXCh1zmCx/yxcqfKCVdG+EwG66DyuK3ZklUX3teXfvO1/Obq+9vnOTBS2/M5qVntrr0NaPlFN4mk9ZknpTvZ8lsnnWeolkx6uW1xg0Eh3IR5TJMssXMQwg7l5YnH7avyuSDvWH2NL+D7IkZFPMNbHG4QkpBhoN9L4T8gje2oASWC2mU3OVe7h0vRmF7QQN4Q+Zyt3uH3UqDIL47A9Q7gp0YMOxkod7p5XKlXl62QpR9Y7037P/6oZWuUVpxsSyjdbixHZ9ouT4knAbXXuhBWec6xb3fhZaWJxuju78cHNaa7bFh1VJsSNhcXWzApmFRf2toqGponF91rnvXntITj/3eEXLCeB4jlu8XI6utHxoqYS1UhNkSKmJ9qFASQiR5mvy1KUxWrvY+IUErAUFLw0Uo0LWB8Lvh/xP+Q9Evp69f3QxYFXi5BLxWK4GHoyy2AfDWzel24k2V+M8Xre+dbzlz7XQ03JF6vZZ6BlvaXtivd2EH9KVZgb6soQ+pYyP62q5GvwC8evmV3612NY/Vv7RM1/5pDLrj4wBIgbecwRotUq1NjyUt1aMDN56W/Ogg1VZawi207M1JcX5gofpDSv4gNeoaH3zbKcJuSo2HxP4qclZnQFqysHwYKLSK/Ec3ZD+UWX6ifSwvDgtFTkTyipbiXuKv7EEv8md1x5ZiCUnwcwnJkK
"deleted": false,
"disable_correlation": false,
"object_relation": "report-file",
"timestamp": "1657009711",
"to_ids": false,
"type": "attachment",
"uuid": "0ea5c6a7-d215-4c63-b8cc-7dccfad867ea",
"value": "AA22-181A_stopransomware_medusalocker.pdf"
}
]
}
]
}
}