{ "Event": { "analysis": "1", "date": "2017-11-09", "extends_uuid": "", "info": "M2M - Locky 2017-11-03 : Affid=3, offline, \".asasin\" : \"Scanned image from MX-2600N\" - \"20171103_123456.doc\"", "publish_timestamp": "1510261157", "published": true, "threat_level_id": "3", "timestamp": "1510261077", "uuid": "5a044feb-cda0-4844-b5f0-2214950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#006c6c", "local": false, "name": "ecsirt:malicious-code=\"ransomware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Locky\"", "relationship_type": "" } ], "Attribute": [ { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "md5", "uuid": "5a044fec-f524-41fc-8865-75a9950d210f", "value": "1f608125c16f3396000f6ec9d929d6c9" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "url", "uuid": "5a044fed-6f00-4baa-b022-4cfd950d210f", "value": "http://336.linux1.testsider.dk/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "hostname", "uuid": "5a044fed-2e84-4587-a638-4751950d210f", "value": "336.linux1.testsider.dk" }, { "category": "Network activity", "comment": "336.linux1.testsider.dk", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": false, "type": "ip-dst", "uuid": "5a044fed-7894-4890-a0a2-991b950d210f", "value": "77.243.131.16" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "url", "uuid": "5a044fed-b0d4-4426-937d-43b4950d210f", "value": "http://betadesign.es/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "hostname", "uuid": "5a044fee-a7b0-4069-bf11-cda3950d210f", "value": "betadesign.es" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "url", "uuid": "5a044ff7-7674-4d8c-9596-2214950d210f", "value": "http://comercialarques.es/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "hostname", "uuid": "5a044ff8-f574-49a0-afe2-4976950d210f", "value": "comercialarques.es" }, { "category": "Network activity", "comment": "comercialarques.es", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": false, "type": "ip-dst", "uuid": "5a044ff8-d9f8-495b-a11d-4d06950d210f", "value": "31.47.74.202" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "url", "uuid": "5a044ff8-9090-4be9-986a-75a9950d210f", "value": "http://deltaled.es/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "hostname", "uuid": "5a044ff8-4fd0-4326-908a-4829950d210f", "value": "deltaled.es" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "url", "uuid": "5a044ff9-3154-45cf-9bd2-991b950d210f", "value": "http://testbxc.u-host.ru/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": true, "type": "hostname", "uuid": "5a044ff9-2db4-4df3-8004-4582950d210f", "value": "testbxc.u-host.ru" }, { "category": "Network activity", "comment": "testbxc.u-host.ru", "deleted": false, "disable_correlation": false, "timestamp": "1510261062", "to_ids": false, "type": "ip-dst", "uuid": "5a044ff9-f2a0-4dac-b725-717b950d210f", "value": "212.220.124.233" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a044ffa-f278-4e4a-baec-cda3950d210f", "value": "http://unbescheiden.net/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a044ffa-6388-4155-959f-45d7950d210f", "value": "unbescheiden.net" }, { "category": "Network activity", "comment": "unbescheiden.net", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a044ffa-21bc-4cbb-9b9e-41eb950d210f", "value": "212.223.152.138" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a044ffa-8784-424a-9f41-cd7d950d210f", "value": "http://watchez.biz/lbMld6sGda" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a044ffa-6a70-4f12-86ee-cdb1950d210f", "value": "watchez.biz" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a045019-b49c-4ab1-af1e-4bcf950d210f", "value": "http://pabxconsultants.co.za/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a045019-5050-44ec-bbe5-717b950d210f", "value": "pabxconsultants.co.za" }, { "category": "Network activity", "comment": "pabxconsultants.co.za", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501a-67f4-411f-86ae-cda3950d210f", "value": "41.72.154.151" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501a-1e60-42f3-877a-416e950d210f", "value": "http://san-syo.co.jp/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501a-f530-4544-8853-42a4950d210f", "value": "san-syo.co.jp" }, { "category": "Network activity", "comment": "san-syo.co.jp", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501b-6870-42ac-91f8-47bc950d210f", "value": "219.94.169.237" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501b-9bc0-43f0-a2d2-cd7d950d210f", "value": "http://saranville.com/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501b-b5e4-48f9-a097-cdb1950d210f", "value": "saranville.com" }, { "category": "Network activity", "comment": "saranville.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501c-5960-4c09-a66b-2214950d210f", "value": "27.254.148.14" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501c-9940-4606-ab46-4b38950d210f", "value": "http://pwmsteel.com/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501c-af58-4df0-9f87-cdb4950d210f", "value": "pwmsteel.com" }, { "category": "Network activity", "comment": "pwmsteel.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501d-2d3c-42b1-a945-cd35950d210f", "value": "50.21.229.37" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501d-fe00-4fcb-bb88-45ff950d210f", "value": "http://visualindesign.be/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501d-9d98-4447-b8d7-cc6f950d210f", "value": "visualindesign.be" }, { "category": "Network activity", "comment": "visualindesign.be", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501d-9f10-423d-b00b-75a9950d210f", "value": "5.135.178.149" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501e-6e10-4c26-9d36-4bfc950d210f", "value": "http://twonkygames.com/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501e-6d70-4cb2-aa7e-cdab950d210f", "value": "twonkygames.com" }, { "category": "Network activity", "comment": "twonkygames.com", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "ip-dst", "uuid": "5a04501e-e6f8-44ce-96c8-4f95950d210f", "value": "85.25.242.138" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "url", "uuid": "5a04501e-8ff0-4078-bc2e-991b950d210f", "value": "http://evengrollighromsof.net/p66/dhYtebv3" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "hostname", "uuid": "5a04501f-8b24-490c-861c-48d9950d210f", "value": "evengrollighromsof.net" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "sha256", "uuid": "5a04c147-52f0-4649-a1bc-4c0202de0b81", "value": "73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0" }, { "category": "Artifacts dropped", "comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": true, "type": "sha1", "uuid": "5a04c147-a0d0-4cd1-aeb0-4e7602de0b81", "value": "1fd9f901ab7f51a542e455b51e6442040d3fa39c" }, { "category": "External analysis", "comment": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9", "deleted": false, "disable_correlation": false, "timestamp": "1510261063", "to_ids": false, "type": "link", "uuid": "5a04c147-2bf4-4e41-afaf-49be02de0b81", "value": "https://www.virustotal.com/file/73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0/analysis/1510056897/" } ] } }