704 lines
21 KiB
JSON
704 lines
21 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "1",
|
||
|
"date": "2017-09-20",
|
||
|
"extends_uuid": "",
|
||
|
"info": "M2M - Locky 2017-09-19 : Affid=3, offline, \".ykcol\" : \"HERBALIFE Order Number: 6N01001234\" - \"6N01001234_1.7z\"",
|
||
|
"publish_timestamp": "1506339973",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1505998199",
|
||
|
"uuid": "59c28fd3-6c10-44dd-b40d-46f5950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#006c6c",
|
||
|
"name": "ecsirt:malicious-code=\"ransomware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:ransomware=\"Locky\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "59c28fd3-8ba4-43a7-9788-466a950d210f",
|
||
|
"value": "bab4aa0cb4904865dc247c8e78fd0eca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd4-bb34-41d4-8cad-4cb1950d210f",
|
||
|
"value": "http://arsmakina.org/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd4-41fc-4142-9754-43f9950d210f",
|
||
|
"value": "arsmakina.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "arsmakina.org",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd4-f6b4-41c8-8cb2-79d3950d210f",
|
||
|
"value": "77.245.149.146"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd5-fe78-47ad-b1bf-4bc5950d210f",
|
||
|
"value": "http://asiaresearchcenter.org/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd5-febc-402b-8871-4f83950d210f",
|
||
|
"value": "asiaresearchcenter.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "asiaresearchcenter.org",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd5-42dc-484a-81e5-792e950d210f",
|
||
|
"value": "68.168.111.133"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd6-59ac-4244-8684-44b9950d210f",
|
||
|
"value": "http://bnphealthcare.com/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd6-46bc-494d-a2aa-4156950d210f",
|
||
|
"value": "bnphealthcare.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "bnphealthcare.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd6-a4d4-442e-a8de-4425950d210f",
|
||
|
"value": "202.169.44.152"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd6-73ec-446f-b8f9-4d2b950d210f",
|
||
|
"value": "http://conxibit.com/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd6-ef6c-40ed-81df-4e5c950d210f",
|
||
|
"value": "conxibit.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "conxibit.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd8-a7dc-4549-a64e-4461950d210f",
|
||
|
"value": "175.107.146.17"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd8-6c4c-4811-a395-4ee8950d210f",
|
||
|
"value": "http://cxwebdesign.de/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd8-01e8-4676-b4d8-4147950d210f",
|
||
|
"value": "cxwebdesign.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "cxwebdesign.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd9-33b0-4265-9005-4016950d210f",
|
||
|
"value": "88.99.175.38"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd9-be7c-4cb1-be22-44b8950d210f",
|
||
|
"value": "http://diakoniestation-winnenden.de/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fd9-7124-4825-8594-79d3950d210f",
|
||
|
"value": "diakoniestation-winnenden.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "diakoniestation-winnenden.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fd9-ad38-4ab2-8311-43e5950d210f",
|
||
|
"value": "213.185.88.41"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fd9-cf9c-4fcb-adb9-4e96950d210f",
|
||
|
"value": "http://download.justowin.it/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fda-a638-4d40-b7e3-46fe950d210f",
|
||
|
"value": "download.justowin.it"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "download.justowin.it",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fda-8eb8-43be-b992-4087950d210f",
|
||
|
"value": "95.110.225.147"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fda-ebf4-4157-afbc-472e950d210f",
|
||
|
"value": "http://ecofloraholland.nl/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fda-16b8-4c50-9b74-4294950d210f",
|
||
|
"value": "ecofloraholland.nl"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "ecofloraholland.nl",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fda-c080-4286-b46d-4ea9950d210f",
|
||
|
"value": "195.160.216.10"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdb-37a8-47f5-b617-4306950d210f",
|
||
|
"value": "http://felixsolis.mobi/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdb-d628-4a04-8b8f-4ec3950d210f",
|
||
|
"value": "felixsolis.mobi"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "felixsolis.mobi",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fdb-f510-45c5-b667-47d8950d210f",
|
||
|
"value": "5.2.27.27"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdb-cecc-4077-aa9a-48dd950d210f",
|
||
|
"value": "http://foodbikers.ch/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdc-4dd8-47cb-8b8e-4096950d210f",
|
||
|
"value": "foodbikers.ch"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "foodbikers.ch",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fdc-ee24-4582-b8d6-41e4950d210f",
|
||
|
"value": "83.169.23.101"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdc-4a3c-442f-a1c9-4d9f950d210f",
|
||
|
"value": "http://g-peer.at/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdc-0a6c-4d38-afb5-4823950d210f",
|
||
|
"value": "g-peer.at"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "g-peer.at",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fdd-9334-4001-b567-400f950d210f",
|
||
|
"value": "217.172.186.114"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdd-4bcc-4cd8-8828-4bcb950d210f",
|
||
|
"value": "http://gui-design.de/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdd-5608-4b60-9b00-79d3950d210f",
|
||
|
"value": "gui-design.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "gui-design.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fde-27b4-4b97-816b-4465950d210f",
|
||
|
"value": "92.51.181.237"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fde-e510-434b-b2db-44e0950d210f",
|
||
|
"value": "http://highpressurewelding.co.uk/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fde-3ba8-4491-ac76-43b2950d210f",
|
||
|
"value": "highpressurewelding.co.uk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "highpressurewelding.co.uk",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fde-a200-4fb2-9abf-4c35950d210f",
|
||
|
"value": "91.192.195.51"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdf-db5c-497d-872a-4206950d210f",
|
||
|
"value": "http://housecafe-essen.de/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdf-f044-4445-98a4-4db9950d210f",
|
||
|
"value": "housecafe-essen.de"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "housecafe-essen.de",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fdf-766c-4c52-aaa1-482d950d210f",
|
||
|
"value": "178.77.96.238"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fdf-106c-435e-b859-4738950d210f",
|
||
|
"value": "http://isiquest1.com/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fdf-a3fc-4d7a-a25d-47bd950d210f",
|
||
|
"value": "isiquest1.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "isiquest1.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fe0-4f58-45dd-9831-47e3950d210f",
|
||
|
"value": "178.33.107.201"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fe0-1dac-430b-9928-43e9950d210f",
|
||
|
"value": "http://secureleads.com/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fe0-3b24-4da5-8804-4f60950d210f",
|
||
|
"value": "secureleads.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "secureleads.com",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fe1-7084-4a60-87c1-4997950d210f",
|
||
|
"value": "72.32.221.251"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fe1-a2e0-4973-9b30-4dff950d210f",
|
||
|
"value": "http://teracom.co.id/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fe1-94e8-462c-8c7a-414b950d210f",
|
||
|
"value": "teracom.co.id"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "teracom.co.id",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fe2-d2d0-48ef-bad8-4170950d210f",
|
||
|
"value": "202.169.44.149"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fe2-a7ec-4706-8796-4c56950d210f",
|
||
|
"value": "http://ycgrp.jp/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fe2-4760-4551-b578-4ba3950d210f",
|
||
|
"value": "ycgrp.jp"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "ycgrp.jp",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "59c28fe3-e500-4f9a-b3b6-49c8950d210f",
|
||
|
"value": "180.222.186.87"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "59c28fe3-bbd0-4544-9e02-4fa7950d210f",
|
||
|
"value": "http://zionbrand.su/p66/JGHldb03m"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fe4-461c-43e1-999a-49e2950d210f",
|
||
|
"value": "zionbrand.su"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998167",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "59c28fe4-0830-4425-afd3-4341950d210f",
|
||
|
"value": "hrbl.net"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "59c3b558-f720-4aee-b3c6-4d9902de0b81",
|
||
|
"value": "43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca"
|
||
|
},
|
||
|
{
|
||
|
"category": "Artifacts dropped",
|
||
|
"comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "59c3b558-c50c-4248-a6ff-4bdc02de0b81",
|
||
|
"value": "3a2cc64eb0060a0ba7251b723b33441431705d2d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1505998168",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "59c3b558-7b00-4f56-a40b-4c0202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca/analysis/1505860831/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|