{ "Event": { "analysis": "1", "date": "2017-11-10", "extends_uuid": "", "info": "M2M - Locky 2017-11-09 : Affid=3, offline, \".asasin\" : \"Documents\" - \"ABY001234.doc\"", "publish_timestamp": "1510558566", "published": true, "threat_level_id": "3", "timestamp": "1510392278", "uuid": "5a05d1d7-5710-44c0-869f-4a52950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "md5", "uuid": "5a05d1d8-8e44-43d0-a1df-401a950d210f", "value": "64d55acb693c58656eb3004b595d782c" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "url", "uuid": "5a05d1d9-1848-4c8d-b015-41a9950d210f", "value": "http://hofgrund.de/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "hostname", "uuid": "5a05d1d9-9288-4392-9409-4ed2950d210f", "value": "hofgrund.de" }, { "category": "Network activity", "comment": "hofgrund.de", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1d9-b514-40d0-b9d8-4cb2950d210f", "value": "78.111.75.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "url", "uuid": "5a05d1d9-e514-49da-8321-4978950d210f", "value": "http://holidays-auction.com/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "hostname", "uuid": "5a05d1da-1468-45f2-99c6-4f76950d210f", "value": "holidays-auction.com" }, { "category": "Network activity", "comment": "holidays-auction.com", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1da-2248-4d1d-9872-418c950d210f", "value": "82.165.139.233" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "url", "uuid": "5a05d1da-5fd4-4816-b70a-440d950d210f", "value": "http://horoskoperstellung.com/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": true, "type": "hostname", "uuid": "5a05d1da-bc80-4bcd-8033-4312950d210f", "value": "horoskoperstellung.com" }, { "category": "Network activity", "comment": "horoskoperstellung.com", "deleted": false, "disable_correlation": false, "timestamp": "1510391627", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1da-a830-44ba-8f5c-486d950d210f", "value": "213.203.202.31" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1db-afa4-4a2f-b5bf-4d70950d210f", "value": "http://jw-portal.hosting-jw.de/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1db-d7f4-4733-ad6f-4541950d210f", "value": "jw-portal.hosting-jw.de" }, { "category": "Network activity", "comment": "jw-portal.hosting-jw.de", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1db-3ab4-4412-937f-44ff950d210f", "value": "85.214.130.145" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1db-7300-4976-b97b-4e5a950d210f", "value": "http://maydakookt.indepenmedia.nl/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1db-db54-417e-9bce-426d950d210f", "value": "maydakookt.indepenmedia.nl" }, { "category": "Network activity", "comment": "maydakookt.indepenmedia.nl", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1dc-af4c-40ca-9ae1-42dc950d210f", "value": "85.17.156.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1dc-c900-4364-a0ce-4216950d210f", "value": "http://with-hair.co.jp/505" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1dc-a534-428f-9e6f-4c75950d210f", "value": "with-hair.co.jp" }, { "category": "Network activity", "comment": "with-hair.co.jp", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1dd-5450-4bf5-9c10-4cae950d210f", "value": "27.85.233.43" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1de-e7a0-4ca5-bc42-40e9950d210f", "value": "http://primeassociatesinc.com/kjgjhdg4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1de-4700-45aa-b2aa-4a85950d210f", "value": "primeassociatesinc.com" }, { "category": "Network activity", "comment": "primeassociatesinc.com", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1df-3048-462e-a124-4179950d210f", "value": "209.54.51.32" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1df-5be8-4b1c-bdad-43e7950d210f", "value": "http://336.linux1.testsider.dk/kjgjhdg4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1df-91cc-452f-ac9b-4fa1950d210f", "value": "336.linux1.testsider.dk" }, { "category": "Network activity", "comment": "336.linux1.testsider.dk", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1df-48f8-4264-ba87-4b42950d210f", "value": "77.243.131.16" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1df-96b0-4a41-8b65-4b7f950d210f", "value": "http://vallei-elektrotechniek.nl/kjgjhdg4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1e0-a330-412f-8735-49f0950d210f", "value": "vallei-elektrotechniek.nl" }, { "category": "Network activity", "comment": "vallei-elektrotechniek.nl", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1e0-c3e8-4f7f-9da4-43df950d210f", "value": "149.210.137.37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "url", "uuid": "5a05d1e0-a154-4155-bc30-4527950d210f", "value": "http://testbxc.u-host.ru/kjgjhdg4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "hostname", "uuid": "5a05d1e0-9844-41ae-be5b-463c950d210f", "value": "testbxc.u-host.ru" }, { "category": "Network activity", "comment": "testbxc.u-host.ru", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "ip-dst", "uuid": "5a05d1e0-c49c-4af4-b577-4bec950d210f", "value": "212.220.124.233" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 64d55acb693c58656eb3004b595d782c", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "sha256", "uuid": "5a06bf4c-fec8-4a12-bbc8-44ba02de0b81", "value": "e37ffad79863d12a3b62190d653d8e4d7f0b88c261d83e85639699829db06f51" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 64d55acb693c58656eb3004b595d782c", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": true, "type": "sha1", "uuid": "5a06bf4c-d7dc-4c01-aec0-4e2d02de0b81", "value": "742e7976bafb4e9f437dd30d0faa48a8a4671ab5" }, { "category": "External analysis", "comment": "- Xchecked via VT: 64d55acb693c58656eb3004b595d782c", "deleted": false, "disable_correlation": false, "timestamp": "1510391628", "to_ids": false, "type": "link", "uuid": "5a06bf4c-e650-4a59-a072-421002de0b81", "value": "https://www.virustotal.com/file/e37ffad79863d12a3b62190d653d8e4d7f0b88c261d83e85639699829db06f51/analysis/1510323832/" } ] } }