{ "Event": { "analysis": "1", "date": "2017-06-02", "extends_uuid": "", "info": "M2M - Jaff 2017-06-02 : \"Invoice INV-1234\" - \"Invoice INV-1234.pdf\"", "publish_timestamp": "1496419127", "published": true, "threat_level_id": "3", "timestamp": "1496419111", "uuid": "59318aac-4e04-4616-9682-43ff950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Jaff\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418989", "to_ids": true, "type": "md5", "uuid": "59318aad-9c84-42d9-b8e2-ba67950d210f", "value": "29d88355954e0ef9be171f54567a2703" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418989", "to_ids": true, "type": "md5", "uuid": "59318aad-2dbc-4185-8a26-42ec950d210f", "value": "3a85cbd54b6c1afadaf06fbc6f1ef9b4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418990", "to_ids": true, "type": "url", "uuid": "59318aae-f558-4a98-85c5-bae1950d210f", "value": "http://dhaniearie.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418991", "to_ids": true, "type": "hostname", "uuid": "59318aaf-26cc-4c74-bfe7-bb84950d210f", "value": "dhaniearie.com" }, { "category": "Network activity", "comment": "dhaniearie.com", "deleted": false, "disable_correlation": false, "timestamp": "1496418991", "to_ids": false, "type": "ip-dst", "uuid": "59318aaf-71bc-4df0-b19c-4676950d210f", "value": "103.11.75.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418992", "to_ids": true, "type": "url", "uuid": "59318ab0-67b4-4200-988a-4b12950d210f", "value": "http://doinlife.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418993", "to_ids": true, "type": "hostname", "uuid": "59318ab1-0da4-441c-b0e0-43bd950d210f", "value": "doinlife.com" }, { "category": "Network activity", "comment": "doinlife.com", "deleted": false, "disable_correlation": false, "timestamp": "1496418994", "to_ids": false, "type": "ip-dst", "uuid": "59318ab2-03c8-4097-af86-415e950d210f", "value": "108.179.228.212" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418996", "to_ids": true, "type": "url", "uuid": "59318ab4-e24c-465a-af2e-bb1d950d210f", "value": "http://eselink.com.my/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496418997", "to_ids": true, "type": "hostname", "uuid": "59318ab5-c09c-4b4f-bd1b-40da950d210f", "value": "eselink.com.my" }, { "category": "Network activity", "comment": "eselink.com.my", "deleted": false, "disable_correlation": false, "timestamp": "1496418999", "to_ids": false, "type": "ip-dst", "uuid": "59318ab7-52d0-4ba6-8bf7-4616950d210f", "value": "124.150.140.96" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419000", "to_ids": true, "type": "url", "uuid": "59318ab8-4cf8-4748-b7c9-4a0d950d210f", "value": "http://lanphuong.vn/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419001", "to_ids": true, "type": "hostname", "uuid": "59318ab9-2a0c-4603-95e3-ba67950d210f", "value": "lanphuong.vn" }, { "category": "Network activity", "comment": "lanphuong.vn", "deleted": false, "disable_correlation": false, "timestamp": "1496419002", "to_ids": false, "type": "ip-dst", "uuid": "59318aba-877c-45f4-92c3-4074950d210f", "value": "112.213.85.78" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419004", "to_ids": true, "type": "url", "uuid": "59318abc-0368-4fb0-8101-49ed950d210f", "value": "http://lordheals.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419004", "to_ids": true, "type": "hostname", "uuid": "59318abc-73ec-4a13-b070-bae1950d210f", "value": "lordheals.com" }, { "category": "Network activity", "comment": "lordheals.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419005", "to_ids": false, "type": "ip-dst", "uuid": "59318abd-3424-4567-bb19-bb84950d210f", "value": "192.185.5.93" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419006", "to_ids": true, "type": "url", "uuid": "59318abe-fff4-4ccc-9101-4ec8950d210f", "value": "http://meiyizixun.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419006", "to_ids": true, "type": "hostname", "uuid": "59318abe-438c-471b-a62e-443d950d210f", "value": "meiyizixun.com" }, { "category": "Network activity", "comment": "meiyizixun.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419007", "to_ids": false, "type": "ip-dst", "uuid": "59318abf-4e34-4b4b-8083-44e3950d210f", "value": "103.24.0.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419008", "to_ids": true, "type": "url", "uuid": "59318ac0-5194-44d8-9b78-4e37950d210f", "value": "http://midiconcept.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419008", "to_ids": true, "type": "hostname", "uuid": "59318ac0-e094-4c70-9738-4ef2950d210f", "value": "midiconcept.com" }, { "category": "Network activity", "comment": "midiconcept.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419009", "to_ids": false, "type": "ip-dst", "uuid": "59318ac1-6260-4873-9be7-456d950d210f", "value": "193.70.38.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419010", "to_ids": true, "type": "url", "uuid": "59318ac2-6814-407a-9008-bb1d950d210f", "value": "http://mountmary.ca/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419010", "to_ids": true, "type": "hostname", "uuid": "59318ac2-7074-4b26-881c-1b5b950d210f", "value": "mountmary.ca" }, { "category": "Network activity", "comment": "mountmary.ca", "deleted": false, "disable_correlation": false, "timestamp": "1496419011", "to_ids": false, "type": "ip-dst", "uuid": "59318ac3-4374-4076-b502-42dd950d210f", "value": "69.49.101.51" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419011", "to_ids": true, "type": "url", "uuid": "59318ac3-a618-4d43-a0ba-1b03950d210f", "value": "http://newserniggrofg.net/af/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419012", "to_ids": true, "type": "hostname", "uuid": "59318ac4-148c-4ae5-9369-49da950d210f", "value": "newserniggrofg.net" }, { "category": "Network activity", "comment": "newserniggrofg.net", "deleted": false, "disable_correlation": false, "timestamp": "1496419015", "to_ids": false, "type": "ip-dst", "uuid": "59318ac7-f610-48ff-9c91-ba67950d210f", "value": "13.58.5.152" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419016", "to_ids": true, "type": "url", "uuid": "59318ac8-2d04-419c-b163-46fe950d210f", "value": "http://orhangazitur.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419016", "to_ids": true, "type": "hostname", "uuid": "59318ac8-f2f4-48e2-ad99-6559950d210f", "value": "orhangazitur.com" }, { "category": "Network activity", "comment": "orhangazitur.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419017", "to_ids": false, "type": "ip-dst", "uuid": "59318ac9-6e6c-4355-b30f-4228950d210f", "value": "109.232.220.235" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419017", "to_ids": true, "type": "url", "uuid": "59318ac9-82a0-45b8-856b-bae1950d210f", "value": "http://resevesssetornument.com/af/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419018", "to_ids": true, "type": "hostname", "uuid": "59318aca-2b78-4a03-bb75-bb84950d210f", "value": "resevesssetornument.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419020", "to_ids": true, "type": "url", "uuid": "59318acc-bb4c-41fc-9e55-475c950d210f", "value": "http://shrideva.co.in/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419020", "to_ids": true, "type": "hostname", "uuid": "59318acc-dbe0-48e3-9d15-435b950d210f", "value": "shrideva.co.in" }, { "category": "Network activity", "comment": "shrideva.co.in", "deleted": false, "disable_correlation": false, "timestamp": "1496419021", "to_ids": false, "type": "ip-dst", "uuid": "59318acd-5a20-4344-a4da-499f950d210f", "value": "103.21.59.168" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419022", "to_ids": true, "type": "url", "uuid": "59318ace-f694-4699-a4b6-4fd8950d210f", "value": "http://strassensammler.de/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419022", "to_ids": true, "type": "hostname", "uuid": "59318ace-2648-4358-b884-bb1d950d210f", "value": "strassensammler.de" }, { "category": "Network activity", "comment": "strassensammler.de", "deleted": false, "disable_correlation": false, "timestamp": "1496419023", "to_ids": false, "type": "ip-dst", "uuid": "59318acf-03f8-4cf4-8785-4c58950d210f", "value": "81.169.145.86" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419025", "to_ids": true, "type": "url", "uuid": "59318ad1-48a0-41db-951d-1b03950d210f", "value": "http://suninsulation.com.au/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419026", "to_ids": true, "type": "hostname", "uuid": "59318ad2-7e48-4aef-89a3-4ecf950d210f", "value": "suninsulation.com.au" }, { "category": "Network activity", "comment": "suninsulation.com.au", "deleted": false, "disable_correlation": false, "timestamp": "1496419028", "to_ids": false, "type": "ip-dst", "uuid": "59318ad4-7f18-4f11-9a05-4b36950d210f", "value": "182.160.158.62" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419029", "to_ids": true, "type": "url", "uuid": "59318ad5-17e4-42b4-88c0-4060950d210f", "value": "http://systemalu.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419030", "to_ids": true, "type": "hostname", "uuid": "59318ad6-07e4-4b4e-a52a-bae1950d210f", "value": "systemalu.com" }, { "category": "Network activity", "comment": "systemalu.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419032", "to_ids": false, "type": "ip-dst", "uuid": "59318ad8-8024-464f-b3cf-bb84950d210f", "value": "143.95.239.62" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419033", "to_ids": true, "type": "url", "uuid": "59318ad9-d22c-48a6-b6b4-46e0950d210f", "value": "http://vibehouserecords.com/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419034", "to_ids": true, "type": "hostname", "uuid": "59318ada-bd14-4741-8fd2-44a0950d210f", "value": "vibehouserecords.com" }, { "category": "Network activity", "comment": "vibehouserecords.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419034", "to_ids": false, "type": "ip-dst", "uuid": "59318ada-88c0-4100-b367-4ca2950d210f", "value": "104.27.176.10" }, { "category": "Network activity", "comment": "vibehouserecords.com", "deleted": false, "disable_correlation": false, "timestamp": "1496419035", "to_ids": false, "type": "ip-dst", "uuid": "59318adb-41f0-4e85-a023-bb1d950d210f", "value": "104.27.177.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419035", "to_ids": true, "type": "url", "uuid": "59318adb-0f34-4f11-b527-1b5b950d210f", "value": "http://yoyogi.com.au/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419036", "to_ids": true, "type": "hostname", "uuid": "59318adc-5774-4b2e-8a10-41c5950d210f", "value": "yoyogi.com.au" }, { "category": "Network activity", "comment": "yoyogi.com.au", "deleted": false, "disable_correlation": false, "timestamp": "1496419037", "to_ids": false, "type": "ip-dst", "uuid": "59318add-fb6c-419d-a0b4-1b03950d210f", "value": "27.124.113.33" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419037", "to_ids": true, "type": "url", "uuid": "59318add-6b10-41fb-aa6d-4686950d210f", "value": "http://zvezda-k.ru/hH60bd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419038", "to_ids": true, "type": "hostname", "uuid": "59318ade-e500-474c-9c4e-43a3950d210f", "value": "zvezda-k.ru" }, { "category": "Network activity", "comment": "zvezda-k.ru", "deleted": false, "disable_correlation": false, "timestamp": "1496419038", "to_ids": false, "type": "ip-dst", "uuid": "59318ade-763c-46ea-afe6-4dd4950d210f", "value": "81.177.139.23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419039", "to_ids": true, "type": "url", "uuid": "59318adf-0270-4e33-b2f9-ba67950d210f", "value": "http://whoisfoxxrobiouy.net/a5/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1496419039", "to_ids": true, "type": "hostname", "uuid": "59318adf-24a8-4dfe-951a-4482950d210f", "value": "whoisfoxxrobiouy.net" }, { "category": "Network activity", "comment": "whoisfoxxrobiouy.net", "deleted": false, "disable_correlation": false, "timestamp": "1496419041", "to_ids": false, "type": "ip-dst", "uuid": "59318ae1-07b0-41fe-9488-6559950d210f", "value": "5.101.66.85" } ] } }