{ "Event": { "analysis": "1", "date": "2017-10-10", "extends_uuid": "", "info": "M2M - Locky Affid=3, \"asasin\" / Trickbot \"mac1\" 2017-10-10 : \"Status of invoice A2171234-56\" - \"A2171234-56.html\"", "publish_timestamp": "1507830327", "published": true, "threat_level_id": "3", "timestamp": "1507830166", "uuid": "59dce1ec-b998-42ad-ba4f-48a4950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#006c6c", "name": "ecsirt:malicious-code=\"ransomware\"" }, { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Locky\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"Trick Bot\"" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "md5", "uuid": "59dce1ed-5068-4bb6-ae81-88d9950d210f", "value": "a85fa294fa2d4d48565cd78b4950695d" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "md5", "uuid": "59dce1ed-5884-4f7f-9514-40f7950d210f", "value": "554a8eabcb28deeb57d70a3c1d6c3a5d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1ed-9cd4-4502-bdd0-2dd8950d210f", "value": "http://haproprab.net/js/*" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "hostname", "uuid": "59dce1ee-3604-4fcc-8698-8864950d210f", "value": "haproprab.net" }, { "category": "Network activity", "comment": "haproprab.net", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1ee-55a0-4080-8e5d-4451950d210f", "value": "49.51.134.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1ee-0ca4-4f87-801f-4d49950d210f", "value": "http://yamanashi-jyujin.jp/l0.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "hostname", "uuid": "59dce1ee-da50-4838-9947-86c4950d210f", "value": "yamanashi-jyujin.jp" }, { "category": "Network activity", "comment": "yamanashi-jyujin.jp", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1ef-9a6c-4720-b747-8751950d210f", "value": "180.222.185.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1ef-5f64-4c61-abf5-48c0950d210f", "value": "http://smi-wi.com/l0.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "hostname", "uuid": "59dce1ef-5664-4fd4-9223-88d9950d210f", "value": "smi-wi.com" }, { "category": "Network activity", "comment": "smi-wi.com", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f0-0134-47a1-bdeb-4f44950d210f", "value": "72.52.195.204" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1f0-51a8-43ff-96d9-88a8950d210f", "value": "http://qxr33qxr.com/b0.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "hostname", "uuid": "59dce1f0-3878-46ff-9f53-2dd8950d210f", "value": "qxr33qxr.com" }, { "category": "Network activity", "comment": "qxr33qxr.com", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f1-bf80-4f79-9f29-8864950d210f", "value": "67.210.102.240" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1f1-5920-4d31-8770-4099950d210f", "value": "http://mtblanc-let.co.uk/b0.exe" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "hostname", "uuid": "59dce1f1-b9a4-4399-a3df-465f950d210f", "value": "mtblanc-let.co.uk" }, { "category": "Network activity", "comment": "mtblanc-let.co.uk", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f1-48fc-42cd-9241-86c4950d210f", "value": "217.199.175.27" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": true, "type": "url", "uuid": "59dce1f2-e3c4-4a33-9993-8928950d210f", "value": "http://haproprab.net/eroorrrs" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f2-2c5c-4b69-bed3-4555950d210f", "value": "91.83.88.51" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f2-5430-4e13-abe2-4cf7950d210f", "value": "46.237.117.193" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f2-5704-4cf0-b1b7-48a7950d210f", "value": "79.170.7.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f3-c030-49ca-8680-2dd8950d210f", "value": "41.57.103.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f3-b044-494d-b1f5-882b950d210f", "value": "196.202.194.202" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f3-b708-42b2-aa22-8864950d210f", "value": "46.20.56.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f3-4aa4-48d8-b1f5-4e89950d210f", "value": "176.120.126.21" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f4-ddb0-4809-af2c-426a950d210f", "value": "91.239.249.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f4-b930-4908-832d-86c4950d210f", "value": "194.87.103.184" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f4-19ec-4e92-ab91-8928950d210f", "value": "92.63.102.64" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f4-8ec4-40ec-8803-2fc8950d210f", "value": "194.87.238.53" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f5-6bac-4868-8c1b-878f950d210f", "value": "92.63.102.159" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f5-7e64-4081-8e0b-8751950d210f", "value": "194.87.232.219" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f5-bc8c-441f-a2d8-4150950d210f", "value": "149.154.69.70" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f6-a098-4022-83b5-88d9950d210f", "value": "78.24.223.153" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f6-3e54-4802-ad22-47f3950d210f", "value": "194.87.92.207" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f6-bcb0-4147-bd09-47d9950d210f", "value": "194.87.94.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f7-79c4-4b32-92c8-2dd8950d210f", "value": "195.133.147.238" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f7-0c7c-4db1-a96b-882b950d210f", "value": "62.109.15.132" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f7-15d4-473c-8767-88a8950d210f", "value": "194.87.236.240" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f7-5fbc-4033-8810-4e37950d210f", "value": "62.109.6.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f8-069c-4aa2-8cc6-468d950d210f", "value": "149.154.69.47" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f8-8278-4898-8735-431c950d210f", "value": "82.146.47.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f8-612c-40b0-832f-8928950d210f", "value": "78.24.216.250" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f8-9778-4d26-9d0e-2fc8950d210f", "value": "82.146.56.218" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830159", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f8-d3a8-4521-ad5f-8751950d210f", "value": "185.159.131.198" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f9-d490-465a-8e0f-88d9950d210f", "value": "194.87.146.32" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f9-5ef4-463a-9681-4185950d210f", "value": "5.133.179.77" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f9-012c-4a8e-a8a4-2dd8950d210f", "value": "94.242.224.214" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1f9-0958-44ea-9c34-88a8950d210f", "value": "194.87.92.242" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1fa-4cec-484d-8f70-8864950d210f", "value": "195.133.146.236" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "ip-dst", "uuid": "59dce1fa-4d8c-488c-9ad6-4b09950d210f", "value": "193.124.117.238" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": true, "type": "sha256", "uuid": "59dfa990-1d08-410c-9aa9-36f102de0b81", "value": "aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": true, "type": "sha1", "uuid": "59dfa990-2bd4-419c-a817-36f102de0b81", "value": "47dde438bfb84ef917b8beadf5fde3f0f503c013" }, { "category": "External analysis", "comment": "- Xchecked via VT: 554a8eabcb28deeb57d70a3c1d6c3a5d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "link", "uuid": "59dfa990-de4c-4dcd-852f-36f102de0b81", "value": "https://www.virustotal.com/file/aace7044f2f3cd7bb109a2e5d494ac86d952e0eaa13ce8d6abd7e4744f2ede10/analysis/1507712630/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": true, "type": "sha256", "uuid": "59dfa990-22d4-41bc-aeaf-36f102de0b81", "value": "10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": true, "type": "sha1", "uuid": "59dfa990-dd38-4234-baa7-36f102de0b81", "value": "0db85dd510c03b3642bd7d1f214bade1a2574106" }, { "category": "External analysis", "comment": "- Xchecked via VT: a85fa294fa2d4d48565cd78b4950695d", "deleted": false, "disable_correlation": false, "timestamp": "1507830160", "to_ids": false, "type": "link", "uuid": "59dfa990-db78-4b97-a870-36f102de0b81", "value": "https://www.virustotal.com/file/10bed3e54c61088d5dc0d1be55da154efbcb32130ebf228e446fc97f5787e7a0/analysis/1507712666/" } ] } }