{ "Event": { "analysis": "2", "date": "2016-05-23", "extends_uuid": "", "info": "Locky of the day (20160520)", "publish_timestamp": "1463984552", "published": true, "threat_level_id": "3", "timestamp": "1463984507", "uuid": "5742a093-4190-414a-8a36-4c8d950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1463984312", "to_ids": true, "type": "hostname", "uuid": "5742a0b8-25d0-4320-a7aa-4755950d210f", "value": "staffsolut.nichost.ru" }, { "category": "Network activity", "comment": "Enriched via the circl_passivedns module", "deleted": false, "disable_correlation": false, "timestamp": "1463984336", "to_ids": true, "type": "ip-dst", "uuid": "5742a0d0-b7fc-45f5-a82a-3309950d210f", "value": "195.208.1.146" }, { "category": "Payload delivery", "comment": "msg0008040339157.docm", "deleted": false, "disable_correlation": false, "timestamp": "1463984415", "to_ids": true, "type": "md5", "uuid": "5742a11f-2c44-46d1-983d-4260950d210f", "value": "0b3323531a322c89aa4c9059a1b215a7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1463984433", "to_ids": true, "type": "ssdeep", "uuid": "5742a131-8d48-4c73-91ff-4b80950d210f", "value": "1536:3DnCkuBxIKKiuyYuAkbWPU74MimdaaGYIpTFRa:zCGKgyYuAEWPbM5aaGBpZI" }, { "category": "Payload delivery", "comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7", "deleted": false, "disable_correlation": false, "timestamp": "1463984507", "to_ids": true, "type": "sha256", "uuid": "5742a17b-d064-4742-9332-40da02de0b81", "value": "ed44bde7c63f0d65b0f2fdc64aedb002e8e9c6ce90caef1835f558a036cf4b90" }, { "category": "Payload delivery", "comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7", "deleted": false, "disable_correlation": false, "timestamp": "1463984507", "to_ids": true, "type": "sha1", "uuid": "5742a17b-3cb8-42d5-a9f2-445102de0b81", "value": "1575f0f495e566c768d67dd188ff84ce3eb7952c" }, { "category": "External analysis", "comment": "msg0008040339157.docm - Xchecked via VT: 0b3323531a322c89aa4c9059a1b215a7", "deleted": false, "disable_correlation": false, "timestamp": "1463984507", "to_ids": false, "type": "link", "uuid": "5742a17b-e188-4e69-9705-4c1102de0b81", "value": "https://www.virustotal.com/file/ed44bde7c63f0d65b0f2fdc64aedb002e8e9c6ce90caef1835f558a036cf4b90/analysis/1463766071/" } ] } }