{ "Event": { "analysis": "1", "date": "2017-11-09", "extends_uuid": "", "info": "M2M - Locky Affid=3, \".asasin\" 2017-11-01 : \"Emailing: AZ123 - 01.11.2017\" - \"AZ123 - 01.11.2017.doc\"", "publish_timestamp": "1510260967", "published": true, "threat_level_id": "3", "timestamp": "1510259437", "uuid": "5a044fae-c0b0-45d4-8f7e-75a9950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#006c6c", "name": "ecsirt:malicious-code=\"ransomware\"" }, { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Locky\"" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259431", "to_ids": true, "type": "md5", "uuid": "5a044faf-1740-49d9-81ba-cdab950d210f", "value": "9280a952e5ff85d8f67bf71f590d00ac" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259431", "to_ids": true, "type": "md5", "uuid": "5a044faf-54f4-4491-b99f-4123950d210f", "value": "081940b655e22f06ba067fd09467b215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259431", "to_ids": true, "type": "url", "uuid": "5a044fb0-a288-45d1-9725-991b950d210f", "value": "http://apply.pam-innovation.com/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259431", "to_ids": true, "type": "hostname", "uuid": "5a044fb0-a498-4bd8-ab13-425d950d210f", "value": "apply.pam-innovation.com" }, { "category": "Network activity", "comment": "apply.pam-innovation.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259431", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb0-6290-4e2b-bc0a-cdab950d210f", "value": "202.129.207.71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb1-d70c-44bb-9573-4169950d210f", "value": "http://ist-profy.ru/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb1-09f4-4c61-a3a5-4d5e950d210f", "value": "ist-profy.ru" }, { "category": "Network activity", "comment": "ist-profy.ru", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb1-ee0c-4fb5-a145-42e7950d210f", "value": "90.156.144.159" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb1-2d68-4677-ac89-cda3950d210f", "value": "http://localesynavesalquiler.com/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb1-4278-4910-a2ee-cd7d950d210f", "value": "localesynavesalquiler.com" }, { "category": "Network activity", "comment": "localesynavesalquiler.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb2-8a28-4317-8b1e-cd35950d210f", "value": "91.142.213.150" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb2-9178-468b-a6f4-717b950d210f", "value": "http://lopezfranco.com/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb2-6970-4667-be0d-4a7f950d210f", "value": "lopezfranco.com" }, { "category": "Network activity", "comment": "lopezfranco.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb3-ec34-4aee-a8cc-4a40950d210f", "value": "89.140.72.153" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb3-c344-4a32-aff8-cd7d950d210f", "value": "http://spooner-motorsport.com/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb3-5620-4538-9949-cdab950d210f", "value": "spooner-motorsport.com" }, { "category": "Network activity", "comment": "spooner-motorsport.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb3-11f0-49a0-a962-4886950d210f", "value": "77.72.150.42" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb3-4aac-4822-bfe8-49a1950d210f", "value": "http://zahntechnik-imlau.de/djhvg3674f343" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb4-924c-4f29-93e8-991b950d210f", "value": "zahntechnik-imlau.de" }, { "category": "Network activity", "comment": "zahntechnik-imlau.de", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb4-3848-41bf-96bd-474a950d210f", "value": "185.138.24.185" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb4-9cf8-4fdd-8f52-cd7d950d210f", "value": "http://dvprojekt.hr/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb4-34a0-41e8-af8b-43c0950d210f", "value": "dvprojekt.hr" }, { "category": "Network activity", "comment": "dvprojekt.hr", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb5-9eb0-4dcb-b43b-4214950d210f", "value": "213.202.100.90" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb5-fd40-4d1c-8fd5-991b950d210f", "value": "http://fuettern24.de/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb5-9624-413b-a55f-41ad950d210f", "value": "fuettern24.de" }, { "category": "Network activity", "comment": "fuettern24.de", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb5-442c-4309-8df0-cdb1950d210f", "value": "176.28.9.111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb5-80fc-4cd0-acfc-43f5950d210f", "value": "http://pciholog.ru/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb6-de14-4a74-9cf2-4f68950d210f", "value": "pciholog.ru" }, { "category": "Network activity", "comment": "pciholog.ru", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb6-6590-4067-98e9-4ddc950d210f", "value": "89.253.235.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb6-66cc-4a89-91a8-cda3950d210f", "value": "http://3overpar.com/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb6-a04c-46df-a166-4317950d210f", "value": "3overpar.com" }, { "category": "Network activity", "comment": "3overpar.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb7-64e4-4314-acfc-4ef0950d210f", "value": "98.124.251.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb7-d03c-44af-a1b3-4316950d210f", "value": "http://first-paris-properties.com/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb7-6770-46e6-9bcb-4b36950d210f", "value": "first-paris-properties.com" }, { "category": "Network activity", "comment": "first-paris-properties.com", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb7-2d3c-446d-b59a-cda3950d210f", "value": "151.80.157.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb7-090c-4132-a448-cd7d950d210f", "value": "http://mercurysound.es/Omnnd64335" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb8-e9d8-4d64-87a0-cdab950d210f", "value": "mercurysound.es" }, { "category": "Network activity", "comment": "mercurysound.es", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "ip-dst", "uuid": "5a044fb8-ab5c-4761-956c-75a9950d210f", "value": "149.62.173.10" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fb8-21b4-4f97-9b23-cc6f950d210f", "value": "http://heckhegrijus.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "hostname", "uuid": "5a044fb8-1790-4307-81a4-4e67950d210f", "value": "heckhegrijus.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "url", "uuid": "5a044fd7-53f0-4220-b8fe-cdb4950d210f", "value": "http://kvonline" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "sha256", "uuid": "5a04bae8-5cd8-4824-810c-4ab102de0b81", "value": "1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": true, "type": "sha1", "uuid": "5a04bae8-1fb0-4d87-a54a-4b0e02de0b81", "value": "69df47a405d55b935cc0d53ccd54c0a8f9067f36" }, { "category": "External analysis", "comment": "- Xchecked via VT: 081940b655e22f06ba067fd09467b215", "deleted": false, "disable_correlation": false, "timestamp": "1510259432", "to_ids": false, "type": "link", "uuid": "5a04bae8-a9f8-4bc1-88b2-409d02de0b81", "value": "https://www.virustotal.com/file/1b087b85b0f1c2b14dfa1b9c82004de598903a89a76af49ee4c4eed03bfefe24/analysis/1509675596/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac", "deleted": false, "disable_correlation": false, "timestamp": "1510259433", "to_ids": true, "type": "sha256", "uuid": "5a04bae9-e030-4c7e-a163-447602de0b81", "value": "411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac", "deleted": false, "disable_correlation": false, "timestamp": "1510259433", "to_ids": true, "type": "sha1", "uuid": "5a04bae9-48e8-4cb5-8358-4b6902de0b81", "value": "b9b508e6defc4f25d48b75d076311e15b81cb8b4" }, { "category": "External analysis", "comment": "- Xchecked via VT: 9280a952e5ff85d8f67bf71f590d00ac", "deleted": false, "disable_correlation": false, "timestamp": "1510259433", "to_ids": false, "type": "link", "uuid": "5a04bae9-e8c4-4e3e-b4ee-48c602de0b81", "value": "https://www.virustotal.com/file/411510e651f5a3b8687d8e20b492d187f37032d57e3480c9a9a15104516de2a1/analysis/1510167318/" } ] } }