{ "Event": { "analysis": "1", "date": "2017-10-31", "extends_uuid": "", "info": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-31 : \"Invoice INV0000123\" - \"INV0000123.doc\"", "publish_timestamp": "1510241681", "published": true, "threat_level_id": "3", "timestamp": "1510241637", "uuid": "59f87123-2624-486b-92c9-4f14950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:tool=\"Trick Bot\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": true, "type": "md5", "uuid": "59f87124-b2cc-44c7-bbb2-4092950d210f", "value": "1916150b3356fe6e6da7ec2e2a78e189" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": true, "type": "md5", "uuid": "59f87124-f2d0-4ffb-b750-411d950d210f", "value": "e67b2f58896059cce8c6ff83c5737687" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": true, "type": "md5", "uuid": "59f87124-e0c0-4263-8f2b-4200950d210f", "value": "e1ac6820b8b94ee937d8fe301437609d" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": true, "type": "url", "uuid": "59f87125-021c-4494-b94e-4f3e950d210f", "value": "http://christakranzl.at/eiuhf384" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": true, "type": "hostname", "uuid": "59f87125-b548-4ff1-88e2-47ac950d210f", "value": "christakranzl.at" }, { "category": "Network activity", "comment": "christakranzl.at", "deleted": false, "disable_correlation": false, "timestamp": "1509562427", "to_ids": false, "type": "ip-dst", "uuid": "59f87125-3ff8-4a35-b794-4bc3950d210f", "value": "88.198.9.176" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87125-d35c-467c-83b0-4039950d210f", "value": "http://cornertape.net/eiuhf384" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87125-79b8-4447-9337-4caa950d210f", "value": "cornertape.net" }, { "category": "Network activity", "comment": "cornertape.net", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87126-d768-4de0-b5d2-4c15950d210f", "value": "62.50.188.17" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87126-821c-4f45-b217-4499950d210f", "value": "http://claridge-holdings.com/eiuhf384" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87126-4e68-482c-938a-4654950d210f", "value": "claridge-holdings.com" }, { "category": "Network activity", "comment": "claridge-holdings.com", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87126-b338-43b5-8597-4bbd950d210f", "value": "202.160.120.194" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87127-b2c8-444e-803e-47f6950d210f", "value": "http://dvprojekt.hr/eiuhf384" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87127-eb3c-483a-9321-47cd950d210f", "value": "dvprojekt.hr" }, { "category": "Network activity", "comment": "dvprojekt.hr", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87127-856c-4091-bfe4-431e950d210f", "value": "213.202.100.90" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87127-4b38-41a9-b74c-4581950d210f", "value": "http://projex-dz.com/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87128-4560-41b4-8996-4657950d210f", "value": "projex-dz.com" }, { "category": "Network activity", "comment": "projex-dz.com", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87128-2080-42bb-b8cd-41ec950d210f", "value": "5.196.81.12" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87128-f1d0-4877-a57b-4afd950d210f", "value": "http://celebrityonline.cz/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87128-6630-488d-8671-40e2950d210f", "value": "celebrityonline.cz" }, { "category": "Network activity", "comment": "celebrityonline.cz", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87129-5114-40c2-9be1-4282950d210f", "value": "78.24.8.144" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f87129-54e0-4bc2-9d7a-4059950d210f", "value": "http://sigmanet.gr/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f87129-e024-4779-883c-4510950d210f", "value": "sigmanet.gr" }, { "category": "Network activity", "comment": "sigmanet.gr", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8712a-1134-4ab7-acd7-429f950d210f", "value": "185.25.20.13" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8712a-7ef8-46ea-8a42-4404950d210f", "value": "http://apply.pam-innovation.com/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8712a-3700-4375-93ea-4039950d210f", "value": "apply.pam-innovation.com" }, { "category": "Network activity", "comment": "apply.pam-innovation.com", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8712b-ef4c-481c-9630-4972950d210f", "value": "202.129.207.71" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8712b-c1b8-4210-a57e-4c5a950d210f", "value": "http://bwos.be/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8712c-c984-41a0-94e5-4409950d210f", "value": "bwos.be" }, { "category": "Network activity", "comment": "bwos.be", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8712c-50b4-49d5-b63b-4925950d210f", "value": "91.121.34.121" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8712c-3040-49eb-8bc3-41de950d210f", "value": "http://zahntechnik-imlau.de/i8745fydd" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8712c-8910-4767-a196-4d97950d210f", "value": "zahntechnik-imlau.de" }, { "category": "Network activity", "comment": "zahntechnik-imlau.de", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8712d-8d10-48a8-ac9d-4330950d210f", "value": "185.138.24.185" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8712d-5c84-49fa-8d9e-4a01950d210f", "value": "http://fetchstats.net/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8712d-d5f4-4a82-86b7-4894950d210f", "value": "fetchstats.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8714b-c2f8-40ec-98f7-4de9950d210f", "value": "http://kengray.com/iudsfy7834" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8714c-1ae4-4fb1-bb33-4039950d210f", "value": "kengray.com" }, { "category": "Network activity", "comment": "kengray.com", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714c-24bc-4e7b-b3ad-49ef950d210f", "value": "209.239.114.217" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "url", "uuid": "59f8714c-07b0-4118-98c0-4e41950d210f", "value": "http://hobbystube.net/dkjshfg643" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "hostname", "uuid": "59f8714d-9288-4422-b1c9-468e950d210f", "value": "hobbystube.net" }, { "category": "Network activity", "comment": "hobbystube.net", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714d-b6dc-49ed-b0c3-4657950d210f", "value": "83.220.128.111" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714d-2c10-4d3d-938e-47a1950d210f", "value": "176.120.126.21" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714d-208c-4673-849e-40af950d210f", "value": "156.17.92.161" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714e-6aec-4a17-915e-435d950d210f", "value": "187.191.0.42" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714e-933c-46d7-8a8d-4d16950d210f", "value": "181.211.34.154" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714e-d304-4a22-87f3-4a58950d210f", "value": "200.117.251.52" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714f-3c7c-4762-a078-49c9950d210f", "value": "78.24.217.88" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f8714f-ec74-4d31-839c-4c1e950d210f", "value": "62.109.1.68" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87150-7be4-4e16-9d48-45c4950d210f", "value": "195.133.147.74" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87150-97e8-4679-959a-4650950d210f", "value": "195.133.146.117" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87150-65fc-405f-8a78-4122950d210f", "value": "195.133.146.122" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87150-d200-4460-89a9-4bdb950d210f", "value": "78.24.222.226" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87151-a3d4-4ead-9b2e-48b2950d210f", "value": "95.213.252.23" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87152-1cac-4e3a-9fbb-4372950d210f", "value": "95.213.251.95" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87152-22dc-4901-8785-4c5c950d210f", "value": "194.87.93.55" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87152-5764-4606-b6ef-4039950d210f", "value": "62.109.8.186" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87152-9b78-451b-bfa3-4821950d210f", "value": "188.120.246.189" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87153-ba3c-483c-9839-4098950d210f", "value": "194.87.98.249" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87153-2e0c-4202-9a61-4657950d210f", "value": "95.213.195.174" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87153-7ffc-489f-a123-4378950d210f", "value": "185.143.173.244" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87153-2e7c-4189-95c3-4fa6950d210f", "value": "194.87.110.113" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87154-5ec0-4445-ae49-4198950d210f", "value": "179.43.147.241" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87154-e794-4893-b78e-4c58950d210f", "value": "82.146.43.178" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87154-1554-459a-98c7-4429950d210f", "value": "185.158.114.114" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87155-58b4-43c8-932f-4248950d210f", "value": "62.109.10.93" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "ip-dst", "uuid": "59f87155-6cac-48a9-8dca-4e5b950d210f", "value": "185.34.52.236" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "sha256", "uuid": "59fa183c-8a6c-4218-8271-1ad302de0b81", "value": "9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": true, "type": "sha1", "uuid": "59fa183c-a688-48ed-9d1b-1ad302de0b81", "value": "b39d9320806573fdb49f5f9dc0307c4fbcd9c327" }, { "category": "External analysis", "comment": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687", "deleted": false, "disable_correlation": false, "timestamp": "1509562428", "to_ids": false, "type": "link", "uuid": "59fa183d-ac44-48bb-84fc-1ad302de0b81", "value": "https://www.virustotal.com/file/9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49/analysis/1509513298/" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189", "deleted": false, "disable_correlation": false, "timestamp": "1509562429", "to_ids": true, "type": "sha256", "uuid": "59fa183d-8f68-422e-9cc5-1ad302de0b81", "value": "d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189", "deleted": false, "disable_correlation": false, "timestamp": "1509562429", "to_ids": true, "type": "sha1", "uuid": "59fa183d-fbb4-45e8-b2e4-1ad302de0b81", "value": "7e8bf6cc4bb2540dce895244347a017565fddbc5" }, { "category": "External analysis", "comment": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189", "deleted": false, "disable_correlation": false, "timestamp": "1509562429", "to_ids": false, "type": "link", "uuid": "59fa183d-8348-4ca4-bbec-1ad302de0b81", "value": "https://www.virustotal.com/file/d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2/analysis/1509502196/" } ] } }