{"Event": {"info": "M2M -  Locky Affid=3, \".asasin\" 2017-11-02 : \"12_Invoice_3456\" - \"001_1234.doc\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}], "publish_timestamp": "1510259156", "timestamp": "1510259162", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "5a044f71-4498-467c-ab71-48ff950d210f", "timestamp": "1510259155", "to_ids": true, "value": "26671a0b08b87754a72ab3d0c2256059", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "5a044f72-27b4-401e-89b0-4ab9950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://nozovent.net/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f72-adcc-4152-89f8-4ee9950d210f", "timestamp": "1510259155", "to_ids": true, "value": "nozovent.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "nozovent.net", "category": "Network activity", "uuid": "5a044f72-e3ac-4b5d-978a-cda3950d210f", "timestamp": "1510259155", "to_ids": false, "value": "167.114.138.110", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f72-a9c8-4ddd-b446-991b950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://pccreatief.nl/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f73-d3b8-4499-9158-cdb1950d210f", "timestamp": "1510259155", "to_ids": true, "value": "pccreatief.nl", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "pccreatief.nl", "category": "Network activity", "uuid": "5a044f73-cba0-4e88-89e8-cdab950d210f", "timestamp": "1510259155", "to_ids": false, "value": "85.25.192.252", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f73-3948-40c5-a2f7-cc6f950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://plaissetty.com/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f73-8444-4c98-9302-48f9950d210f", "timestamp": "1510259155", "to_ids": true, "value": "plaissetty.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "plaissetty.com", "category": "Network activity", "uuid": "5a044f74-fcac-4eff-aed4-4414950d210f", "timestamp": "1510259155", "to_ids": false, "value": "91.121.183.59", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f74-fa18-495a-87e8-20a6950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://ro.isuzu.it/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f74-5734-481a-a7dc-cd35950d210f", "timestamp": "1510259155", "to_ids": true, "value": "ro.isuzu.it", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "ro.isuzu.it", "category": "Network activity", "uuid": "5a044f74-5c24-4898-9219-4ac3950d210f", "timestamp": "1510259155", "to_ids": false, "value": "95.110.189.247", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f75-9a44-415e-88a7-cda3950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://sirbis.de/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f75-6c00-4ebc-8fae-991b950d210f", "timestamp": "1510259155", "to_ids": true, "value": "sirbis.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "sirbis.de", "category": "Network activity", "uuid": "5a044f75-c740-4f76-9b4a-cdb1950d210f", "timestamp": "1510259155", "to_ids": false, "value": "46.163.72.181", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f75-bdc4-4877-9069-cdab950d210f", "timestamp": "1510259155", "to_ids": true, "value": "http://skivvies.com/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f76-61a4-4bfe-8e0d-2214950d210f", "timestamp": "1510259156", "to_ids": true, "value": "skivvies.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "skivvies.com", "category": "Network activity", "uuid": "5a044f76-f550-4ea7-8437-462c950d210f", "timestamp": "1510259156", "to_ids": false, "value": "204.197.241.45", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f76-ae48-41f2-a4bb-4d84950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://studio311.de/Jmdnaf36dd", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f76-ae04-44b9-8a3f-4eda950d210f", "timestamp": "1510259156", "to_ids": true, "value": "studio311.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "studio311.de", "category": "Network activity", "uuid": "5a044f77-d234-4fb1-8bd4-75a9950d210f", "timestamp": "1510259156", "to_ids": false, "value": "217.182.199.8", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7a-e1b4-40c9-9c18-75a9950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://michelsmarkt.de/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7b-aa14-4c53-b56d-20a6950d210f", "timestamp": "1510259156", "to_ids": true, "value": "michelsmarkt.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "michelsmarkt.de", "category": "Network activity", "uuid": "5a044f7b-29a0-41dc-96a4-42b9950d210f", "timestamp": "1510259156", "to_ids": false, "value": "173.212.228.135", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7b-bd48-43f4-a5d7-991b950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://noya-en.eu/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7b-cdf8-4123-8992-48ec950d210f", "timestamp": "1510259156", "to_ids": true, "value": "noya-en.eu", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "noya-en.eu", "category": "Network activity", "uuid": "5a044f7c-d3a0-42a4-9f91-cdb1950d210f", "timestamp": "1510259156", "to_ids": false, "value": "185.66.251.178", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7c-0f38-4603-b7d5-cc6f950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://ruemmelin.info/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7c-5c74-4e31-8738-47c6950d210f", "timestamp": "1510259156", "to_ids": true, "value": "ruemmelin.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "ruemmelin.info", "category": "Network activity", "uuid": "5a044f7d-b22c-432a-a43e-75a9950d210f", "timestamp": "1510259156", "to_ids": false, "value": "81.90.33.38", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7d-32d8-47f3-85f2-4a7e950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://remers-messebau.de/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7d-b21c-48e5-b462-cda3950d210f", "timestamp": "1510259156", "to_ids": true, "value": "remers-messebau.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "remers-messebau.de", "category": "Network activity", "uuid": "5a044f7d-731c-4c6d-a6d2-991b950d210f", "timestamp": "1510259156", "to_ids": false, "value": "89.163.140.72", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7d-afbc-47a0-ab66-4d24950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://ollyandfriends.de/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7e-353c-48dd-b43d-4d17950d210f", "timestamp": "1510259156", "to_ids": true, "value": "ollyandfriends.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "ollyandfriends.de", "category": "Network activity", "uuid": "5a044f7e-ad0c-4742-93e8-cdab950d210f", "timestamp": "1510259156", "to_ids": false, "value": "85.119.155.42", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7e-ce38-414d-ba71-2214950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://primeassociatesinc.com/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7f-9d74-49e7-86c0-4337950d210f", "timestamp": "1510259156", "to_ids": true, "value": "primeassociatesinc.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "primeassociatesinc.com", "category": "Network activity", "uuid": "5a044f7f-d44c-48dd-ab0f-498f950d210f", "timestamp": "1510259156", "to_ids": false, "value": "209.54.51.32", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044f7f-9e20-4642-a4a9-cd35950d210f", "timestamp": "1510259156", "to_ids": true, "value": "http://verwadirephen.info/p66/Jgsn5srs", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044f80-34c4-4182-a96e-717b950d210f", "timestamp": "1510259156", "to_ids": true, "value": "verwadirephen.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059", "category": "Artifacts dropped", "uuid": "5a04b9d4-6098-4af4-a972-4c9702de0b81", "timestamp": "1510259156", "to_ids": true, "value": "68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059", "category": "Artifacts dropped", "uuid": "5a04b9d4-f76c-43c8-a7b5-48a102de0b81", "timestamp": "1510259156", "to_ids": true, "value": "491178c82dee6e81030bd880ec3647c93b307e01", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 26671a0b08b87754a72ab3d0c2256059", "category": "External analysis", "uuid": "5a04b9d4-17ac-4410-b44a-494d02de0b81", "timestamp": "1510259156", "to_ids": false, "value": "https://www.virustotal.com/file/68d73a56515a94be6400ea2ea625d256f439e3b279576dcdcb07948929e1d1cd/analysis/1510096080/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": false, "date": "2017-11-09", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a044f70-28a8-45a4-b350-cdab950d210f"}}