{ "Event": { "analysis": "1", "date": "2017-12-05", "extends_uuid": "", "info": "M2M - \"..doc\" 2017-11-30 : \"FL-123456 11.30.2017.7z\"", "publish_timestamp": "1512555030", "published": true, "threat_level_id": "3", "timestamp": "1512554615", "uuid": "5a26b608-7e48-48c1-bf61-43a3950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\"" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "md5", "uuid": "5a26b609-e89c-4385-9584-465a950d210f", "value": "d4ddf8bfcc057fcfece2a498942079ce" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "md5", "uuid": "5a26b609-c92c-4329-8eea-470e950d210f", "value": "3ccbb316fdf9b7e6ae89584afc529e5f" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "md5", "uuid": "5a26b609-be98-4d9f-ba28-42b1950d210f", "value": "612974dcb49adef982d9ad8d9cbdde36" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60a-a510-459b-844b-485f950d210f", "value": "it2000.mycompany.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60a-b3c0-498b-aee7-4b23950d210f", "value": "http://accessyouraudience.com/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60a-0794-4355-8983-493d950d210f", "value": "accessyouraudience.com" }, { "category": "Network activity", "comment": "accessyouraudience.com", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60b-a070-4eb5-95f6-40d3950d210f", "value": "98.124.251.75" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60b-e25c-4a95-a17b-44d3950d210f", "value": "http://alucmuhendislik.com/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60b-3e08-49e3-a06b-c6d3950d210f", "value": "alucmuhendislik.com" }, { "category": "Network activity", "comment": "alucmuhendislik.com", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60b-8010-4553-9e9b-4b38950d210f", "value": "185.85.205.9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60c-4084-4005-9c85-c53a950d210f", "value": "http://awholeblueworld.com/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60d-e4e8-4ae3-839f-4e09950d210f", "value": "awholeblueworld.com" }, { "category": "Network activity", "comment": "awholeblueworld.com", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60d-4060-441c-a254-4243950d210f", "value": "66.36.173.215" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60d-5728-42b0-bc69-46ae950d210f", "value": "http://bit-chasers.com/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60d-c4a0-4af6-997a-4d69950d210f", "value": "bit-chasers.com" }, { "category": "Network activity", "comment": "bit-chasers.com", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60d-e69c-4d3a-bf9d-4881950d210f", "value": "98.124.251.176" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60e-a030-4a87-8bee-c6d3950d210f", "value": "http://datenhaus.info/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60e-2510-488b-a1c2-4890950d210f", "value": "datenhaus.info" }, { "category": "Network activity", "comment": "datenhaus.info", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60e-bd00-483c-ae8b-42f4950d210f", "value": "85.214.205.231" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60e-b7b4-4450-9cec-4b20950d210f", "value": "http://hexacam.com/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60e-a764-4684-a7d6-419c950d210f", "value": "hexacam.com" }, { "category": "Network activity", "comment": "hexacam.com", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60f-7098-4491-86ae-4cd1950d210f", "value": "98.124.251.65" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b60f-9220-4b4c-87e6-4cad950d210f", "value": "http://mh-service.ru/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b60f-4c28-4e42-bd4d-40e1950d210f", "value": "mh-service.ru" }, { "category": "Network activity", "comment": "mh-service.ru", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b60f-d748-4d1f-be56-4204950d210f", "value": "89.253.235.118" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b610-ce98-43c6-a598-4bae950d210f", "value": "http://yamanashi-jyujin.jp/JHGcd476334" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b610-f084-4fe5-9357-c6d3950d210f", "value": "yamanashi-jyujin.jp" }, { "category": "Network activity", "comment": "yamanashi-jyujin.jp", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b610-e01c-4336-96aa-4669950d210f", "value": "180.222.185.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b611-3390-4b2a-ae6c-4785950d210f", "value": "https://n224ezvhg4sgyamb.onion.link/shfgealjh.php" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b611-fca0-46b3-afcb-42b3950d210f", "value": "n224ezvhg4sgyamb.onion.link" }, { "category": "Network activity", "comment": "n224ezvhg4sgyamb.onion.link", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b611-c76c-438e-9927-45ff950d210f", "value": "188.166.203.69" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "url", "uuid": "5a26b611-cb7c-4f30-a5b9-4d28950d210f", "value": "http://summi.space/count.php?nu=105&fb=110" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "hostname", "uuid": "5a26b612-737c-4c0a-b657-4136950d210f", "value": "summi.space" }, { "category": "Network activity", "comment": "summi.space", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "ip-dst", "uuid": "5a26b612-0b58-40a9-b2a7-4d43950d210f", "value": "198.23.241.227" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha256", "uuid": "5a27c071-7a20-4a82-b93f-bbb602de0b81", "value": "13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha1", "uuid": "5a27c071-e8c8-40c6-ad17-bbb602de0b81", "value": "b817e361bd0cc1819d7f6a1189f0f5d56ed48721" }, { "category": "External analysis", "comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "link", "uuid": "5a27c071-4ca4-4de8-be48-bbb602de0b81", "value": "https://www.virustotal.com/file/13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920/analysis/1512419605/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha256", "uuid": "5a27c071-7c68-4d03-b967-bbb602de0b81", "value": "ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha1", "uuid": "5a27c071-4048-411c-a49d-bbb602de0b81", "value": "cc3d01780eaabb8f429cd251acfc52370b95d149" }, { "category": "External analysis", "comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": false, "type": "link", "uuid": "5a27c071-adfc-43bd-b1ae-bbb602de0b81", "value": "https://www.virustotal.com/file/ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040/analysis/1512362971/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha256", "uuid": "5a27c071-ae34-4e17-a860-bbb602de0b81", "value": "7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce", "deleted": false, "disable_correlation": false, "timestamp": "1512554609", "to_ids": true, "type": "sha1", "uuid": "5a27c071-657c-44cd-830c-bbb602de0b81", "value": "b52e239c775781b1c569d246c88727573ba5904b" }, { "category": "External analysis", "comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce", "deleted": false, "disable_correlation": false, "timestamp": "1512554610", "to_ids": false, "type": "link", "uuid": "5a27c072-eb0c-4e56-9c49-bbb602de0b81", "value": "https://www.virustotal.com/file/7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc/analysis/1512374263/" } ] } }