{ "Event": { "analysis": "1", "date": "2017-05-18", "extends_uuid": "", "info": "Invoice ###### 05/17/2017 from dontreply@random", "publish_timestamp": "1495107139", "published": true, "threat_level_id": "3", "timestamp": "1495107040", "uuid": "591d566d-3ec0-4195-adb2-9f28950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094894", "to_ids": true, "type": "md5", "uuid": "591d566e-62ec-4abd-afc7-99a0950d210f", "value": "716165fb5e07ecc95d45e8761b10ab30" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094895", "to_ids": true, "type": "md5", "uuid": "591d566f-19f4-4248-8fcb-c522950d210f", "value": "f3d9b2cb51e81d12ff3d5faaca231041" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094895", "to_ids": true, "type": "md5", "uuid": "591d566f-652c-4398-8074-c520950d210f", "value": "3f6c1a2735a8595cb1b03260bec9cb1b" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094896", "to_ids": true, "type": "md5", "uuid": "591d5670-d1d8-4260-8674-c51c950d210f", "value": "14d05276125e70d43e710ef186261c95" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094897", "to_ids": true, "type": "sha256", "uuid": "591d5671-0dec-43e6-9433-a001950d210f", "value": "86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094898", "to_ids": true, "type": "url", "uuid": "591d5672-5a04-495b-94ef-99a4950d210f", "value": "http://bbz-regeling.nl/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094899", "to_ids": true, "type": "hostname", "uuid": "591d5673-d418-4ebc-bd4d-99a3950d210f", "value": "bbz-regeling.nl" }, { "category": "Network activity", "comment": "bbz-regeling.nl", "deleted": false, "disable_correlation": false, "timestamp": "1495094899", "to_ids": true, "type": "ip-dst", "uuid": "591d5673-5ff8-47f0-80d3-c51f950d210f", "value": "185.87.184.212" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094900", "to_ids": true, "type": "url", "uuid": "591d5674-c140-4f6e-bb6a-c525950d210f", "value": "http://blackempire.it/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094901", "to_ids": true, "type": "hostname", "uuid": "591d5675-f1b4-4ea5-8309-c518950d210f", "value": "blackempire.it" }, { "category": "Network activity", "comment": "blackempire.it", "deleted": false, "disable_correlation": false, "timestamp": "1495094902", "to_ids": true, "type": "ip-dst", "uuid": "591d5676-3edc-4315-b274-c520950d210f", "value": "212.18.226.16" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094903", "to_ids": true, "type": "url", "uuid": "591d5677-5d30-464f-9cae-99a4950d210f", "value": "http://diytp.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094904", "to_ids": true, "type": "hostname", "uuid": "591d5678-a17c-4409-839d-c516950d210f", "value": "diytp.com" }, { "category": "Network activity", "comment": "diytp.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094906", "to_ids": true, "type": "ip-dst", "uuid": "591d567a-f30c-4d86-98a5-c525950d210f", "value": "211.115.89.71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094907", "to_ids": true, "type": "url", "uuid": "591d567b-8ef4-432c-9d56-c524950d210f", "value": "http://doppellutz.de/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094908", "to_ids": true, "type": "hostname", "uuid": "591d567c-df8c-4725-9176-c520950d210f", "value": "doppellutz.de" }, { "category": "Network activity", "comment": "doppellutz.de", "deleted": false, "disable_correlation": false, "timestamp": "1495094908", "to_ids": true, "type": "ip-dst", "uuid": "591d567c-9e1c-48a2-a284-a005950d210f", "value": "81.169.145.95" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094909", "to_ids": true, "type": "url", "uuid": "591d567d-9648-4540-9fda-c51f950d210f", "value": "http://easternmas.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094910", "to_ids": true, "type": "hostname", "uuid": "591d567e-c210-4045-899b-c50f950d210f", "value": "easternmas.com" }, { "category": "Network activity", "comment": "easternmas.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094911", "to_ids": true, "type": "ip-dst", "uuid": "591d567f-5a6c-4ab4-b74f-9f28950d210f", "value": "129.121.5.206" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094911", "to_ids": true, "type": "url", "uuid": "591d567f-0bf4-4c9b-bd65-c522950d210f", "value": "http://edazhu.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094912", "to_ids": true, "type": "hostname", "uuid": "591d5680-b5c0-4717-93d9-c525950d210f", "value": "edazhu.com" }, { "category": "Network activity", "comment": "edazhu.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094913", "to_ids": true, "type": "ip-dst", "uuid": "591d5681-c820-4a67-9e6e-c51c950d210f", "value": "211.149.239.112" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094914", "to_ids": true, "type": "url", "uuid": "591d5682-65ec-49eb-828e-99a3950d210f", "value": "http://estimatingservicesinc.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094915", "to_ids": true, "type": "hostname", "uuid": "591d5683-2460-40df-9bc5-a005950d210f", "value": "estimatingservicesinc.com" }, { "category": "Network activity", "comment": "estimatingservicesinc.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094916", "to_ids": true, "type": "ip-dst", "uuid": "591d5684-da58-47dc-b71c-9f28950d210f", "value": "199.166.6.15" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094916", "to_ids": true, "type": "url", "uuid": "591d5684-3590-4187-b67a-c516950d210f", "value": "http://evasalome.nl/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094917", "to_ids": true, "type": "hostname", "uuid": "591d5685-2d9c-425a-8675-c51a950d210f", "value": "evasalome.nl" }, { "category": "Network activity", "comment": "evasalome.nl", "deleted": false, "disable_correlation": false, "timestamp": "1495094918", "to_ids": true, "type": "ip-dst", "uuid": "591d5686-cba4-4688-a059-c524950d210f", "value": "46.30.213.164" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094919", "to_ids": true, "type": "url", "uuid": "591d5687-8ec4-4fdf-bf9c-c51c950d210f", "value": "http://herrossoidffr6644qa.top/af/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094919", "to_ids": true, "type": "hostname", "uuid": "591d5687-c398-4836-9aba-9f05950d210f", "value": "herrossoidffr6644qa.top" }, { "category": "Network activity", "comment": "herrossoidffr6644qa.top", "deleted": false, "disable_correlation": false, "timestamp": "1495094921", "to_ids": true, "type": "ip-dst", "uuid": "591d5689-fb50-41a1-9c4e-c522950d210f", "value": "34.209.214.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094921", "to_ids": true, "type": "url", "uuid": "591d5689-f07c-460a-a550-c51a950d210f", "value": "http://kezakotheatre.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094922", "to_ids": true, "type": "hostname", "uuid": "591d568a-efe8-466d-9d75-a001950d210f", "value": "kezakotheatre.com" }, { "category": "Network activity", "comment": "kezakotheatre.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094923", "to_ids": true, "type": "ip-dst", "uuid": "591d568b-8fc0-4477-b23f-99a4950d210f", "value": "81.88.57.68" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094924", "to_ids": true, "type": "url", "uuid": "591d568c-5480-445f-a906-99a3950d210f", "value": "http://monowheels.ru/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094924", "to_ids": true, "type": "hostname", "uuid": "591d568c-be8c-4963-8ff3-a005950d210f", "value": "monowheels.ru" }, { "category": "Network activity", "comment": "monowheels.ru", "deleted": false, "disable_correlation": false, "timestamp": "1495094925", "to_ids": true, "type": "ip-dst", "uuid": "591d568d-0eac-4d4c-bd6e-a004950d210f", "value": "192.162.100.191" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094926", "to_ids": true, "type": "url", "uuid": "591d568e-7604-4e46-b09a-c522950d210f", "value": "http://oylumsut.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094927", "to_ids": true, "type": "hostname", "uuid": "591d568f-e164-46d5-b8e8-c525950d210f", "value": "oylumsut.com" }, { "category": "Network activity", "comment": "oylumsut.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094928", "to_ids": true, "type": "ip-dst", "uuid": "591d5690-1d74-450c-a151-c524950d210f", "value": "37.230.111.113" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094928", "to_ids": true, "type": "url", "uuid": "591d5690-f610-4604-9929-c523950d210f", "value": "http://peryskop.biz/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094929", "to_ids": true, "type": "hostname", "uuid": "591d5691-80c8-4e0d-90af-99a4950d210f", "value": "peryskop.biz" }, { "category": "Network activity", "comment": "peryskop.biz", "deleted": false, "disable_correlation": false, "timestamp": "1495094930", "to_ids": true, "type": "ip-dst", "uuid": "591d5692-4e4c-4071-890e-c51c950d210f", "value": "92.43.113.68" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094931", "to_ids": true, "type": "url", "uuid": "591d5693-4c1c-40a4-83b6-9f05950d210f", "value": "http://pta-babel.net/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094931", "to_ids": true, "type": "hostname", "uuid": "591d5693-d028-44a4-94a9-9f28950d210f", "value": "pta-babel.net" }, { "category": "Network activity", "comment": "pta-babel.net", "deleted": false, "disable_correlation": false, "timestamp": "1495094933", "to_ids": true, "type": "ip-dst", "uuid": "591d5695-5f28-40b5-9d2b-c525950d210f", "value": "103.247.9.134" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094933", "to_ids": true, "type": "url", "uuid": "591d5695-ed38-41e4-a25d-c523950d210f", "value": "http://sjffonrvcik45bd.info/af/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094935", "to_ids": true, "type": "hostname", "uuid": "591d5697-ae14-41fc-99e4-99a4950d210f", "value": "sjffonrvcik45bd.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094936", "to_ids": true, "type": "url", "uuid": "591d5698-6bc8-48cc-8a2f-c50f950d210f", "value": "http://taure.cz/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094937", "to_ids": true, "type": "hostname", "uuid": "591d5699-23c4-43df-9757-9f05950d210f", "value": "taure.cz" }, { "category": "Network activity", "comment": "taure.cz", "deleted": false, "disable_correlation": false, "timestamp": "1495094938", "to_ids": true, "type": "ip-dst", "uuid": "591d569a-04d0-4f56-ae42-c522950d210f", "value": "93.185.104.24" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094939", "to_ids": true, "type": "url", "uuid": "591d569b-e098-4072-ae21-c523950d210f", "value": "http://tenda.it/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094939", "to_ids": true, "type": "hostname", "uuid": "591d569b-f564-482b-90ab-c51f950d210f", "value": "tenda.it" }, { "category": "Network activity", "comment": "tenda.it", "deleted": false, "disable_correlation": false, "timestamp": "1495094940", "to_ids": true, "type": "ip-dst", "uuid": "591d569c-1cb8-4be4-9169-99a6950d210f", "value": "51.254.159.78" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094941", "to_ids": true, "type": "url", "uuid": "591d569d-2cc0-4494-8c0f-9f28950d210f", "value": "http://texaslandandlifestyle.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094942", "to_ids": true, "type": "hostname", "uuid": "591d569e-bcec-42ff-9653-c522950d210f", "value": "texaslandandlifestyle.com" }, { "category": "Network activity", "comment": "texaslandandlifestyle.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094943", "to_ids": true, "type": "ip-dst", "uuid": "591d569f-7540-44c6-a46a-99a4950d210f", "value": "107.154.161.187" }, { "category": "Network activity", "comment": "texaslandandlifestyle.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094944", "to_ids": true, "type": "ip-dst", "uuid": "591d56a0-3c60-4b15-82d4-a005950d210f", "value": "107.154.168.187" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094945", "to_ids": true, "type": "url", "uuid": "591d56a1-71c0-499d-a32d-9f28950d210f", "value": "http://tvapps.ir/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094947", "to_ids": true, "type": "hostname", "uuid": "591d56a3-f300-45b3-97b8-c522950d210f", "value": "tvapps.ir" }, { "category": "Network activity", "comment": "tvapps.ir", "deleted": false, "disable_correlation": false, "timestamp": "1495094950", "to_ids": true, "type": "ip-dst", "uuid": "591d56a6-1ef4-4f60-ad3f-99a4950d210f", "value": "5.61.25.106" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094950", "to_ids": true, "type": "url", "uuid": "591d56a6-fb98-44c0-8ff2-a004950d210f", "value": "http://unykmodels.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094951", "to_ids": true, "type": "hostname", "uuid": "591d56a7-b498-4f2c-94a2-9f05950d210f", "value": "unykmodels.com" }, { "category": "Network activity", "comment": "unykmodels.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094952", "to_ids": true, "type": "ip-dst", "uuid": "591d56a8-3b6c-47d0-8804-c525950d210f", "value": "143.95.74.249" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094953", "to_ids": true, "type": "url", "uuid": "591d56a9-bd50-4f1f-861d-99a6950d210f", "value": "http://westprod.fr/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094954", "to_ids": true, "type": "hostname", "uuid": "591d56aa-74dc-4c8e-a999-c516950d210f", "value": "westprod.fr" }, { "category": "Network activity", "comment": "westprod.fr", "deleted": false, "disable_correlation": false, "timestamp": "1495094955", "to_ids": true, "type": "ip-dst", "uuid": "591d56ab-0ad0-4d34-8554-99a0950d210f", "value": "213.246.39.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094955", "to_ids": true, "type": "url", "uuid": "591d56ab-d324-40da-aa6c-c522950d210f", "value": "http://ws500.net/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094956", "to_ids": true, "type": "hostname", "uuid": "591d56ac-2120-4a85-ba45-c520950d210f", "value": "ws500.net" }, { "category": "Network activity", "comment": "ws500.net", "deleted": false, "disable_correlation": false, "timestamp": "1495094957", "to_ids": true, "type": "ip-dst", "uuid": "591d56ad-fd60-4967-9f00-c50f950d210f", "value": "65.19.169.34" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094958", "to_ids": true, "type": "url", "uuid": "591d56ae-67a0-4b6d-b09b-c516950d210f", "value": "http://wxklfy.com/hjt67t" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094959", "to_ids": true, "type": "hostname", "uuid": "591d56af-ddb0-46ff-a49c-a005950d210f", "value": "wxklfy.com" }, { "category": "Network activity", "comment": "wxklfy.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094960", "to_ids": true, "type": "ip-dst", "uuid": "591d56b0-2ee0-44b9-bb32-99a6950d210f", "value": "103.224.248.183" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094961", "to_ids": true, "type": "url", "uuid": "591d56b1-b190-4be1-a470-c51a950d210f", "value": "http://eesiiuroffde445.com/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094962", "to_ids": true, "type": "hostname", "uuid": "591d56b2-e3d8-457f-aee1-c516950d210f", "value": "eesiiuroffde445.com" }, { "category": "Network activity", "comment": "eesiiuroffde445.com", "deleted": false, "disable_correlation": false, "timestamp": "1495094965", "to_ids": true, "type": "ip-dst", "uuid": "591d56b5-37f0-4960-9a3d-c50f950d210f", "value": "47.91.107.213" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1495094965", "to_ids": false, "type": "link", "uuid": "591d56b5-9bdc-4bc7-85ef-c51f950d210f", "value": "https://www.virustotal.com/en/url/86061f2ae8ba5250c38f20070ba446513918c23dfe35f0670ae555910a94c181/analysis/1495024235/" } ] } }