{ "Event": { "analysis": "1", "date": "2018-01-18", "extends_uuid": "", "info": "M2M - GlobeImposter \"..doc\" 2018-01-12 : \"Unpaid invoice \" - \"1234567.7z\"", "publish_timestamp": "1518771555", "published": true, "threat_level_id": "3", "timestamp": "1518231724", "uuid": "5a607314-de88-4309-ba06-c4a9950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\"", "relationship_type": "" }, { "colour": "#3a001f", "local": false, "name": "workflow:todo=\"expansion\"", "relationship_type": "" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516270357", "to_ids": true, "type": "md5", "uuid": "5a607315-1518-4750-93c5-c1d6950d210f", "value": "b0ee9dae7de7781ea809278c48c310a5" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185158", "to_ids": true, "type": "url", "uuid": "5a607317-d5b4-41bb-b89e-4bf7950d210f", "value": "http://icilarache.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185159", "to_ids": true, "type": "hostname", "uuid": "5a607318-0c48-44a7-91ba-4340950d210f", "value": "icilarache.com" }, { "category": "Network activity", "comment": "icilarache.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185159", "to_ids": false, "type": "ip-dst", "uuid": "5a60731a-e12c-4a7f-8e1f-4bf5950d210f", "value": "199.188.200.144" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185159", "to_ids": true, "type": "url", "uuid": "5a60731c-d628-42ac-80d6-c707950d210f", "value": "http://jcvitalis.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185160", "to_ids": true, "type": "hostname", "uuid": "5a60731d-54d4-4649-94e7-c378950d210f", "value": "jcvitalis.com" }, { "category": "Network activity", "comment": "jcvitalis.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185160", "to_ids": false, "type": "ip-dst", "uuid": "5a60731f-5f48-4064-838c-4a0a950d210f", "value": "199.188.200.146" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185160", "to_ids": true, "type": "url", "uuid": "5a607321-b908-4031-9883-4b64950d210f", "value": "http://lasercutlawncare.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185161", "to_ids": true, "type": "hostname", "uuid": "5a607322-6f08-4e18-9206-4cc1950d210f", "value": "lasercutlawncare.com" }, { "category": "Network activity", "comment": "lasercutlawncare.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185161", "to_ids": false, "type": "ip-dst", "uuid": "5a607324-92ac-4876-921c-c458950d210f", "value": "198.54.116.65" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185162", "to_ids": true, "type": "url", "uuid": "5a607325-5a28-4f1e-97a8-c378950d210f", "value": "http://loquiereslotienesya.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185162", "to_ids": true, "type": "hostname", "uuid": "5a607328-9b30-44a7-bd51-4831950d210f", "value": "loquiereslotienesya.com" }, { "category": "Network activity", "comment": "loquiereslotienesya.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185162", "to_ids": false, "type": "ip-dst", "uuid": "5a607329-7b04-4a45-9577-423f950d210f", "value": "198.54.114.136" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185163", "to_ids": true, "type": "url", "uuid": "5a60732b-0880-4864-b32f-23ef950d210f", "value": "http://mikeylinehan.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185163", "to_ids": true, "type": "hostname", "uuid": "5a60732c-4708-4227-afea-c458950d210f", "value": "mikeylinehan.com" }, { "category": "Network activity", "comment": "mikeylinehan.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185164", "to_ids": false, "type": "ip-dst", "uuid": "5a60732e-631c-4b77-b1de-c19a950d210f", "value": "199.188.200.96" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185164", "to_ids": true, "type": "url", "uuid": "5a60732f-db14-4989-9751-2374950d210f", "value": "http://nwfpakistan.com/kjdfhg874" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185164", "to_ids": true, "type": "hostname", "uuid": "5a607332-97f8-4dba-83a1-40b6950d210f", "value": "nwfpakistan.com" }, { "category": "Network activity", "comment": "nwfpakistan.com", "deleted": false, "disable_correlation": false, "timestamp": "1518185165", "to_ids": false, "type": "ip-dst", "uuid": "5a607333-8a2c-4f06-8fac-2374950d210f", "value": "199.188.200.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185165", "to_ids": true, "type": "url", "uuid": "5a607335-fed4-49e2-9ba2-4bab950d210f", "value": "https://topyzscsu5poprxy.onion.link/shfgealjh.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185166", "to_ids": true, "type": "hostname", "uuid": "5a607337-cd64-4559-ac36-c19a950d210f", "value": "topyzscsu5poprxy.onion.link" }, { "category": "Network activity", "comment": "topyzscsu5poprxy.onion.link", "deleted": false, "disable_correlation": false, "timestamp": "1518185166", "to_ids": false, "type": "ip-dst", "uuid": "5a60733a-86fc-40bc-bdb3-4a47950d210f", "value": "103.198.0.2" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185166", "to_ids": true, "type": "url", "uuid": "5a60733e-6e5c-4412-a178-23ef950d210f", "value": "http://psoeiras.net/js/count.php?nu=105&fb=110" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1518185167", "to_ids": true, "type": "hostname", "uuid": "5a607341-4fe0-4787-91c9-2374950d210f", "value": "psoeiras.net" }, { "category": "Network activity", "comment": "psoeiras.net", "deleted": false, "disable_correlation": false, "timestamp": "1518185167", "to_ids": false, "type": "ip-dst", "uuid": "5a607344-2af4-489e-acc7-c458950d210f", "value": "74.220.219.67" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "7", "timestamp": "1518185170", "uuid": "bdc7129f-87b1-4e53-bbd4-1d6a7e5925ca", "ObjectReference": [ { "comment": "", "object_uuid": "bdc7129f-87b1-4e53-bbd4-1d6a7e5925ca", "referenced_uuid": "fc74519e-6797-4d09-93bb-7a68e74f5bd6", "relationship_type": "analysed-with", "timestamp": "1518771555", "uuid": "5a7daad3-84fc-48f0-b391-575d02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1518185168", "to_ids": true, "type": "sha1", "uuid": "5a7daad0-a26c-462c-b64d-575d02de0b81", "value": "28be65219441d78399027aa42c9cc7456ee67130" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1518185168", "to_ids": true, "type": "sha256", "uuid": "5a7daad0-8098-4265-bc0e-575d02de0b81", "value": "c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1518185169", "to_ids": true, "type": "md5", "uuid": "5a7daad1-e3d8-446b-9b9a-575d02de0b81", "value": "b0ee9dae7de7781ea809278c48c310a5" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "1", "timestamp": "1518185169", "uuid": "fc74519e-6797-4d09-93bb-7a68e74f5bd6", "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1518185169", "to_ids": false, "type": "link", "uuid": "5a7daad1-ef50-4bbd-a1be-575d02de0b81", "value": "https://www.virustotal.com/file/c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8/analysis/1517873959/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1518185170", "to_ids": false, "type": "text", "uuid": "5a7daad2-1dec-40ce-9e49-575d02de0b81", "value": "53/67" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1518185170", "to_ids": false, "type": "datetime", "uuid": "5a7daad2-a578-4c03-a376-575d02de0b81", "value": "2018-02-05T23:39:19" } ] } ] } }