418 lines
13 KiB
JSON
418 lines
13 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2018-01-18",
|
||
|
"extends_uuid": "",
|
||
|
"info": "M2M - GlobeImposter \"..doc\" 2018-01-12 : \"Unpaid invoice \" - \"1234567.7z\"",
|
||
|
"publish_timestamp": "1518771555",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1518231724",
|
||
|
"uuid": "5a607314-de88-4309-ba06-c4a9950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#3b0020",
|
||
|
"name": "workflow:todo=\"expansion\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516270357",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a607315-1518-4750-93c5-c1d6950d210f",
|
||
|
"value": "b0ee9dae7de7781ea809278c48c310a5"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185158",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a607317-d5b4-41bb-b89e-4bf7950d210f",
|
||
|
"value": "http://icilarache.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185159",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607318-0c48-44a7-91ba-4340950d210f",
|
||
|
"value": "icilarache.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "icilarache.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185159",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a60731a-e12c-4a7f-8e1f-4bf5950d210f",
|
||
|
"value": "199.188.200.144"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185159",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a60731c-d628-42ac-80d6-c707950d210f",
|
||
|
"value": "http://jcvitalis.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185160",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a60731d-54d4-4649-94e7-c378950d210f",
|
||
|
"value": "jcvitalis.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "jcvitalis.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185160",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a60731f-5f48-4064-838c-4a0a950d210f",
|
||
|
"value": "199.188.200.146"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185160",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a607321-b908-4031-9883-4b64950d210f",
|
||
|
"value": "http://lasercutlawncare.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185161",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607322-6f08-4e18-9206-4cc1950d210f",
|
||
|
"value": "lasercutlawncare.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "lasercutlawncare.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185161",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a607324-92ac-4876-921c-c458950d210f",
|
||
|
"value": "198.54.116.65"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185162",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a607325-5a28-4f1e-97a8-c378950d210f",
|
||
|
"value": "http://loquiereslotienesya.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185162",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607328-9b30-44a7-bd51-4831950d210f",
|
||
|
"value": "loquiereslotienesya.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "loquiereslotienesya.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185162",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a607329-7b04-4a45-9577-423f950d210f",
|
||
|
"value": "198.54.114.136"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185163",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a60732b-0880-4864-b32f-23ef950d210f",
|
||
|
"value": "http://mikeylinehan.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185163",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a60732c-4708-4227-afea-c458950d210f",
|
||
|
"value": "mikeylinehan.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "mikeylinehan.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185164",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a60732e-631c-4b77-b1de-c19a950d210f",
|
||
|
"value": "199.188.200.96"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185164",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a60732f-db14-4989-9751-2374950d210f",
|
||
|
"value": "http://nwfpakistan.com/kjdfhg874"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185164",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607332-97f8-4dba-83a1-40b6950d210f",
|
||
|
"value": "nwfpakistan.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "nwfpakistan.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185165",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a607333-8a2c-4f06-8fac-2374950d210f",
|
||
|
"value": "199.188.200.149"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185165",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a607335-fed4-49e2-9ba2-4bab950d210f",
|
||
|
"value": "https://topyzscsu5poprxy.onion.link/shfgealjh.php"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185166",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607337-cd64-4559-ac36-c19a950d210f",
|
||
|
"value": "topyzscsu5poprxy.onion.link"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "topyzscsu5poprxy.onion.link",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185166",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a60733a-86fc-40bc-bdb3-4a47950d210f",
|
||
|
"value": "103.198.0.2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185166",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5a60733e-6e5c-4412-a178-23ef950d210f",
|
||
|
"value": "http://psoeiras.net/js/count.php?nu=105&fb=110"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "5a607341-4fe0-4787-91c9-2374950d210f",
|
||
|
"value": "psoeiras.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "psoeiras.net",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1518185167",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a607344-2af4-489e-acc7-c458950d210f",
|
||
|
"value": "74.220.219.67"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "File object describing a file with meta-information",
|
||
|
"meta-category": "file",
|
||
|
"name": "file",
|
||
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||
|
"template_version": "7",
|
||
|
"timestamp": "1518185170",
|
||
|
"uuid": "bdc7129f-87b1-4e53-bbd4-1d6a7e5925ca",
|
||
|
"ObjectReference": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"object_uuid": "bdc7129f-87b1-4e53-bbd4-1d6a7e5925ca",
|
||
|
"referenced_uuid": "fc74519e-6797-4d09-93bb-7a68e74f5bd6",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"timestamp": "1518771555",
|
||
|
"uuid": "5a7daad3-84fc-48f0-b391-575d02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha1",
|
||
|
"timestamp": "1518185168",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5a7daad0-a26c-462c-b64d-575d02de0b81",
|
||
|
"value": "28be65219441d78399027aa42c9cc7456ee67130"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "sha256",
|
||
|
"timestamp": "1518185168",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5a7daad0-8098-4265-bc0e-575d02de0b81",
|
||
|
"value": "c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "md5",
|
||
|
"timestamp": "1518185169",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5a7daad1-e3d8-446b-9b9a-575d02de0b81",
|
||
|
"value": "b0ee9dae7de7781ea809278c48c310a5"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "VirusTotal report",
|
||
|
"meta-category": "misc",
|
||
|
"name": "virustotal-report",
|
||
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1518185169",
|
||
|
"uuid": "fc74519e-6797-4d09-93bb-7a68e74f5bd6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "permalink",
|
||
|
"timestamp": "1518185169",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a7daad1-ef50-4bbd-a1be-575d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8/analysis/1517873959/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "detection-ratio",
|
||
|
"timestamp": "1518185170",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5a7daad2-1dec-40ce-9e49-575d02de0b81",
|
||
|
"value": "53/67"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "last-submission",
|
||
|
"timestamp": "1518185170",
|
||
|
"to_ids": false,
|
||
|
"type": "datetime",
|
||
|
"uuid": "5a7daad2-a578-4c03-a376-575d02de0b81",
|
||
|
"value": "2018-02-05T23:39:19"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|