{ "Event": { "analysis": "1", "date": "2017-09-22", "extends_uuid": "", "info": "M2M - Locky 2017-09-18 : Affid=3, offline, \".ykcol\" : \"Message from KM_C224e\" - \"20171809_12345678901.7z\"", "publish_timestamp": "1506339705", "published": true, "threat_level_id": "3", "timestamp": "1506339606", "uuid": "59c56158-c3e8-47e0-bc9f-4d02950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "md5", "uuid": "59c56159-7764-449b-9963-419b950d210f", "value": "c6475a9b90dccea03d93dedf00eac5ee" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56159-e064-4321-9401-1330950d210f", "value": "http://accountingservices.apec.org/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56159-0230-4b93-a251-440e950d210f", "value": "accountingservices.apec.org" }, { "category": "Network activity", "comment": "accountingservices.apec.org", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615a-f138-4100-89f9-d2d7950d210f", "value": "123.100.239.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615a-ff1c-4324-9856-7461950d210f", "value": "http://autoecoleeurope.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615a-0114-4376-900a-44e6950d210f", "value": "autoecoleeurope.com" }, { "category": "Network activity", "comment": "autoecoleeurope.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615a-8050-4fce-bc9e-df79950d210f", "value": "193.227.248.241" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615b-575c-4bc4-8472-e0c7950d210f", "value": "http://autoecolekim95.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615b-5d40-48aa-a006-455d950d210f", "value": "autoecolekim95.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615b-1880-4a70-9d98-45a3950d210f", "value": "http://cornyproposals.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615b-7b4c-43d1-9716-1330950d210f", "value": "cornyproposals.com" }, { "category": "Network activity", "comment": "cornyproposals.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615c-b3a0-4b01-b03f-495a950d210f", "value": "184.168.111.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615c-38a4-4bb4-a783-d2d7950d210f", "value": "http://demopowerindo.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615c-9e78-4b9e-8ca9-7461950d210f", "value": "demopowerindo.com" }, { "category": "Network activity", "comment": "demopowerindo.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615d-86cc-4907-b85f-4a34950d210f", "value": "202.169.44.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615d-b0d8-4505-80fe-4d78950d210f", "value": "http://dmlex.adlino.be/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615e-f678-4569-93bc-496e950d210f", "value": "dmlex.adlino.be" }, { "category": "Network activity", "comment": "dmlex.adlino.be", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615e-1688-4fa3-b6e8-4f25950d210f", "value": "91.121.110.23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615e-bc50-41f7-9c8d-4990950d210f", "value": "http://eurecas.org/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615e-7fa0-4974-b587-416d950d210f", "value": "eurecas.org" }, { "category": "Network activity", "comment": "eurecas.org", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615e-cfd8-4c51-a8be-7461950d210f", "value": "185.58.7.11" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c5615f-a198-419f-b56e-4111950d210f", "value": "http://georginabringas.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c5615f-a198-469c-a78c-e0d9950d210f", "value": "georginabringas.com" }, { "category": "Network activity", "comment": "georginabringas.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c5615f-34d0-4864-a2e8-e0c7950d210f", "value": "40.76.209.29" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56160-c528-4170-b3f3-4b92950d210f", "value": "http://lasdamas.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56160-99b8-479e-8020-49e9950d210f", "value": "lasdamas.com" }, { "category": "Network activity", "comment": "lasdamas.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c56160-559c-4f87-af7e-4d54950d210f", "value": "66.84.21.227" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56160-e978-45d5-ba60-4752950d210f", "value": "http://montecortelhas.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56160-61d4-455d-b81c-4f57950d210f", "value": "montecortelhas.com" }, { "category": "Network activity", "comment": "montecortelhas.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c56161-1228-494e-933f-7461950d210f", "value": "80.172.241.21" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56161-e414-4b5b-8960-4a7c950d210f", "value": "http://petromarket.ir/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56161-90f0-4aea-be44-e0d9950d210f", "value": "petromarket.ir" }, { "category": "Network activity", "comment": "petromarket.ir", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c56162-8480-405b-ab9f-4361950d210f", "value": "198.50.119.188" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56162-da70-4b24-81f0-45d5950d210f", "value": "http://pnkparamount.com/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56162-963c-47bd-ab91-4a08950d210f", "value": "pnkparamount.com" }, { "category": "Network activity", "comment": "pnkparamount.com", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c56162-74f4-45c1-b217-1330950d210f", "value": "66.135.55.8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56162-df34-4776-b12f-4dcf950d210f", "value": "http://targeter.su/p66/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56163-4dbc-4b86-b05b-40a5950d210f", "value": "targeter.su" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56163-ac18-4167-9528-4483950d210f", "value": "http://v-chords.de/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56163-a0e4-4b86-b247-494b950d210f", "value": "v-chords.de" }, { "category": "Network activity", "comment": "v-chords.de", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "ip-dst", "uuid": "59c56164-ce44-4404-9bfc-4b07950d210f", "value": "85.214.62.160" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56164-2958-4f7f-83f3-4a4e950d210f", "value": "http://walkama.net/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "hostname", "uuid": "59c56164-3868-4e53-89b2-4c13950d210f", "value": "walkama.net" }, { "category": "Network activity", "comment": "walkama.net", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": false, "type": "ip-dst", "uuid": "59c56165-ae98-4d0c-ac0b-45e1950d210f", "value": "91.192.194.102" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "url", "uuid": "59c56165-4694-45b3-be9a-4d7f950d210f", "value": "http://wenger-werkzeugbau.de/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56165-f4f4-4658-8dd1-d2d7950d210f", "value": "wenger-werkzeugbau.de" }, { "category": "Network activity", "comment": "wenger-werkzeugbau.de", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": false, "type": "ip-dst", "uuid": "59c56165-775c-46f2-9568-4dca950d210f", "value": "87.230.17.247" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56165-babc-4ade-b117-4537950d210f", "value": "http://wiskundebijles.nu/DKndhFG72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56166-985c-45d7-b2ac-e0d9950d210f", "value": "wiskundebijles.nu" }, { "category": "Network activity", "comment": "wiskundebijles.nu", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": false, "type": "ip-dst", "uuid": "59c56166-1998-43a0-a378-e0c7950d210f", "value": "37.48.73.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56166-1b10-4b84-a294-4843950d210f", "value": "http://plbdykyhfysuemla.biz/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56166-b718-49da-a066-48be950d210f", "value": "plbdykyhfysuemla.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56167-6550-4e7f-954c-1330950d210f", "value": "http://binkdxdjmnimvu.xyz/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56167-c3f4-48fa-91b2-4e61950d210f", "value": "binkdxdjmnimvu.xyz" }, { "category": "Network activity", "comment": "binkdxdjmnimvu.xyz", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": false, "type": "ip-dst", "uuid": "59c56167-6c0c-4802-845a-49af950d210f", "value": "192.42.116.41" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56168-3130-4a31-bc46-436b950d210f", "value": "http://jkvjaco.org/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56168-5ec4-4f35-93bb-4e6b950d210f", "value": "jkvjaco.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56168-22dc-478f-83d6-43d7950d210f", "value": "http://butylctatr.org/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56168-f32c-455b-a308-4c81950d210f", "value": "butylctatr.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56169-0a70-45ee-afbd-4abb950d210f", "value": "http://dsmlskae.su/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56169-8078-459b-99cf-1330950d210f", "value": "dsmlskae.su" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56169-f930-4c95-92bc-4172950d210f", "value": "http://ybxjwcxwdkdfii.su/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c56169-4e58-45f9-afc1-d2d7950d210f", "value": "ybxjwcxwdkdfii.su" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c56169-6290-4822-9e2f-44bf950d210f", "value": "http://lpnwxhtui.click/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616a-2d00-49f7-bec9-4ce1950d210f", "value": "lpnwxhtui.click" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c5616a-0b5c-427e-a3d6-df79950d210f", "value": "http://ibwudico.su/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616a-aa2c-4f28-8f25-e0c7950d210f", "value": "ibwudico.su" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c5616b-5414-4c42-8a79-4b11950d210f", "value": "http://gnxvwwpwjadctwm.click/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616b-babc-44eb-a875-489d950d210f", "value": "gnxvwwpwjadctwm.click" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c5616b-1758-4e87-aaa3-4c3e950d210f", "value": "http://symfensvoh.org/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616b-4fa8-4a9f-b55c-4be9950d210f", "value": "symfensvoh.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c5616b-af80-4350-93fb-d2d7950d210f", "value": "http://sckodbf.biz/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616c-00d0-4301-b7ac-7461950d210f", "value": "sckodbf.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "url", "uuid": "59c5616c-e944-4b11-a3bf-4be1950d210f", "value": "http://yjqfggabiym.pl/imageload.cgi" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506108018", "to_ids": true, "type": "hostname", "uuid": "59c5616c-d59c-4be4-ba10-4945950d210f", "value": "yjqfggabiym.pl" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "sha256", "uuid": "59c56273-5d74-4c34-8c0e-4bb902de0b81", "value": "8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": true, "type": "sha1", "uuid": "59c56273-06dc-4df9-a984-42d002de0b81", "value": "b7afbe3c25fa4a147b32fa37b71c95ff089489e9" }, { "category": "External analysis", "comment": "- Xchecked via VT: c6475a9b90dccea03d93dedf00eac5ee", "deleted": false, "disable_correlation": false, "timestamp": "1506108019", "to_ids": false, "type": "link", "uuid": "59c56273-50b4-4811-9106-42e102de0b81", "value": "https://www.virustotal.com/file/8bf303dda84a1e0552f98370dd5dbfdf127d7ec9b5caab948874a897771ce142/analysis/1506055266/" } ] } }