{ "Event": { "analysis": "1", "date": "2017-09-25", "extends_uuid": "", "info": "M2M - Locky 2017-09-25 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"", "publish_timestamp": "1506344285", "published": true, "threat_level_id": "3", "timestamp": "1506344280", "uuid": "59c8f958-be58-46da-8a21-4c5f950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": "0", "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "md5", "uuid": "59c8f959-ac8c-4e13-936e-9b1f950d210f", "value": "8dbdd9122dadc54f21747cc4f0ab267c" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f959-481c-4f85-a01f-4dd9950d210f", "value": "http://artplast.uz/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f959-cd48-45c3-8d58-4c5f950d210f", "value": "artplast.uz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f977-c8b4-4c61-ba89-4c64950d210f", "value": "http://asesoreszapico.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f978-11f8-4997-8f83-4d7e950d210f", "value": "asesoreszapico.com" }, { "category": "Network activity", "comment": "asesoreszapico.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f978-9e6c-4301-9e45-4ad5950d210f", "value": "212.89.16.142" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f978-e850-40fd-85eb-9dc2950d210f", "value": "http://asheardontheradiogreens.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f978-557c-42cb-8552-4dd6950d210f", "value": "asheardontheradiogreens.com" }, { "category": "Network activity", "comment": "asheardontheradiogreens.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f979-6138-4c7c-9cbc-4137950d210f", "value": "199.30.241.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f979-2bec-4e95-9bee-4bf6950d210f", "value": "http://audio-pa-service.de/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f979-e378-452d-9637-408a950d210f", "value": "audio-pa-service.de" }, { "category": "Network activity", "comment": "audio-pa-service.de", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f979-1298-4b34-a5e9-4c2f950d210f", "value": "81.169.244.233" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f97a-7670-41df-976e-4c5f950d210f", "value": "http://augsburger-maerchentheater.de/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f97a-7130-4898-874b-9dc2950d210f", "value": "augsburger-maerchentheater.de" }, { "category": "Network activity", "comment": "augsburger-maerchentheater.de", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f97c-71e0-45cf-a3a3-4c64950d210f", "value": "94.102.214.231" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f97c-cc4c-44b9-a834-4c2f950d210f", "value": "http://auto-ecole-prudence.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f97c-450c-41b9-b8f9-9b1f950d210f", "value": "auto-ecole-prudence.com" }, { "category": "Network activity", "comment": "auto-ecole-prudence.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f97c-07cc-4b9d-b850-4214950d210f", "value": "193.227.248.247" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f97d-28d0-4993-bb4b-42ad950d210f", "value": "http://automattenonline.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f97d-4d8c-4f56-94c2-45f8950d210f", "value": "automattenonline.com" }, { "category": "Network activity", "comment": "automattenonline.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f97d-4cbc-422c-bc56-4bcd950d210f", "value": "149.210.129.109" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f97d-7e08-4283-a747-4bf6950d210f", "value": "http://awoodshop.net/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f97e-e30c-41cd-926e-4678950d210f", "value": "awoodshop.net" }, { "category": "Network activity", "comment": "awoodshop.net", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f97e-8c5c-495e-b382-9b1f950d210f", "value": "72.32.177.50" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f97e-e88c-4032-849d-4c5f950d210f", "value": "http://azimuth.com.pt/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f97e-2678-46af-8143-9dc2950d210f", "value": "azimuth.com.pt" }, { "category": "Network activity", "comment": "azimuth.com.pt", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f97f-1d84-4154-b141-9b8f950d210f", "value": "80.172.241.36" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f980-4d24-4b52-a6b8-45dd950d210f", "value": "http://baburkuyumculuk.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f980-1a10-449c-8ff4-4db4950d210f", "value": "baburkuyumculuk.com" }, { "category": "Network activity", "comment": "baburkuyumculuk.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f980-3d88-4246-80ef-4f5e950d210f", "value": "213.142.143.191" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f980-130c-4261-ade3-454a950d210f", "value": "http://bagnolipisa.it/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f980-2a50-4b1a-8267-9dc2950d210f", "value": "bagnolipisa.it" }, { "category": "Network activity", "comment": "bagnolipisa.it", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f981-bd88-4432-b8c1-4c2f950d210f", "value": "77.72.25.23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "url", "uuid": "59c8f981-d878-4b0d-8f17-4075950d210f", "value": "http://barberomudanzas.com/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f981-1400-44b1-b1ed-4df4950d210f", "value": "barberomudanzas.com" }, { "category": "Network activity", "comment": "barberomudanzas.com", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "ip-dst", "uuid": "59c8f981-0550-4d85-b6e3-44da950d210f", "value": "188.93.75.198" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344188", "to_ids": true, "type": "url", "uuid": "59c8f982-981c-4dbb-a0e5-4797950d210f", "value": "http://bor.uz/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "hostname", "uuid": "59c8f982-7b54-4776-921a-9dc2950d210f", "value": "bor.uz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344188", "to_ids": true, "type": "url", "uuid": "59c8f988-7a04-42bb-a64e-4241950d210f", "value": "http://tertrodefordown.info/af/YTkjdJH7w1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1506344188", "to_ids": true, "type": "hostname", "uuid": "59c8f989-aeec-4911-a6f0-4f1a950d210f", "value": "tertrodefordown.info" }, { "category": "Network activity", "comment": "tertrodefordown.info", "deleted": false, "disable_correlation": false, "timestamp": "1506344188", "to_ids": false, "type": "ip-dst", "uuid": "59c8f98c-1ecc-45fc-a30f-40f3950d210f", "value": "49.51.36.73" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "sha256", "uuid": "59c8fcfd-834c-42e6-862e-403d02de0b81", "value": "b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": true, "type": "sha1", "uuid": "59c8fcfd-39fc-469c-bdaf-4d5802de0b81", "value": "7f07f3b5ba830d55822f75836f0bbbe0ef579256" }, { "category": "External analysis", "comment": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c", "deleted": false, "disable_correlation": false, "timestamp": "1506344189", "to_ids": false, "type": "link", "uuid": "59c8fcfd-6024-4980-ba2c-4fe102de0b81", "value": "https://www.virustotal.com/file/b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a/analysis/1506338916/" } ] } }