{ "Event": { "analysis": "1", "date": "2017-10-18", "extends_uuid": "", "info": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-18 : \"Invoice 123456789 10.18.2017.7z\"", "publish_timestamp": "1510820549", "published": true, "threat_level_id": "3", "timestamp": "1510820541", "uuid": "59e72f27-d8a8-4d67-988f-4a72950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#006c6c", "name": "ecsirt:malicious-code=\"ransomware\"" }, { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Locky\"" }, { "colour": "#0088cc", "name": "misp-galaxy:tool=\"Trick Bot\"" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "md5", "uuid": "59e72f29-1170-43db-a994-4c21950d210f", "value": "ebae928bc0051c735d6facdc347511cb" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "md5", "uuid": "59e72f29-7830-4c84-bbde-41eb950d210f", "value": "dc2953728cc1b22536049e20b0163934" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f29-faa8-4402-92a5-46e4950d210f", "value": "http://haddownding.net/trtrtr.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f29-0ae8-4e16-b229-4c87950d210f", "value": "haddownding.net" }, { "category": "Network activity", "comment": "haddownding.net", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f2b-a1e4-442d-8f5b-46da950d210f", "value": "49.51.134.78" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f2b-7324-4c1e-a8b3-4290950d210f", "value": "http://envi-herzog.de/iuty56g" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f2b-fe34-48d3-963f-46ee950d210f", "value": "envi-herzog.de" }, { "category": "Network activity", "comment": "envi-herzog.de", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f2c-6224-4ec4-95ac-4a3a950d210f", "value": "194.116.187.130" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f2c-8680-4e1d-bac5-4769950d210f", "value": "http://pac-provider.com/iuty56g" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f2c-a900-4f50-9ea2-46b3950d210f", "value": "pac-provider.com" }, { "category": "Network activity", "comment": "pac-provider.com", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f2d-7958-4325-bcae-44d3950d210f", "value": "49.236.200.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f2d-631c-496b-905a-47c5950d210f", "value": "http://pesonamas.co.id/iuty56g" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f2d-6acc-4286-b8e0-4f67950d210f", "value": "pesonamas.co.id" }, { "category": "Network activity", "comment": "pesonamas.co.id", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f2f-2e80-4ee5-a00a-42e7950d210f", "value": "202.169.44.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f2f-e4b8-4362-907e-41c2950d210f", "value": "http://disfrance.net/p66/iuty56g" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f2f-7d78-4e3e-9009-466c950d210f", "value": "disfrance.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f4e-b7c8-4c68-a0e1-4efe950d210f", "value": "http://3overpar.com/niv785yg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f4e-f454-40f3-b262-4317950d210f", "value": "3overpar.com" }, { "category": "Network activity", "comment": "3overpar.com", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f4e-4e18-437f-8d86-4ab2950d210f", "value": "98.124.251.167" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f4e-b8e0-4b3b-b6d0-4ab1950d210f", "value": "http://dbatee.gr/niv785yg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f4f-dea4-4ba8-8f80-438b950d210f", "value": "dbatee.gr" }, { "category": "Network activity", "comment": "dbatee.gr", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f4f-88d4-4551-bd67-443a950d210f", "value": "62.103.152.100" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f4f-83b8-4840-8065-41f1950d210f", "value": "http://goliathstoneindustries.com/niv785yg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f4f-34c0-4b2c-ad65-4694950d210f", "value": "goliathstoneindustries.com" }, { "category": "Network activity", "comment": "goliathstoneindustries.com", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f50-8d64-44ed-b782-48b6950d210f", "value": "103.53.172.3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f50-372c-4905-9b0f-48a6950d210f", "value": "http://pciholog.ru/niv785yg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "hostname", "uuid": "59e72f51-95d8-45c3-8f0b-441b950d210f", "value": "pciholog.ru" }, { "category": "Network activity", "comment": "pciholog.ru", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": false, "type": "ip-dst", "uuid": "59e72f51-1754-435a-a1ad-4014950d210f", "value": "89.253.235.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428042", "to_ids": true, "type": "url", "uuid": "59e72f51-8010-43d3-b26b-4db6950d210f", "value": "http://disfrance.net/p66/niv785yg" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f51-faa8-428d-a299-4cbb950d210f", "value": "79.170.7.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f52-d2bc-43ce-864b-4405950d210f", "value": "196.202.194.202" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f52-0858-47bc-801e-4b63950d210f", "value": "46.20.56.239" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f52-5ea0-4198-9c88-4ac8950d210f", "value": "176.120.126.21" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f52-9da8-40fa-8fc4-40de950d210f", "value": "91.239.249.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f53-c400-4ffd-baa6-4aa7950d210f", "value": "156.17.92.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f53-0ff8-4ed7-b815-4a82950d210f", "value": "86.80.209.49" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f53-1bac-4d49-95a0-4b62950d210f", "value": "46.20.56.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f53-d860-40b1-ab5b-4254950d210f", "value": "62.87.151.219" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f53-61e0-4bd2-b3a7-42cb950d210f", "value": "188.137.86.7" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f54-8dcc-4c64-8d18-4631950d210f", "value": "178.254.183.34" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f54-6d74-47bf-b21f-477e950d210f", "value": "178.254.183.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f54-71a0-422d-86a2-4678950d210f", "value": "176.111.24.4" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f55-96d0-4426-977a-47f4950d210f", "value": "178.217.117.240" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f55-dd24-4161-853b-4ffd950d210f", "value": "178.217.119.241" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f55-2778-4f0a-a3f1-4f46950d210f", "value": "78.24.219.105" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f56-e4cc-46de-babf-40ee950d210f", "value": "92.63.105.129" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f56-2b80-4eca-a49c-47fb950d210f", "value": "62.109.30.9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f56-1da4-43a4-8109-48e0950d210f", "value": "82.146.44.189" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f56-4ec4-471e-906a-4c26950d210f", "value": "82.146.60.211" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f56-4bf4-49f5-9a74-4f48950d210f", "value": "194.87.238.205" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f57-b588-4852-a36f-47bf950d210f", "value": "195.133.49.20" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f57-a81c-49e0-bcb7-43be950d210f", "value": "46.17.40.97" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f57-8618-4d95-b822-4ed3950d210f", "value": "141.255.167.112" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f57-c1ac-442c-8206-4927950d210f", "value": "194.87.92.6" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f58-1c20-44dd-92fb-4207950d210f", "value": "62.109.30.96" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f58-2324-47d2-a074-41bd950d210f", "value": "194.87.146.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f58-65c8-4585-b7d1-4cfd950d210f", "value": "62.109.4.137" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f58-e044-4c0b-b000-4156950d210f", "value": "194.87.239.60" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f59-9990-4a31-98c5-4ae4950d210f", "value": "185.125.46.88" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f59-7e5c-4cf4-b47b-4b29950d210f", "value": "5.101.78.97" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5a-7ba4-4193-b054-4e95950d210f", "value": "185.12.94.101" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5a-9100-4e2d-9b4b-4f55950d210f", "value": "193.19.119.190" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5a-f3b0-4020-811b-47ec950d210f", "value": "179.43.147.232" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5a-3504-4f2b-9355-42cb950d210f", "value": "195.133.197.198" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5b-485c-40b5-9d24-4e21950d210f", "value": "188.227.17.104" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "ip-dst", "uuid": "59e72f5b-b6f4-440f-a463-49a8950d210f", "value": "194.87.111.47" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: dc2953728cc1b22536049e20b0163934", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": true, "type": "sha256", "uuid": "59e8c90b-2460-43e4-9578-435c02de0b81", "value": "9f6cce5b4c800f6ee2713efb58c098b2520257cac831288f576a1a4c01c1564b" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: dc2953728cc1b22536049e20b0163934", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": true, "type": "sha1", "uuid": "59e8c90b-1764-4868-8203-43a002de0b81", "value": "3ca477405129514bb57d427156280d65a5ce49f2" }, { "category": "External analysis", "comment": "- Xchecked via VT: dc2953728cc1b22536049e20b0163934", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "link", "uuid": "59e8c90b-5a50-4a24-9207-417b02de0b81", "value": "https://www.virustotal.com/file/9f6cce5b4c800f6ee2713efb58c098b2520257cac831288f576a1a4c01c1564b/analysis/1508393753/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: ebae928bc0051c735d6facdc347511cb", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": true, "type": "sha256", "uuid": "59e8c90b-53c8-4478-8d86-41c002de0b81", "value": "64aae4b954766b84f8f8fdac62f7b53dcaa61b07031321a027740a4f9f0fe484" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: ebae928bc0051c735d6facdc347511cb", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": true, "type": "sha1", "uuid": "59e8c90b-4384-4e46-bc32-4c4a02de0b81", "value": "b4dc3bcea137ac294bf21728ea5f9b6f14a427cf" }, { "category": "External analysis", "comment": "- Xchecked via VT: ebae928bc0051c735d6facdc347511cb", "deleted": false, "disable_correlation": false, "timestamp": "1508428043", "to_ids": false, "type": "link", "uuid": "59e8c90b-0fa8-4576-befa-427302de0b81", "value": "https://www.virustotal.com/file/64aae4b954766b84f8f8fdac62f7b53dcaa61b07031321a027740a4f9f0fe484/analysis/1508408563/" } ] } }