{ "Event": { "analysis": "1", "date": "2017-10-11", "extends_uuid": "", "info": "M2M - Locky 2017-10-10 : Affid=3, offline, \".asasin\" : \"Voicemail From 845-551-1234\" - \"VMSG12345678_20171010.7z\"", "publish_timestamp": "1507830039", "published": true, "threat_level_id": "3", "timestamp": "1507829816", "uuid": "59ddbaf9-3874-405c-b2e7-4770950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829808", "to_ids": true, "type": "md5", "uuid": "59ddbafa-ae58-4bdd-93e5-4f83950d210f", "value": "37c106c0d8e97fbe9ec10a037858ea23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbafa-9554-4127-b998-4b20950d210f", "value": "http://alucmuhendislik.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbafa-290c-436b-be26-4b6e950d210f", "value": "alucmuhendislik.com" }, { "category": "Network activity", "comment": "alucmuhendislik.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbafb-dfd4-47ce-9bf7-4b76950d210f", "value": "185.85.205.9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbafb-d924-4a3d-9ebc-4d02950d210f", "value": "http://atlantarecyclingcenters.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbafb-2450-4fa7-916d-4a83950d210f", "value": "atlantarecyclingcenters.com" }, { "category": "Network activity", "comment": "atlantarecyclingcenters.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbafb-ee64-40a0-a18f-31f8950d210f", "value": "98.124.251.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbafb-df8c-47e5-9dd2-4fe9950d210f", "value": "http://bit-chasers.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbafc-a27c-483c-a0c4-4de7950d210f", "value": "bit-chasers.com" }, { "category": "Network activity", "comment": "bit-chasers.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbafc-cf64-49fa-ba16-403d950d210f", "value": "98.124.251.176" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbafc-dc84-4cb1-aac0-6211950d210f", "value": "http://bjp.co.id/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbafc-2528-4a3f-ad70-096f950d210f", "value": "bjp.co.id" }, { "category": "Network activity", "comment": "bjp.co.id", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbaff-0390-4b26-aae3-b4e9950d210f", "value": "202.169.44.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb00-ba20-48ab-91e6-4fc3950d210f", "value": "http://centurythis.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb00-bec0-4b82-9c45-4ee1950d210f", "value": "centurythis.com" }, { "category": "Network activity", "comment": "centurythis.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb00-1c58-4fc5-b0c2-4150950d210f", "value": "98.124.252.66" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb00-6228-4348-b57c-4590950d210f", "value": "http://estudiperceptiva.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb00-d0c4-45a0-b06a-4e64950d210f", "value": "estudiperceptiva.com" }, { "category": "Network activity", "comment": "estudiperceptiva.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb01-a6c4-4ddd-9292-4183950d210f", "value": "86.109.170.66" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb01-4d24-44e2-9e27-61c1950d210f", "value": "http://handhi.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb01-7354-4c61-b480-41f3950d210f", "value": "handhi.com" }, { "category": "Network activity", "comment": "handhi.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb02-5cc4-41df-b08c-b4e9950d210f", "value": "162.213.255.19" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb02-1800-4a39-8303-4e09950d210f", "value": "http://hellonwheelsthemovie.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb02-b064-432a-a5a5-4374950d210f", "value": "hellonwheelsthemovie.com" }, { "category": "Network activity", "comment": "hellonwheelsthemovie.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb03-b66c-4d89-8b7b-4bc3950d210f", "value": "66.36.165.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb03-7bf4-46fa-ac8f-479c950d210f", "value": "http://hexacam.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb03-3ecc-4b7a-9a0c-6211950d210f", "value": "hexacam.com" }, { "category": "Network activity", "comment": "hexacam.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb03-68d0-4ce7-9d82-4a95950d210f", "value": "98.124.251.65" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb03-9840-4d34-88cc-61c1950d210f", "value": "http://logica-info.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb04-ec1c-42b5-a97c-4fd8950d210f", "value": "logica-info.com" }, { "category": "Network activity", "comment": "logica-info.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb04-5554-4d42-9027-b4e9950d210f", "value": "202.169.44.143" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb04-c104-4f21-b82a-31f8950d210f", "value": "http://mh-service.ru/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb04-72a8-4622-b662-4dc4950d210f", "value": "mh-service.ru" }, { "category": "Network activity", "comment": "mh-service.ru", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb05-bd8c-498b-b4f6-470c950d210f", "value": "89.253.235.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb05-b74c-4048-ae7d-4e7a950d210f", "value": "http://miamirecyclecenters.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb05-55f0-439b-8cfc-6211950d210f", "value": "miamirecyclecenters.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb06-f4ac-4d03-b7ca-61c1950d210f", "value": "http://monstermx.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb06-a7f4-408e-b861-4260950d210f", "value": "monstermx.com" }, { "category": "Network activity", "comment": "monstermx.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb06-4a78-4e45-8a70-409a950d210f", "value": "107.152.98.20" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb07-d698-450c-bf30-b4e9950d210f", "value": "http://m-tensou.net/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb07-5648-44f3-bcf3-4b45950d210f", "value": "m-tensou.net" }, { "category": "Network activity", "comment": "m-tensou.net", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb07-5b34-4f88-ae66-4248950d210f", "value": "202.218.252.73" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb07-58d0-49b9-adca-4687950d210f", "value": "http://paulcruse.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb08-7f8c-48c5-850b-6211950d210f", "value": "paulcruse.com" }, { "category": "Network activity", "comment": "paulcruse.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb08-3ffc-4b6e-b985-4c25950d210f", "value": "91.215.186.147" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb08-6f84-49b4-a0be-096f950d210f", "value": "http://suncoastot.com/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb08-3724-4f77-b69f-494f950d210f", "value": "suncoastot.com" }, { "category": "Network activity", "comment": "suncoastot.com", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "ip-dst", "uuid": "59ddbb09-be44-43f1-a668-4ac6950d210f", "value": "98.124.252.176" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "url", "uuid": "59ddbb09-b674-4272-bef6-4391950d210f", "value": "http://nsaflow.info/p66/njhgftrf3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "hostname", "uuid": "59ddbb09-78dc-41cf-85c9-31f8950d210f", "value": "nsaflow.info" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "sha256", "uuid": "59dfa831-9e70-435a-816f-431802de0b81", "value": "a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": true, "type": "sha1", "uuid": "59dfa831-eff4-475c-bd04-48e202de0b81", "value": "27d90243d7289de58022850f98c5a0333e8da235" }, { "category": "External analysis", "comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23", "deleted": false, "disable_correlation": false, "timestamp": "1507829809", "to_ids": false, "type": "link", "uuid": "59dfa831-efd4-4add-a72b-414502de0b81", "value": "https://www.virustotal.com/file/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7/analysis/1507743716/" } ] } }