{ "Event": { "analysis": "1", "date": "2017-11-09", "extends_uuid": "", "info": "M2M - Locky 2017-11-07 : Affid=3, offline, \".asasin\" : \"Emailing: AZ123 - 07.11.2017\" - \"AZ123 - 07.11.2017.doc\"", "publish_timestamp": "1510261611", "published": true, "threat_level_id": "3", "timestamp": "1510261554", "uuid": "5a0451b3-211c-45f2-ac24-403d950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "md5", "uuid": "5a0451b4-0b64-4121-b2e1-cc6f950d210f", "value": "a4872e4fe84e5adcc49ba4c641547821" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b5-d364-4bd3-a8e6-412e950d210f", "value": "http://c3pconsulting.com/7863" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b5-f320-45ed-9106-4323950d210f", "value": "c3pconsulting.com" }, { "category": "Network activity", "comment": "c3pconsulting.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451b5-e620-4fba-b8af-467f950d210f", "value": "192.186.219.83" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b5-e204-472d-9b39-428d950d210f", "value": "http://city-hospital.com/7863" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b6-dbc4-4f3c-aa71-475f950d210f", "value": "city-hospital.com" }, { "category": "Network activity", "comment": "city-hospital.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451b6-f194-4785-bcf4-4a04950d210f", "value": "148.251.218.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b6-3b18-4127-9450-4986950d210f", "value": "http://developmenttesting.website/7863" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b6-c438-4c75-875a-4d39950d210f", "value": "developmenttesting.website" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b7-c01c-49aa-b3d6-49c6950d210f", "value": "http://ecochart.org/7863" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b7-4a8c-4c3a-a81f-4434950d210f", "value": "ecochart.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b7-b814-4781-b6fe-472c950d210f", "value": "http://arcusautomatika.ba/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b7-0a00-40b2-ac97-20a6950d210f", "value": "arcusautomatika.ba" }, { "category": "Network activity", "comment": "arcusautomatika.ba", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451b8-c3b0-458d-b969-4fc5950d210f", "value": "195.222.33.183" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b8-e1a8-414e-b86a-4f08950d210f", "value": "http://2013oakseedessaycontest.com/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b8-8ad8-47de-bbe5-42e5950d210f", "value": "2013oakseedessaycontest.com" }, { "category": "Network activity", "comment": "2013oakseedessaycontest.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451b9-6808-4095-8106-cc6f950d210f", "value": "108.167.141.148" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451b9-a470-45ac-bfde-4290950d210f", "value": "http://altarek.com/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451b9-47fc-404e-9260-4e68950d210f", "value": "altarek.com" }, { "category": "Network activity", "comment": "altarek.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451ba-3834-4942-bc3b-40d4950d210f", "value": "67.210.100.133" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451ba-85fc-4f09-a338-4550950d210f", "value": "http://basarteks.com/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451ba-3d98-4390-b10a-20a6950d210f", "value": "basarteks.com" }, { "category": "Network activity", "comment": "basarteks.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451ba-7794-4c37-aae1-cdb1950d210f", "value": "195.87.101.81" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451bb-dba0-4d53-81e5-4979950d210f", "value": "http://amcscomputer.com/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451bb-c20c-487d-839a-75a9950d210f", "value": "amcscomputer.com" }, { "category": "Network activity", "comment": "amcscomputer.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451bc-0a80-4f65-ad6d-4b1d950d210f", "value": "216.242.171.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451bc-b638-4615-93a3-48ee950d210f", "value": "http://bobtheprinter.com/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451bc-ac14-4093-b9d4-40b5950d210f", "value": "bobtheprinter.com" }, { "category": "Network activity", "comment": "bobtheprinter.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": false, "type": "ip-dst", "uuid": "5a0451bc-3808-4518-bc79-20a6950d210f", "value": "216.228.2.70" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "url", "uuid": "5a0451bd-18e8-4e9c-a249-cc6f950d210f", "value": "http://muchinfaket.net/p66/mngytr56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261549", "to_ids": true, "type": "hostname", "uuid": "5a0451bd-ea08-46bc-ad11-48b1950d210f", "value": "muchinfaket.net" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a4872e4fe84e5adcc49ba4c641547821", "deleted": false, "disable_correlation": false, "timestamp": "1510261550", "to_ids": true, "type": "sha256", "uuid": "5a04c32e-00b8-4950-a5ed-42c402de0b81", "value": "423dc1aaaed311349f9932a643a032d18f0589b97275b501a7a7f6955f5aac46" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a4872e4fe84e5adcc49ba4c641547821", "deleted": false, "disable_correlation": false, "timestamp": "1510261550", "to_ids": true, "type": "sha1", "uuid": "5a04c32e-2384-475a-b1e6-40d602de0b81", "value": "38fbc212ba2fde3dc0d9f3e9fa27df1411604398" }, { "category": "External analysis", "comment": "- Xchecked via VT: a4872e4fe84e5adcc49ba4c641547821", "deleted": false, "disable_correlation": false, "timestamp": "1510261550", "to_ids": false, "type": "link", "uuid": "5a04c32e-3068-44f7-bdfe-43dd02de0b81", "value": "https://www.virustotal.com/file/423dc1aaaed311349f9932a643a032d18f0589b97275b501a7a7f6955f5aac46/analysis/1510152311/" } ] } }