misp-circl-feed/feeds/circl/misp/59ef2c5a-eed8-4b10-88c4-4685950d210f.json

1 line
No EOL
20 KiB
JSON

{"Event": {"info": "M2M - Locky Affid=3/Trickbot \"mac1\" 2017-10-24 : \"Your\n Invoice 12345\" - \"Invoice_file_654321.doc\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Trick Bot\""}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}], "publish_timestamp": "0", "timestamp": "1508919845", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "59ef2c5b-d440-4c0a-b109-4f35950d210f", "timestamp": "1508919837", "to_ids": true, "value": "eae849f6510db451f4fbdb780b5d49aa", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59ef2c5b-0078-4c5a-baae-460d950d210f", "timestamp": "1508919837", "to_ids": true, "value": "7bbc46655683df7a0e842c0adff987a3", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "59ef2c5b-24a8-4b42-84ac-44c2950d210f", "timestamp": "1508919837", "to_ids": true, "value": "5f38c8bd1a58a755108d27a7fdf034b1", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5b-8144-4e6b-9164-d493950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://transmercasa.com/JHGGsdsw6", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5c-a548-4673-a210-4efa950d210f", "timestamp": "1508919837", "to_ids": true, "value": "transmercasa.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "transmercasa.com", "category": "Network activity", "uuid": "59ef2c5c-3fb0-46a9-9b7d-48a6950d210f", "timestamp": "1508919837", "to_ids": false, "value": "75.98.175.70", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5c-d1d8-47bc-88d2-9959950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://upgrademypc.ie/JHGGsdsw6", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5c-e9e0-467f-b60f-4848950d210f", "timestamp": "1508919837", "to_ids": true, "value": "upgrademypc.ie", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "upgrademypc.ie", "category": "Network activity", "uuid": "59ef2c5d-eff8-4fbb-a5f1-4016950d210f", "timestamp": "1508919837", "to_ids": false, "value": "78.153.200.123", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5d-8098-488a-a937-4706950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://urcho.com/JHGGsdsw6", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5d-b6d8-4209-b44f-9959950d210f", "timestamp": "1508919837", "to_ids": true, "value": "urcho.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "urcho.com", "category": "Network activity", "uuid": "59ef2c5d-42b4-468c-94d7-4a1c950d210f", "timestamp": "1508919837", "to_ids": false, "value": "87.106.69.81", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5e-848c-49e1-8659-4c33950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://tatianadecastelbajac.fr/kjhgFG", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5e-6694-457f-be1b-436f950d210f", "timestamp": "1508919837", "to_ids": true, "value": "tatianadecastelbajac.fr", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "tatianadecastelbajac.fr", "category": "Network activity", "uuid": "59ef2c5e-6e30-4bc9-85ee-43f9950d210f", "timestamp": "1508919837", "to_ids": false, "value": "151.236.60.40", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5e-513c-4e01-ac01-9959950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://video.rb-webdev.de/kjhgFG", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5f-a594-460d-a75a-4499950d210f", "timestamp": "1508919837", "to_ids": true, "value": "video.rb-webdev.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "video.rb-webdev.de", "category": "Network activity", "uuid": "59ef2c5f-4bc0-4c3b-b414-43ad950d210f", "timestamp": "1508919837", "to_ids": false, "value": "85.214.28.187", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5f-0298-453c-89d8-4128950d210f", "timestamp": "1508919837", "to_ids": true, "value": "http://themclarenfamily.com/kjhgFG", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c5f-bd48-4eae-bd06-4b5f950d210f", "timestamp": "1508919837", "to_ids": true, "value": "themclarenfamily.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "themclarenfamily.com", "category": "Network activity", "uuid": "59ef2c60-4ac4-4290-ad3d-464d950d210f", "timestamp": "1508919837", "to_ids": false, "value": "92.48.90.34", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c60-b410-4529-a253-47d6950d210f", "timestamp": "1508919838", "to_ids": true, "value": "http://gdiscoun.org/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c60-0c14-4616-afe2-412f950d210f", "timestamp": "1508919838", "to_ids": true, "value": "gdiscoun.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c7e-97b0-410c-bcd9-4772950d210f", "timestamp": "1508919838", "to_ids": true, "value": "http://xn--diseo-rta.es/UHGus3.enc", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c7e-7374-4d15-835e-4874950d210f", "timestamp": "1508919838", "to_ids": true, "value": "xn--diseo-rta.es", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "xn--diseo-rta.es", "category": "Network activity", "uuid": "59ef2c7f-4518-4f01-9a80-44db950d210f", "timestamp": "1508919838", "to_ids": false, "value": "31.24.46.103", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c7f-3d68-4e40-ae8d-49fc950d210f", "timestamp": "1508919838", "to_ids": true, "value": "http://webhotell.enivest.no/cuYT39.enc", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c7f-b914-4be7-8bc8-4289950d210f", "timestamp": "1508919838", "to_ids": true, "value": "webhotell.enivest.no", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "webhotell.enivest.no", "category": "Network activity", "uuid": "59ef2c80-11dc-4320-a462-41bd950d210f", "timestamp": "1508919838", "to_ids": false, "value": "62.50.190.101", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c80-a74c-4f19-b630-9959950d210f", "timestamp": "1508919838", "to_ids": false, "value": "79.170.7.139", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c80-9a10-431b-9b35-45fd950d210f", "timestamp": "1508919838", "to_ids": false, "value": "196.202.194.202", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c80-5a78-4aa0-84aa-45f3950d210f", "timestamp": "1508919838", "to_ids": false, "value": "46.20.56.239", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c81-f200-41c7-96e7-d493950d210f", "timestamp": "1508919838", "to_ids": false, "value": "176.120.126.21", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c81-ebe8-4a4b-9dea-452b950d210f", "timestamp": "1508919838", "to_ids": false, "value": "91.239.249.118", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c81-c180-436d-83c3-4828950d210f", "timestamp": "1508919838", "to_ids": false, "value": "156.17.92.161", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c81-e648-474f-bdcc-498b950d210f", "timestamp": "1508919838", "to_ids": false, "value": "86.80.209.49", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c82-8fcc-4ce7-bdd9-9959950d210f", "timestamp": "1508919838", "to_ids": false, "value": "46.20.56.237", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c82-6334-4cbf-9756-4332950d210f", "timestamp": "1508919838", "to_ids": false, "value": "62.87.151.219", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c82-9458-48ae-b0b0-4696950d210f", "timestamp": "1508919838", "to_ids": false, "value": "188.137.86.7", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c82-35a4-48f7-8824-4f33950d210f", "timestamp": "1508919838", "to_ids": false, "value": "178.254.183.34", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c83-407c-4766-97b1-4a07950d210f", "timestamp": "1508919838", "to_ids": false, "value": "178.254.183.13", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c83-432c-408f-9092-4dad950d210f", "timestamp": "1508919838", "to_ids": false, "value": "176.111.24.4", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c84-d1e4-4d10-a0d7-4f37950d210f", "timestamp": "1508919838", "to_ids": false, "value": "178.217.117.240", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c84-7ecc-4f70-bc47-4313950d210f", "timestamp": "1508919838", "to_ids": false, "value": "178.217.119.241", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c84-4aec-439c-a2ed-4eeb950d210f", "timestamp": "1508919838", "to_ids": false, "value": "78.24.219.105", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c84-ce58-40e3-9f25-4c04950d210f", "timestamp": "1508919838", "to_ids": false, "value": "92.63.105.129", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c85-00e4-4726-b9b2-447c950d210f", "timestamp": "1508919838", "to_ids": false, "value": "62.109.30.9", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c85-5314-42a1-a075-415e950d210f", "timestamp": "1508919838", "to_ids": false, "value": "82.146.44.189", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c85-3b58-4312-b1a1-44e6950d210f", "timestamp": "1508919838", "to_ids": false, "value": "82.146.60.211", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c85-dc2c-4378-a47a-4f5f950d210f", "timestamp": "1508919838", "to_ids": false, "value": "194.87.238.205", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c86-d55c-493c-a31d-9959950d210f", "timestamp": "1508919838", "to_ids": false, "value": "195.133.49.20", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c86-f1e4-46be-9130-d493950d210f", "timestamp": "1508919838", "to_ids": false, "value": "46.17.40.97", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c86-68b4-4551-9bbf-4e6c950d210f", "timestamp": "1508919838", "to_ids": false, "value": "141.255.167.112", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c86-e07c-4196-9613-4611950d210f", "timestamp": "1508919838", "to_ids": false, "value": "194.87.92.6", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c87-c048-4a44-b72f-4946950d210f", "timestamp": "1508919838", "to_ids": false, "value": "62.109.30.96", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c87-74c0-4f83-a815-4bfc950d210f", "timestamp": "1508919838", "to_ids": false, "value": "194.87.146.161", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c87-10d4-434a-8329-9959950d210f", "timestamp": "1508919838", "to_ids": false, "value": "62.109.4.137", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c88-c3ac-45fc-adeb-4b79950d210f", "timestamp": "1508919838", "to_ids": false, "value": "194.87.239.60", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c88-ef80-43bf-9b36-4672950d210f", "timestamp": "1508919838", "to_ids": false, "value": "185.125.46.88", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c88-fbc0-40c9-971b-40ff950d210f", "timestamp": "1508919838", "to_ids": false, "value": "5.101.78.97", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c88-bc0c-456b-b74a-48d1950d210f", "timestamp": "1508919838", "to_ids": false, "value": "185.12.94.101", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c89-5940-40d5-bdc9-d493950d210f", "timestamp": "1508919838", "to_ids": false, "value": "193.19.119.190", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c89-5dc0-498e-a5e5-422b950d210f", "timestamp": "1508919838", "to_ids": false, "value": "179.43.147.232", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c89-56f8-4434-8088-4c64950d210f", "timestamp": "1508919838", "to_ids": false, "value": "195.133.197.198", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c89-9b00-4fc7-8cef-4399950d210f", "timestamp": "1508919838", "to_ids": false, "value": "188.227.17.104", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "59ef2c89-1018-4272-8bdd-4a80950d210f", "timestamp": "1508919839", "to_ids": false, "value": "194.87.111.47", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "- Xchecked via VT: 5f38c8bd1a58a755108d27a7fdf034b1", "category": "Artifacts dropped", "uuid": "59f04a1f-0be8-4be8-9070-4c1102de0b81", "timestamp": "1508919839", "to_ids": true, "value": "76e52d91742467b8772799531ba33f43287805753a26c3893d29676f55f5301a", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 5f38c8bd1a58a755108d27a7fdf034b1", "category": "Artifacts dropped", "uuid": "59f04a1f-0f90-40ec-8cd7-45b602de0b81", "timestamp": "1508919839", "to_ids": true, "value": "3a3c813526c60939e8cdd6a119194ee02d062d3c", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 5f38c8bd1a58a755108d27a7fdf034b1", "category": "External analysis", "uuid": "59f04a1f-f1b0-4ec7-b297-455902de0b81", "timestamp": "1508919839", "to_ids": false, "value": "https://www.virustotal.com/file/76e52d91742467b8772799531ba33f43287805753a26c3893d29676f55f5301a/analysis/1508852075/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: 7bbc46655683df7a0e842c0adff987a3", "category": "Artifacts dropped", "uuid": "59f04a1f-15f8-4be3-ba6a-49d602de0b81", "timestamp": "1508919839", "to_ids": true, "value": "0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 7bbc46655683df7a0e842c0adff987a3", "category": "Artifacts dropped", "uuid": "59f04a1f-68e8-417b-a2b6-4eb102de0b81", "timestamp": "1508919839", "to_ids": true, "value": "c631280d0ae50e708891fa72d73997bdf5f35bf6", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 7bbc46655683df7a0e842c0adff987a3", "category": "External analysis", "uuid": "59f04a1f-9980-40e8-97a3-470502de0b81", "timestamp": "1508919839", "to_ids": false, "value": "https://www.virustotal.com/file/0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc/analysis/1508917150/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: eae849f6510db451f4fbdb780b5d49aa", "category": "Artifacts dropped", "uuid": "59f04a1f-fa60-409c-8145-419602de0b81", "timestamp": "1508919839", "to_ids": true, "value": "6106d1b5963feb632eee28aaee5b68e85aef1d090c5e5ef2899b3a0f1a3f7c5b", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: eae849f6510db451f4fbdb780b5d49aa", "category": "Artifacts dropped", "uuid": "59f04a1f-4d5c-4b4c-ab21-486a02de0b81", "timestamp": "1508919839", "to_ids": true, "value": "60b9e6798a2099674fb189e262282d06ab7f29be", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: eae849f6510db451f4fbdb780b5d49aa", "category": "External analysis", "uuid": "59f04a1f-8130-4600-8161-4e9202de0b81", "timestamp": "1508919839", "to_ids": false, "value": "https://www.virustotal.com/file/6106d1b5963feb632eee28aaee5b68e85aef1d090c5e5ef2899b3a0f1a3f7c5b/analysis/1508916686/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": false, "date": "2017-10-24", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "59ef2c5a-eed8-4b10-88c4-4685950d210f"}}