{ "Event": { "analysis": "2", "date": "2016-08-12", "extends_uuid": "", "info": "OSINT New C2 \u00e2\u20ac\u201c Neutrino Exploit Kit via pseudoDarkleech HOPTO.ORG gate delivers CrypMic Ransomware by Broad Analysis", "publish_timestamp": "1471000507", "published": true, "threat_level_id": "3", "timestamp": "1471000487", "uuid": "57adad28-ac28-49f0-b8d5-7495950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#ffffff", "name": "OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1471000309", "to_ids": false, "type": "link", "uuid": "57adaef5-bd68-4f9b-8a2e-6c4f950d210f", "value": "http://www.broadanalysis.com/2016/08/08/new-c2-neutrino-exploit-kit-via-pseudodarkleech-hopto-org-gate-delivers-crypmic-ransomware/" }, { "category": "Network activity", "comment": "Redirect GATE", "deleted": false, "disable_correlation": false, "timestamp": "1471000365", "to_ids": true, "type": "ip-dst", "uuid": "57adaf2d-c848-4a48-8ae0-7495950d210f", "value": "83.217.27.178" }, { "category": "Network activity", "comment": "Redirect GATE", "deleted": false, "disable_correlation": false, "timestamp": "1471000391", "to_ids": true, "type": "hostname", "uuid": "57adaf47-646c-469a-a6c7-7495950d210f", "value": "jkgbpsh.hopto.org" }, { "category": "Network activity", "comment": "Neutrino EK", "deleted": false, "disable_correlation": false, "timestamp": "1471000413", "to_ids": true, "type": "ip-dst", "uuid": "57adaf5d-f3a8-46f6-8efc-3297950d210f", "value": "51.254.30.225" }, { "category": "Network activity", "comment": "Neutrino EK", "deleted": false, "disable_correlation": false, "timestamp": "1471000437", "to_ids": true, "type": "hostname", "uuid": "57adaf75-8f48-4c71-9219-42f4950d210f", "value": "saveoldclinicas.propertymanager.eu.com" }, { "category": "Network activity", "comment": "Port 443 Clear text \u00e2\u20ac\u201c C2 Check-In \u00e2\u20ac\u201c POST INFECTION TRAFFIC Germany, AS24961 myLoc managed IT AG,", "deleted": false, "disable_correlation": false, "timestamp": "1471000460", "to_ids": true, "type": "ip-dst", "uuid": "57adaf8c-8edc-4b48-8a0f-3299950d210f", "value": "85.14.243.9" }, { "category": "Network activity", "comment": "Domains for ransom payments", "deleted": false, "disable_correlation": false, "timestamp": "1471000487", "to_ids": true, "type": "url", "uuid": "57adafa7-cfe0-47f1-8c70-3299950d210f", "value": "http://ccjlwb22w6c22p2k.onion.to" }, { "category": "Network activity", "comment": "Domains for ransom payments", "deleted": false, "disable_correlation": false, "timestamp": "1471000487", "to_ids": true, "type": "url", "uuid": "57adafa7-f574-46df-9e77-3299950d210f", "value": "http://ccjlwb22w6c22p2k.onion.city" } ] } }