{ "Event": { "analysis": "2", "date": "2015-11-05", "extends_uuid": "", "info": "OSINT CryptoWall v4 Emerges Days After Cyber Threat Alliance Report by Palo Alto Networks Unit 42", "publish_timestamp": "1447223861", "published": true, "threat_level_id": "3", "timestamp": "1447223857", "uuid": "564264fe-1794-4894-878f-68b5950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191826", "to_ids": false, "type": "link", "uuid": "56426512-800c-4695-b9a4-cf48950d210b", "value": "http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-after-cyber-threat-alliance-report/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191864", "to_ids": true, "type": "sha256", "uuid": "56426538-dc54-419e-94e4-cf3d950d210b", "value": "4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191864", "to_ids": true, "type": "url", "uuid": "56426538-1ed4-4fdb-95e1-cf3d950d210b", "value": "http://46.30.43.183/syria.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191865", "to_ids": true, "type": "url", "uuid": "56426539-c1a0-47e5-b39a-cf3d950d210b", "value": "http://46.30.45.110/analitics.exe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191865", "to_ids": true, "type": "sha256", "uuid": "56426539-9bac-49fa-83ea-cf3d950d210b", "value": "3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191866", "to_ids": true, "type": "sha256", "uuid": "5642653a-1060-4d38-bab5-cf3d950d210b", "value": "299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191866", "to_ids": true, "type": "sha256", "uuid": "5642653a-c194-498d-b7a9-cf3d950d210b", "value": "3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191866", "to_ids": true, "type": "sha256", "uuid": "5642653a-5f54-4f76-ac40-cf3d950d210b", "value": "9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191867", "to_ids": true, "type": "sha256", "uuid": "5642653b-a50c-48d3-b84f-cf3d950d210b", "value": "2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191867", "to_ids": true, "type": "sha256", "uuid": "5642653b-5a60-4a20-a1bd-cf3d950d210b", "value": "41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191868", "to_ids": true, "type": "sha256", "uuid": "5642653c-92d8-4e82-a9d5-cf3d950d210b", "value": "bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191868", "to_ids": true, "type": "sha256", "uuid": "5642653c-a478-4416-80f8-cf3d950d210b", "value": "dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191868", "to_ids": true, "type": "sha256", "uuid": "5642653c-a510-45ad-981e-cf3d950d210b", "value": "4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191869", "to_ids": true, "type": "ip-dst", "uuid": "5642653d-ca54-4c85-93d5-cf3d950d210b", "value": "46.30.43.183" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447191869", "to_ids": true, "type": "ip-dst", "uuid": "5642653d-bddc-458a-b158-cf3d950d210b", "value": "46.30.45.110" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d", "deleted": false, "disable_correlation": false, "timestamp": "1447223423", "to_ids": true, "type": "sha1", "uuid": "5642e07f-d140-4b5d-817c-cf3c950d210b", "value": "2f687a620b12db374de7d1c3bb8905fc764b5c0a" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d", "deleted": false, "disable_correlation": false, "timestamp": "1447223424", "to_ids": true, "type": "md5", "uuid": "5642e080-2aa0-43a3-87be-cf3c950d210b", "value": "d6b64f2be383a9d26bd6f2e7dad3399f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223424", "to_ids": false, "type": "link", "uuid": "5642e080-1640-409d-baa9-cf3c950d210b", "value": "https://www.virustotal.com/file/4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d/analysis/1446585480/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2", "deleted": false, "disable_correlation": false, "timestamp": "1447223424", "to_ids": true, "type": "sha1", "uuid": "5642e080-97b4-49b5-bb62-cf3c950d210b", "value": "17564218c2127ef7c88754333598d4549ead35ea" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2", "deleted": false, "disable_correlation": false, "timestamp": "1447223425", "to_ids": true, "type": "md5", "uuid": "5642e081-887c-4d00-8111-cf3c950d210b", "value": "d67af2c69617081f73b9c6df543c908f" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223425", "to_ids": false, "type": "link", "uuid": "5642e081-f188-42b3-a439-cf3c950d210b", "value": "https://www.virustotal.com/file/dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2/analysis/1446822342/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2", "deleted": false, "disable_correlation": false, "timestamp": "1447223426", "to_ids": true, "type": "sha1", "uuid": "5642e082-5b40-4a76-865f-cf3c950d210b", "value": "949f1903642e72575e107ee492faba670c8e0006" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2", "deleted": false, "disable_correlation": false, "timestamp": "1447223426", "to_ids": true, "type": "md5", "uuid": "5642e082-e1ec-4a96-bc66-cf3c950d210b", "value": "5384f752e3a2b59fad9d0f143ce0215a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223426", "to_ids": false, "type": "link", "uuid": "5642e082-dda4-488c-8517-cf3c950d210b", "value": "https://www.virustotal.com/file/bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2/analysis/1447214288/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63", "deleted": false, "disable_correlation": false, "timestamp": "1447223427", "to_ids": true, "type": "sha1", "uuid": "5642e083-4564-4a15-9580-cf3c950d210b", "value": "71cdc9064c25ac7fb469c018255e0f04aa9add7a" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63", "deleted": false, "disable_correlation": false, "timestamp": "1447223427", "to_ids": true, "type": "md5", "uuid": "5642e083-1304-4ffd-9f37-cf3c950d210b", "value": "999b597cdfc10a8e960e3c24e1c51e26" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223428", "to_ids": false, "type": "link", "uuid": "5642e084-a1c0-43ae-a113-cf3c950d210b", "value": "https://www.virustotal.com/file/41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63/analysis/1446579385/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3", "deleted": false, "disable_correlation": false, "timestamp": "1447223428", "to_ids": true, "type": "sha1", "uuid": "5642e084-6028-47e0-8f86-cf3c950d210b", "value": "b38fb01ffe6fbaead77c80dbd21bb6077464b8a5" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3", "deleted": false, "disable_correlation": false, "timestamp": "1447223428", "to_ids": true, "type": "md5", "uuid": "5642e084-ceb0-4472-8409-cf3c950d210b", "value": "e28a0ed74e78e75710b0d46742e407e3" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223429", "to_ids": false, "type": "link", "uuid": "5642e085-b648-41f3-b451-cf3c950d210b", "value": "https://www.virustotal.com/file/2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3/analysis/1446996756/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804", "deleted": false, "disable_correlation": false, "timestamp": "1447223429", "to_ids": true, "type": "sha1", "uuid": "5642e085-d408-46d8-b71d-cf3c950d210b", "value": "4e1423e1404ce1d5d6536da0443074636257d0bb" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804", "deleted": false, "disable_correlation": false, "timestamp": "1447223430", "to_ids": true, "type": "md5", "uuid": "5642e086-c704-477c-8411-cf3c950d210b", "value": "faa1d566f5bd28e908a40189d83edd42" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223430", "to_ids": false, "type": "link", "uuid": "5642e086-b5f0-4fac-ac55-cf3c950d210b", "value": "https://www.virustotal.com/file/9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804/analysis/1446293167/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801", "deleted": false, "disable_correlation": false, "timestamp": "1447223430", "to_ids": true, "type": "sha1", "uuid": "5642e086-3e28-4961-b5af-cf3c950d210b", "value": "e5216e3f23ba1dfb33c45412dd96a2f87ca45dca" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801", "deleted": false, "disable_correlation": false, "timestamp": "1447223431", "to_ids": true, "type": "md5", "uuid": "5642e087-24bc-4d1e-8b9d-cf3c950d210b", "value": "e73806e3f41f61e7c7a364625cd58f65" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223431", "to_ids": false, "type": "link", "uuid": "5642e087-7b8c-4aeb-a133-cf3c950d210b", "value": "https://www.virustotal.com/file/3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801/analysis/1447151428/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223", "deleted": false, "disable_correlation": false, "timestamp": "1447223432", "to_ids": true, "type": "sha1", "uuid": "5642e088-10f4-4ebf-a354-cf3c950d210b", "value": "4dc7d878dcbbae9b37453b6874937a2bb426ddb4" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223", "deleted": false, "disable_correlation": false, "timestamp": "1447223432", "to_ids": true, "type": "md5", "uuid": "5642e088-982c-479f-8ec2-cf3c950d210b", "value": "48e4daf494e4fa2577d8fa94b7b89e35" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223433", "to_ids": false, "type": "link", "uuid": "5642e089-9bcc-47eb-ae4b-cf3c950d210b", "value": "https://www.virustotal.com/file/299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223/analysis/1446822341/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667", "deleted": false, "disable_correlation": false, "timestamp": "1447223433", "to_ids": true, "type": "sha1", "uuid": "5642e089-bd2c-4c30-8d3b-cf3c950d210b", "value": "cb5c885266840321245098aa0b9574950ab95c60" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667", "deleted": false, "disable_correlation": false, "timestamp": "1447223433", "to_ids": true, "type": "md5", "uuid": "5642e089-f7d4-4efa-b002-cf3c950d210b", "value": "274b166a39093fc87faa42a7608841d7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223434", "to_ids": false, "type": "link", "uuid": "5642e08a-eeac-48f3-83c2-cf3c950d210b", "value": "https://www.virustotal.com/file/3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667/analysis/1446293477/" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56", "deleted": false, "disable_correlation": false, "timestamp": "1447223434", "to_ids": true, "type": "sha1", "uuid": "5642e08a-537c-4208-b5a1-cf3c950d210b", "value": "65ddba4a3ffbb84875573e7442560fcfcd42c947" }, { "category": "Payload delivery", "comment": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56", "deleted": false, "disable_correlation": false, "timestamp": "1447223435", "to_ids": true, "type": "md5", "uuid": "5642e08b-6234-4dd2-b803-cf3c950d210b", "value": "50b965686ad2cbdc0066e870a928177e" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1447223435", "to_ids": false, "type": "link", "uuid": "5642e08b-a72c-421b-b5db-cf3c950d210b", "value": "https://www.virustotal.com/file/4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56/analysis/1447182903/" } ] } }