{ "Event": { "analysis": "1", "date": "2017-10-05", "extends_uuid": "", "info": "M2M - Locky 2017-10-04 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"", "publish_timestamp": "1507233876", "published": true, "threat_level_id": "3", "timestamp": "1507233773", "uuid": "59d5e1fe-30f4-48ee-8b75-dabd950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "md5", "uuid": "59d5e1ff-14ec-4c2e-af15-fde6950d210f", "value": "90f130611bdd7fe3c45cdf418f3ec006" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e1ff-35b8-452e-8a59-dabc950d210f", "value": "http://artsidestudio.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e200-72bc-4be4-845b-dac1950d210f", "value": "artsidestudio.com" }, { "category": "Network activity", "comment": "artsidestudio.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e200-cde4-4ea7-9bd1-fe8c950d210f", "value": "75.126.139.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e200-c904-4d26-a14a-fbfd950d210f", "value": "http://baysanal.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e201-7554-4f1a-87b3-fef5950d210f", "value": "baysanal.com" }, { "category": "Network activity", "comment": "baysanal.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e201-6ba4-45e6-b5d3-fde6950d210f", "value": "185.19.95.61" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e201-138c-4b6c-bfc2-ff71950d210f", "value": "http://computerserviceheerhugowaard.nl/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e201-9f04-4736-b547-dac2950d210f", "value": "computerserviceheerhugowaard.nl" }, { "category": "Network activity", "comment": "computerserviceheerhugowaard.nl", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e202-8a4c-40ac-9090-fe89950d210f", "value": "94.75.202.60" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e202-7334-43d4-a597-fbfd950d210f", "value": "http://foxcabinets.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e203-c0b4-474b-a9dc-fef5950d210f", "value": "foxcabinets.com" }, { "category": "Network activity", "comment": "foxcabinets.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e203-e81c-436c-bc98-fde6950d210f", "value": "98.124.251.166" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e203-c938-4918-b8a2-fdf1950d210f", "value": "http://lacadosmurcia.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e203-431c-43d4-a5e4-dac2950d210f", "value": "lacadosmurcia.com" }, { "category": "Network activity", "comment": "lacadosmurcia.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e204-69dc-4cd1-99a9-dac1950d210f", "value": "212.63.108.71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e204-9c84-438a-9323-fe89950d210f", "value": "http://laveentrading.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e204-9d9c-4154-8275-dac0950d210f", "value": "laveentrading.com" }, { "category": "Network activity", "comment": "laveentrading.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e204-23b8-4130-a4e2-fef5950d210f", "value": "98.124.251.72" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e205-f9f8-409b-8413-dac5950d210f", "value": "http://littleblessingscotons.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e205-089c-4e5b-94f4-fdf1950d210f", "value": "littleblessingscotons.com" }, { "category": "Network activity", "comment": "littleblessingscotons.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e205-9b08-4efc-b807-dac2950d210f", "value": "98.124.251.65" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e205-d2f4-4f9e-bbf8-dabc950d210f", "value": "http://mautau.it/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e206-e3cc-4bc9-97b6-ffb8950d210f", "value": "mautau.it" }, { "category": "Network activity", "comment": "mautau.it", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e206-d85c-4564-be18-fe89950d210f", "value": "89.96.90.14" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e206-cd48-4474-b418-fbfd950d210f", "value": "http://mis4.zenfinancial.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e206-6a78-47f8-9548-fe8c950d210f", "value": "mis4.zenfinancial.com" }, { "category": "Network activity", "comment": "mis4.zenfinancial.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e207-387c-412b-bcb6-fde6950d210f", "value": "66.135.55.8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e207-06cc-4fb5-af8f-dac2950d210f", "value": "http://photobookexpress.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e207-8e0c-4b9f-80d6-dabe950d210f", "value": "photobookexpress.com" }, { "category": "Network activity", "comment": "photobookexpress.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e207-52c0-43c2-a7c4-ffb8950d210f", "value": "98.124.252.132" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e208-d24c-4ecf-b899-fe89950d210f", "value": "http://poslovnekomunikacije.si/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e208-68e8-4bb5-bf1c-dac0950d210f", "value": "poslovnekomunikacije.si" }, { "category": "Network activity", "comment": "poslovnekomunikacije.si", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": false, "type": "ip-dst", "uuid": "59d5e208-190c-42b4-8fe0-fef5950d210f", "value": "91.185.200.235" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "url", "uuid": "59d5e208-b7d8-41b7-9484-dac5950d210f", "value": "http://pspcny.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233763", "to_ids": true, "type": "hostname", "uuid": "59d5e209-c8ec-4057-95fb-fde6950d210f", "value": "pspcny.com" }, { "category": "Network activity", "comment": "pspcny.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e209-1eec-49b2-a2b3-fe67950d210f", "value": "162.212.87.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e209-05b8-49c0-a801-ff71950d210f", "value": "http://ragazzemessenger.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20a-7988-4f1a-8c3b-ffb8950d210f", "value": "ragazzemessenger.com" }, { "category": "Network activity", "comment": "ragazzemessenger.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20a-a958-4b3c-90dc-dac1950d210f", "value": "98.124.251.168" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20a-b0e8-453d-a487-dac0950d210f", "value": "http://timmah.users.whitehat.dk/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20a-7474-4bed-846a-fef5950d210f", "value": "timmah.users.whitehat.dk" }, { "category": "Network activity", "comment": "timmah.users.whitehat.dk", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20b-62e8-4915-b14c-dac5950d210f", "value": "91.221.196.222" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20b-620c-41e7-a3f5-fbfd950d210f", "value": "http://trapiantivarese.org/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20b-f750-4d5f-a622-dac2950d210f", "value": "trapiantivarese.org" }, { "category": "Network activity", "comment": "trapiantivarese.org", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20b-98cc-44a0-8193-ffb8950d210f", "value": "151.1.129.127" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20c-c918-4c99-aa62-fe89950d210f", "value": "http://www.pizzelli.eu/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20c-1e10-42d7-9f10-dac0950d210f", "value": "www.pizzelli.eu" }, { "category": "Network activity", "comment": "www.pizzelli.eu", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20d-bf74-48a3-81ad-dac5950d210f", "value": "62.149.140.180" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20d-5e60-4e7a-9491-fbfd950d210f", "value": "http://www.rafaelgalindo.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20d-b428-4c1b-98c1-fe67950d210f", "value": "www.rafaelgalindo.com" }, { "category": "Network activity", "comment": "www.rafaelgalindo.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20d-d198-4e95-b652-ffb8950d210f", "value": "94.23.224.229" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20e-33a4-4c61-86dd-dac3950d210f", "value": "http://www.traders-forum.com/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20e-dea0-4ffe-ad8f-dac0950d210f", "value": "www.traders-forum.com" }, { "category": "Network activity", "comment": "www.traders-forum.com", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "ip-dst", "uuid": "59d5e20e-54bc-4acc-94a9-fe8c950d210f", "value": "62.149.140.55" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "url", "uuid": "59d5e20e-894c-4e6e-90f0-fbfd950d210f", "value": "http://derainlay.info/p66/tfhytdrf56u" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "hostname", "uuid": "59d5e20f-10ac-46ee-87c1-fe67950d210f", "value": "derainlay.info" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "sha256", "uuid": "59d68fe4-18e0-4ff7-b97d-4df402de0b81", "value": "8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": true, "type": "sha1", "uuid": "59d68fe4-0a98-4d25-8e28-4af602de0b81", "value": "77e09f12c5385555203421ceb5bad44c6745ba12" }, { "category": "External analysis", "comment": "- Xchecked via VT: 90f130611bdd7fe3c45cdf418f3ec006", "deleted": false, "disable_correlation": false, "timestamp": "1507233764", "to_ids": false, "type": "link", "uuid": "59d68fe4-462c-4725-92b5-47fd02de0b81", "value": "https://www.virustotal.com/file/8a6c5b229dcb7037e59b52c287d1f7ccd0581f8df1815df82ce07156b6ec6199/analysis/1507190569/" } ] } }