1 line
No EOL
20 KiB
JSON
1 line
No EOL
20 KiB
JSON
{"Event": {"info": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-11-01 : \"Invoice\" - \"12345_Invoice.doc\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Locky\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Trick Bot\""}], "publish_timestamp": "1510257959", "timestamp": "1510257997", "analysis": "1", "Attribute": [{"comment": "", "category": "Artifacts dropped", "uuid": "5a044ec2-4aac-4839-ac9f-717b950d210f", "timestamp": "1510257957", "to_ids": true, "value": "1949e616ddb130c27c0e65ddb170d5a9", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "5a044ec2-1edc-48ad-bf31-cd35950d210f", "timestamp": "1510257957", "to_ids": true, "value": "4cd6a1c9aaf6ef7445900d94a978dfcb", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Artifacts dropped", "uuid": "5a044ec2-921c-4007-9857-4ab6950d210f", "timestamp": "1510257957", "to_ids": true, "value": "5525cc2e9b021a6c5cda63a7c3a3e9c9", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec2-a6ac-48db-9608-cdb4950d210f", "timestamp": "1510257957", "to_ids": true, "value": "http://cirad.or.id/mnfTRw3", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec3-d960-48d0-a2b8-429f950d210f", "timestamp": "1510257957", "to_ids": true, "value": "cirad.or.id", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "cirad.or.id", "category": "Network activity", "uuid": "5a044ec4-f87c-4b99-b7a5-cc6f950d210f", "timestamp": "1510257957", "to_ids": false, "value": "202.145.0.45", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec4-ffe4-4b1a-8101-cdab950d210f", "timestamp": "1510257957", "to_ids": true, "value": "http://heart-sp.com/mnfTRw3", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec4-9820-4356-ad87-4661950d210f", "timestamp": "1510257957", "to_ids": true, "value": "heart-sp.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "heart-sp.com", "category": "Network activity", "uuid": "5a044ec6-37f0-4d22-8c85-4c47950d210f", "timestamp": "1510257957", "to_ids": false, "value": "111.68.20.150", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec6-353c-4c68-a3b2-49bc950d210f", "timestamp": "1510257957", "to_ids": true, "value": "http://hilaryandsavio.com/mnfTRw3", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec6-ab84-4b85-b123-717b950d210f", "timestamp": "1510257957", "to_ids": true, "value": "hilaryandsavio.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "hilaryandsavio.com", "category": "Network activity", "uuid": "5a044ec7-19ac-4bec-b7ed-4e9f950d210f", "timestamp": "1510257957", "to_ids": false, "value": "72.249.127.194", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec7-6948-4904-bb94-75a9950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://internet-webshops.de/mnfTRw3", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec7-adb4-4bfe-99ef-4ce6950d210f", "timestamp": "1510257958", "to_ids": true, "value": "internet-webshops.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "internet-webshops.de", "category": "Network activity", "uuid": "5a044ec8-a4d4-41f3-91c3-4946950d210f", "timestamp": "1510257958", "to_ids": false, "value": "217.160.224.147", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec8-98a8-4dae-807d-991b950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://givagarden.com/mnfTRw3", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec8-6e88-492b-b465-cd7d950d210f", "timestamp": "1510257958", "to_ids": true, "value": "givagarden.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "givagarden.com", "category": "Network activity", "uuid": "5a044ec8-560c-4c98-a799-cd35950d210f", "timestamp": "1510257958", "to_ids": false, "value": "93.186.244.43", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec9-2674-4c92-973b-2214950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://toptrends.org/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ec9-01e4-4eb9-981e-4eba950d210f", "timestamp": "1510257958", "to_ids": true, "value": "toptrends.org", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "toptrends.org", "category": "Network activity", "uuid": "5a044eca-e554-4590-8358-4c28950d210f", "timestamp": "1510257958", "to_ids": false, "value": "87.230.95.138", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044eca-9580-4921-bcd1-cd7d950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://celebrityonline.cz/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044eca-20e4-4db6-8816-717b950d210f", "timestamp": "1510257958", "to_ids": true, "value": "celebrityonline.cz", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "celebrityonline.cz", "category": "Network activity", "uuid": "5a044ecb-ce04-4144-bd4c-4d45950d210f", "timestamp": "1510257958", "to_ids": false, "value": "78.24.8.144", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecb-6658-4a5c-8d08-4021950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://aurea-art.ru/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecb-a790-4494-8965-cdb4950d210f", "timestamp": "1510257958", "to_ids": true, "value": "aurea-art.ru", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "aurea-art.ru", "category": "Network activity", "uuid": "5a044ecb-36f0-43d5-970c-2214950d210f", "timestamp": "1510257958", "to_ids": false, "value": "212.220.124.226", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecc-3428-481d-96b6-44f1950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://transmercasa.com/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecc-f998-4ea3-b12d-cdb1950d210f", "timestamp": "1510257958", "to_ids": true, "value": "transmercasa.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "transmercasa.com", "category": "Network activity", "uuid": "5a044ecc-808c-437a-9c38-cc6f950d210f", "timestamp": "1510257958", "to_ids": false, "value": "75.98.175.70", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecc-13d8-4f6e-96fa-cdab950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://envi-herzog.de/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecd-080c-412a-a7a6-400a950d210f", "timestamp": "1510257958", "to_ids": true, "value": "envi-herzog.de", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "envi-herzog.de", "category": "Network activity", "uuid": "5a044ecd-d81c-4ce0-86f7-4777950d210f", "timestamp": "1510257958", "to_ids": false, "value": "194.116.187.130", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecd-0f68-4015-a3d0-20a6950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://dotecnia.cl/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecd-09dc-4877-82e5-424c950d210f", "timestamp": "1510257958", "to_ids": true, "value": "dotecnia.cl", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "dotecnia.cl", "category": "Network activity", "uuid": "5a044ece-540c-4253-8932-cdb1950d210f", "timestamp": "1510257958", "to_ids": false, "value": "72.249.104.96", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ece-2410-4c72-8770-4694950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://claridge-holdings.com/ndgHSKFte4", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ece-e60c-4808-8a9c-4c53950d210f", "timestamp": "1510257958", "to_ids": true, "value": "claridge-holdings.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "claridge-holdings.com", "category": "Network activity", "uuid": "5a044ecf-8a70-4600-8324-cdab950d210f", "timestamp": "1510257958", "to_ids": false, "value": "202.160.120.194", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecf-6c50-4f56-937f-cd35950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://dalmobil.info/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ecf-a4c0-403b-9923-4233950d210f", "timestamp": "1510257958", "to_ids": true, "value": "dalmobil.info", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed0-08c4-4c72-9551-cda3950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://flipcapella.com/KJ63dggs332", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed0-b238-410e-9bb1-20a6950d210f", "timestamp": "1510257958", "to_ids": true, "value": "flipcapella.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "flipcapella.com", "category": "Network activity", "uuid": "5a044ed0-a514-406f-8de0-4e77950d210f", "timestamp": "1510257958", "to_ids": false, "value": "188.40.94.83", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed0-2498-4074-a602-45f2950d210f", "timestamp": "1510257958", "to_ids": true, "value": "http://hobbystube.net/djskfh824", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed1-7554-4dfe-99d1-991b950d210f", "timestamp": "1510257958", "to_ids": true, "value": "hobbystube.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "hobbystube.net", "category": "Network activity", "uuid": "5a044ed1-b108-453b-affc-cc6f950d210f", "timestamp": "1510257958", "to_ids": false, "value": "83.220.128.111", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed1-3170-44eb-b4bb-cd7d950d210f", "timestamp": "1510257958", "to_ids": false, "value": "176.120.126.21", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed2-bb8c-44e7-b091-717b950d210f", "timestamp": "1510257958", "to_ids": false, "value": "156.17.92.161", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed2-a16c-46a3-9685-44ec950d210f", "timestamp": "1510257958", "to_ids": false, "value": "187.191.0.42", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed2-9ee4-4908-9e60-cdb4950d210f", "timestamp": "1510257958", "to_ids": false, "value": "181.211.34.154", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed2-00bc-4dfb-a3e0-48c3950d210f", "timestamp": "1510257958", "to_ids": false, "value": "200.117.251.52", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed3-bbb8-4639-823e-439d950d210f", "timestamp": "1510257958", "to_ids": false, "value": "78.24.217.88", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed3-4130-4562-9185-44fe950d210f", "timestamp": "1510257958", "to_ids": false, "value": "62.109.1.68", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed3-1be0-4100-971b-cd7d950d210f", "timestamp": "1510257958", "to_ids": false, "value": "195.133.147.74", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed4-30c8-48ef-9fb2-cd35950d210f", "timestamp": "1510257958", "to_ids": false, "value": "195.133.146.117", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed4-7d50-4d06-8f0f-4c40950d210f", "timestamp": "1510257958", "to_ids": false, "value": "195.133.146.122", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed4-cff0-465e-af6b-4a56950d210f", "timestamp": "1510257958", "to_ids": false, "value": "78.24.222.226", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed4-bda8-45ed-9993-cdb4950d210f", "timestamp": "1510257958", "to_ids": false, "value": "95.213.252.23", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed5-455c-4cdc-92cb-430c950d210f", "timestamp": "1510257958", "to_ids": false, "value": "95.213.251.95", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed5-7200-426d-a34e-2214950d210f", "timestamp": "1510257958", "to_ids": false, "value": "194.87.93.55", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed5-dd58-4892-b825-4863950d210f", "timestamp": "1510257958", "to_ids": false, "value": "62.109.8.186", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed6-9770-4714-8de8-cd7d950d210f", "timestamp": "1510257958", "to_ids": false, "value": "188.120.246.189", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed6-6c1c-4438-a4e8-717b950d210f", "timestamp": "1510257958", "to_ids": false, "value": "194.87.98.249", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed6-7028-45a9-9513-cda3950d210f", "timestamp": "1510257958", "to_ids": false, "value": "95.213.195.174", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed6-9274-4758-bf80-cdb4950d210f", "timestamp": "1510257958", "to_ids": false, "value": "185.143.173.244", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed7-618c-450b-883d-75a9950d210f", "timestamp": "1510257959", "to_ids": false, "value": "194.87.110.113", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed7-5be4-4402-a588-991b950d210f", "timestamp": "1510257959", "to_ids": false, "value": "179.43.147.241", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed7-f23c-41a9-a967-4355950d210f", "timestamp": "1510257959", "to_ids": false, "value": "82.146.43.178", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed8-b91c-4c06-9d69-cd7d950d210f", "timestamp": "1510257959", "to_ids": false, "value": "185.158.114.114", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed8-ca3c-406f-b637-cd35950d210f", "timestamp": "1510257959", "to_ids": false, "value": "62.109.10.93", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a044ed8-57e4-4970-a252-4e63950d210f", "timestamp": "1510257959", "to_ids": false, "value": "185.34.52.236", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb", "category": "Artifacts dropped", "uuid": "5a04b527-d510-4195-8195-400a02de0b81", "timestamp": "1510257959", "to_ids": true, "value": "f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb", "category": "Artifacts dropped", "uuid": "5a04b527-1640-46be-bdf3-418e02de0b81", "timestamp": "1510257959", "to_ids": true, "value": "a00eaf4174afc4086356f87cc3df1255dd707604", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 4cd6a1c9aaf6ef7445900d94a978dfcb", "category": "External analysis", "uuid": "5a04b527-86f4-4327-9085-4d9702de0b81", "timestamp": "1510257959", "to_ids": false, "value": "https://www.virustotal.com/file/f4ac7eacaaecdfdcfc9c75e0562ed3c69d814d6455b8aa57cc46bc0301681f87/analysis/1509591920/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9", "category": "Artifacts dropped", "uuid": "5a04b527-a4a8-4cea-b11a-4ac102de0b81", "timestamp": "1510257959", "to_ids": true, "value": "cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9", "category": "Artifacts dropped", "uuid": "5a04b527-0c38-4de7-9bb4-466202de0b81", "timestamp": "1510257959", "to_ids": true, "value": "0887de24845eb898c5bcaba9139ed701cde61325", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "- Xchecked via VT: 1949e616ddb130c27c0e65ddb170d5a9", "category": "External analysis", "uuid": "5a04b527-6ce8-4069-ba5e-45c702de0b81", "timestamp": "1510257959", "to_ids": false, "value": "https://www.virustotal.com/file/cdb624ad2e278dc12047d4216f8b79d49824db2827be4d626e8108a07683d596/analysis/1509682395/", "disable_correlation": false, "object_relation": null, "type": "link"}], "extends_uuid": "", "published": false, "date": "2017-11-09", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a044ec0-f460-4e39-921e-cda3950d210f"}} |