{ "Event": { "analysis": "2", "date": "2016-03-28", "extends_uuid": "", "info": "OSINT - McAfee Labs Threat Advisory Ransomware-Locky", "publish_timestamp": "1459152772", "published": true, "threat_level_id": "3", "timestamp": "1459152153", "uuid": "56f8e284-5b54-46d4-814d-3f2f02de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#2c4f00", "local": false, "name": "malware_classification:malware-category=\"Ransomware\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151544", "to_ids": true, "type": "ip-dst", "uuid": "56f8e2b8-0c7c-4feb-8a9f-3f2b02de0b81", "value": "95.181.171.58" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151545", "to_ids": true, "type": "ip-dst", "uuid": "56f8e2b9-7d3c-4f53-87a9-3f2b02de0b81", "value": "185.14.30.97" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151545", "to_ids": true, "type": "ip-dst", "uuid": "56f8e2b9-ff70-4ebf-9e22-3f2b02de0b81", "value": "195.22.28.196" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151545", "to_ids": true, "type": "ip-dst", "uuid": "56f8e2b9-b300-47de-bb8c-3f2b02de0b81", "value": "195.22.28.198" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151546", "to_ids": true, "type": "domain", "uuid": "56f8e2ba-a25c-4c09-a712-3f2b02de0b81", "value": "pvwinlrmwvccuo.eu" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151546", "to_ids": true, "type": "domain", "uuid": "56f8e2ba-a890-4712-a06f-3f2b02de0b81", "value": "cgavqeodnop.it" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151546", "to_ids": true, "type": "domain", "uuid": "56f8e2ba-a53c-450e-bb42-3f2b02de0b81", "value": "kqlxtqptsmys.in" }, { "category": "Network activity", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1459151546", "to_ids": true, "type": "domain", "uuid": "56f8e2ba-7bbc-4d5b-90a4-3f2b02de0b81", "value": "wblejsfob.pw" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1459152153", "to_ids": false, "type": "link", "uuid": "56f8e519-f5d0-4992-84da-3f5d02de0b81", "value": "https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf" } ] } }