{ "Event": { "analysis": "1", "date": "2017-09-20", "extends_uuid": "", "info": "M2M - Locky 2017-09-19 : Affid=3, offline, \".ykcol\" : \"HERBALIFE Order Number: 6N01001234\" - \"6N01001234_1.7z\"", "publish_timestamp": "1506339973", "published": true, "threat_level_id": "3", "timestamp": "1505998199", "uuid": "59c28fd3-6c10-44dd-b40d-46f5950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "md5", "uuid": "59c28fd3-8ba4-43a7-9788-466a950d210f", "value": "bab4aa0cb4904865dc247c8e78fd0eca" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd4-bb34-41d4-8cad-4cb1950d210f", "value": "http://arsmakina.org/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd4-41fc-4142-9754-43f9950d210f", "value": "arsmakina.org" }, { "category": "Network activity", "comment": "arsmakina.org", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd4-f6b4-41c8-8cb2-79d3950d210f", "value": "77.245.149.146" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd5-fe78-47ad-b1bf-4bc5950d210f", "value": "http://asiaresearchcenter.org/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd5-febc-402b-8871-4f83950d210f", "value": "asiaresearchcenter.org" }, { "category": "Network activity", "comment": "asiaresearchcenter.org", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd5-42dc-484a-81e5-792e950d210f", "value": "68.168.111.133" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd6-59ac-4244-8684-44b9950d210f", "value": "http://bnphealthcare.com/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd6-46bc-494d-a2aa-4156950d210f", "value": "bnphealthcare.com" }, { "category": "Network activity", "comment": "bnphealthcare.com", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd6-a4d4-442e-a8de-4425950d210f", "value": "202.169.44.152" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd6-73ec-446f-b8f9-4d2b950d210f", "value": "http://conxibit.com/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd6-ef6c-40ed-81df-4e5c950d210f", "value": "conxibit.com" }, { "category": "Network activity", "comment": "conxibit.com", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd8-a7dc-4549-a64e-4461950d210f", "value": "175.107.146.17" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd8-6c4c-4811-a395-4ee8950d210f", "value": "http://cxwebdesign.de/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd8-01e8-4676-b4d8-4147950d210f", "value": "cxwebdesign.de" }, { "category": "Network activity", "comment": "cxwebdesign.de", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd9-33b0-4265-9005-4016950d210f", "value": "88.99.175.38" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd9-be7c-4cb1-be22-44b8950d210f", "value": "http://diakoniestation-winnenden.de/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fd9-7124-4825-8594-79d3950d210f", "value": "diakoniestation-winnenden.de" }, { "category": "Network activity", "comment": "diakoniestation-winnenden.de", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fd9-ad38-4ab2-8311-43e5950d210f", "value": "213.185.88.41" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fd9-cf9c-4fcb-adb9-4e96950d210f", "value": "http://download.justowin.it/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fda-a638-4d40-b7e3-46fe950d210f", "value": "download.justowin.it" }, { "category": "Network activity", "comment": "download.justowin.it", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fda-8eb8-43be-b992-4087950d210f", "value": "95.110.225.147" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fda-ebf4-4157-afbc-472e950d210f", "value": "http://ecofloraholland.nl/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fda-16b8-4c50-9b74-4294950d210f", "value": "ecofloraholland.nl" }, { "category": "Network activity", "comment": "ecofloraholland.nl", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fda-c080-4286-b46d-4ea9950d210f", "value": "195.160.216.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdb-37a8-47f5-b617-4306950d210f", "value": "http://felixsolis.mobi/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdb-d628-4a04-8b8f-4ec3950d210f", "value": "felixsolis.mobi" }, { "category": "Network activity", "comment": "felixsolis.mobi", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fdb-f510-45c5-b667-47d8950d210f", "value": "5.2.27.27" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdb-cecc-4077-aa9a-48dd950d210f", "value": "http://foodbikers.ch/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdc-4dd8-47cb-8b8e-4096950d210f", "value": "foodbikers.ch" }, { "category": "Network activity", "comment": "foodbikers.ch", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fdc-ee24-4582-b8d6-41e4950d210f", "value": "83.169.23.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdc-4a3c-442f-a1c9-4d9f950d210f", "value": "http://g-peer.at/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdc-0a6c-4d38-afb5-4823950d210f", "value": "g-peer.at" }, { "category": "Network activity", "comment": "g-peer.at", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fdd-9334-4001-b567-400f950d210f", "value": "217.172.186.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdd-4bcc-4cd8-8828-4bcb950d210f", "value": "http://gui-design.de/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdd-5608-4b60-9b00-79d3950d210f", "value": "gui-design.de" }, { "category": "Network activity", "comment": "gui-design.de", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fde-27b4-4b97-816b-4465950d210f", "value": "92.51.181.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fde-e510-434b-b2db-44e0950d210f", "value": "http://highpressurewelding.co.uk/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fde-3ba8-4491-ac76-43b2950d210f", "value": "highpressurewelding.co.uk" }, { "category": "Network activity", "comment": "highpressurewelding.co.uk", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fde-a200-4fb2-9abf-4c35950d210f", "value": "91.192.195.51" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdf-db5c-497d-872a-4206950d210f", "value": "http://housecafe-essen.de/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdf-f044-4445-98a4-4db9950d210f", "value": "housecafe-essen.de" }, { "category": "Network activity", "comment": "housecafe-essen.de", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fdf-766c-4c52-aaa1-482d950d210f", "value": "178.77.96.238" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fdf-106c-435e-b859-4738950d210f", "value": "http://isiquest1.com/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "hostname", "uuid": "59c28fdf-a3fc-4d7a-a25d-47bd950d210f", "value": "isiquest1.com" }, { "category": "Network activity", "comment": "isiquest1.com", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "ip-dst", "uuid": "59c28fe0-4f58-45dd-9831-47e3950d210f", "value": "178.33.107.201" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "url", "uuid": "59c28fe0-1dac-430b-9928-43e9950d210f", "value": "http://secureleads.com/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "hostname", "uuid": "59c28fe0-3b24-4da5-8804-4f60950d210f", "value": "secureleads.com" }, { "category": "Network activity", "comment": "secureleads.com", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": false, "type": "ip-dst", "uuid": "59c28fe1-7084-4a60-87c1-4997950d210f", "value": "72.32.221.251" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "url", "uuid": "59c28fe1-a2e0-4973-9b30-4dff950d210f", "value": "http://teracom.co.id/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "hostname", "uuid": "59c28fe1-94e8-462c-8c7a-414b950d210f", "value": "teracom.co.id" }, { "category": "Network activity", "comment": "teracom.co.id", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": false, "type": "ip-dst", "uuid": "59c28fe2-d2d0-48ef-bad8-4170950d210f", "value": "202.169.44.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "url", "uuid": "59c28fe2-a7ec-4706-8796-4c56950d210f", "value": "http://ycgrp.jp/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "hostname", "uuid": "59c28fe2-4760-4551-b578-4ba3950d210f", "value": "ycgrp.jp" }, { "category": "Network activity", "comment": "ycgrp.jp", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": false, "type": "ip-dst", "uuid": "59c28fe3-e500-4f9a-b3b6-49c8950d210f", "value": "180.222.186.87" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "url", "uuid": "59c28fe3-bbd0-4544-9e02-4fa7950d210f", "value": "http://zionbrand.su/p66/JGHldb03m" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "hostname", "uuid": "59c28fe4-461c-43e1-999a-49e2950d210f", "value": "zionbrand.su" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1505998167", "to_ids": true, "type": "hostname", "uuid": "59c28fe4-0830-4425-afd3-4341950d210f", "value": "hrbl.net" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "sha256", "uuid": "59c3b558-f720-4aee-b3c6-4d9902de0b81", "value": "43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": true, "type": "sha1", "uuid": "59c3b558-c50c-4248-a6ff-4bdc02de0b81", "value": "3a2cc64eb0060a0ba7251b723b33441431705d2d" }, { "category": "External analysis", "comment": "- Xchecked via VT: bab4aa0cb4904865dc247c8e78fd0eca", "deleted": false, "disable_correlation": false, "timestamp": "1505998168", "to_ids": false, "type": "link", "uuid": "59c3b558-7b00-4f56-a40b-4c0202de0b81", "value": "https://www.virustotal.com/file/43d61bee5ee1ca77d2339d00b69b3675425714598e2b1c81f5351fb1166ab8ca/analysis/1505860831/" } ] } }