misp-circl-feed/feeds/circl/misp/59f07791-b430-4a85-97c8-452d950d210f.json

{"Event": {"info": "M2M -  Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-25\n : \"Invoice AZ123456\" - \"AZ123456.doc\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Trick Bot\""}], "publish_timestamp": "0", "timestamp": "1508934509", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "59f07792-fe9c-4c9f-b4e9-4b6c950d210f", "timestamp": "1508934502", "to_ids": true, "value": "2119cd6480863198437c021b8b3e6339", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59f07792-3a08-4ee0-ac9f-42cf950d210f", "timestamp": "1508934502", "to_ids": true, "value": "4bbfcc1fc86790fb51917c49ff35925c", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59f07792-bf10-498b-9298-4111950d210f", "timestamp": "1508934502", "to_ids": true, "value": "1a500852b5e32a70d9f585884b23ab30", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59f07792-c3e0-44ae-a70d-44aa950d210f", "timestamp": "1508934502", "to_ids": true, "value": "http://cirad.or.id/JHGxte633", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59f07793-a2cc-49df-97cd-414d950d210f", "timestamp": "1508934502", "to_ids": true, "value": "cirad.or.id", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "cirad.or.id", "category": "Network activity", "uuid": "59f07794-1b28-4646-a73d-4009950d210f", "timestamp": "1508934502", "to_ids": false, "value": "202.145.0.45", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59f07794-f1c4-4743-961d-21ef950d210f", "timestamp": "1508934502", "to_ids": true, "value": "http://deroeckrecycling.nl/JHGxte633", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59f07795-e734-4ac7-904d-45b7950d210f", "timestamp": "1508934502", "to_ids": true, "value": "deroeckrecycling.nl", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "deroeckrecycling.nl", "category": "Network activity", "uuid": "59f07795-ceac-4673-ab11-4651950d210f", "timestamp": "1508934502", "to_ids": false, "value": "94.126.70.2", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59f07795-61b8-4cb8-bd1b-43fd950d210f", "timestamp": "1508934502", "to_ids": true, "value": "http://dnhconsultores.com/JHGxte633", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59f07795-9c00-4d70-a466-42be950d210f", "timestamp": "1508934502", "to_ids": true, "value": "dnhconsultores.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "dnhconsultores.com", "category": "Network activity", "uuid": "59f07796-110c-4703-aafc-48a5950d210f", "timestamp": "1508934502", "to_ids": false, "value": "212.227.138.50", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59f07796-0364-45d4-b527-2380950d210f", "timestamp": "1508934502", "to_ids": true, "value": "http://clinicapaulocardozo.pt/cjiwgf87634", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59f07796-b748-4325-bb69-2277950d210f", "timestamp": "1508934502", "to_ids": true, "value": "clinicapaulocardozo.pt", "disable_correlation": false, "object_relation": null, "type": "hostname"}