616 lines
No EOL
18 KiB
JSON
616 lines
No EOL
18 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2017-10-11",
|
|
"extends_uuid": "",
|
|
"info": "M2M - Locky 2017-10-10 : Affid=3, offline, \".asasin\" : \"Voicemail From 845-551-1234\" - \"VMSG12345678_20171010.7z\"",
|
|
"publish_timestamp": "1507830039",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1507829816",
|
|
"uuid": "59ddbaf9-3874-405c-b2e7-4770950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#006c6c",
|
|
"name": "ecsirt:malicious-code=\"ransomware\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:ransomware=\"Locky\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829808",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59ddbafa-ae58-4bdd-93e5-4f83950d210f",
|
|
"value": "37c106c0d8e97fbe9ec10a037858ea23"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbafa-9554-4127-b998-4b20950d210f",
|
|
"value": "http://alucmuhendislik.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbafa-290c-436b-be26-4b6e950d210f",
|
|
"value": "alucmuhendislik.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "alucmuhendislik.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbafb-dfd4-47ce-9bf7-4b76950d210f",
|
|
"value": "185.85.205.9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbafb-d924-4a3d-9ebc-4d02950d210f",
|
|
"value": "http://atlantarecyclingcenters.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbafb-2450-4fa7-916d-4a83950d210f",
|
|
"value": "atlantarecyclingcenters.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "atlantarecyclingcenters.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbafb-ee64-40a0-a18f-31f8950d210f",
|
|
"value": "98.124.251.75"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbafb-df8c-47e5-9dd2-4fe9950d210f",
|
|
"value": "http://bit-chasers.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbafc-a27c-483c-a0c4-4de7950d210f",
|
|
"value": "bit-chasers.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "bit-chasers.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbafc-cf64-49fa-ba16-403d950d210f",
|
|
"value": "98.124.251.176"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbafc-dc84-4cb1-aac0-6211950d210f",
|
|
"value": "http://bjp.co.id/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbafc-2528-4a3f-ad70-096f950d210f",
|
|
"value": "bjp.co.id"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "bjp.co.id",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbaff-0390-4b26-aae3-b4e9950d210f",
|
|
"value": "202.169.44.167"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb00-ba20-48ab-91e6-4fc3950d210f",
|
|
"value": "http://centurythis.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb00-bec0-4b82-9c45-4ee1950d210f",
|
|
"value": "centurythis.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "centurythis.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb00-1c58-4fc5-b0c2-4150950d210f",
|
|
"value": "98.124.252.66"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb00-6228-4348-b57c-4590950d210f",
|
|
"value": "http://estudiperceptiva.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb00-d0c4-45a0-b06a-4e64950d210f",
|
|
"value": "estudiperceptiva.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "estudiperceptiva.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb01-a6c4-4ddd-9292-4183950d210f",
|
|
"value": "86.109.170.66"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb01-4d24-44e2-9e27-61c1950d210f",
|
|
"value": "http://handhi.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb01-7354-4c61-b480-41f3950d210f",
|
|
"value": "handhi.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "handhi.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb02-5cc4-41df-b08c-b4e9950d210f",
|
|
"value": "162.213.255.19"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb02-1800-4a39-8303-4e09950d210f",
|
|
"value": "http://hellonwheelsthemovie.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb02-b064-432a-a5a5-4374950d210f",
|
|
"value": "hellonwheelsthemovie.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "hellonwheelsthemovie.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb03-b66c-4d89-8b7b-4bc3950d210f",
|
|
"value": "66.36.165.149"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb03-7bf4-46fa-ac8f-479c950d210f",
|
|
"value": "http://hexacam.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb03-3ecc-4b7a-9a0c-6211950d210f",
|
|
"value": "hexacam.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "hexacam.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb03-68d0-4ce7-9d82-4a95950d210f",
|
|
"value": "98.124.251.65"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb03-9840-4d34-88cc-61c1950d210f",
|
|
"value": "http://logica-info.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb04-ec1c-42b5-a97c-4fd8950d210f",
|
|
"value": "logica-info.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "logica-info.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb04-5554-4d42-9027-b4e9950d210f",
|
|
"value": "202.169.44.143"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb04-c104-4f21-b82a-31f8950d210f",
|
|
"value": "http://mh-service.ru/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb04-72a8-4622-b662-4dc4950d210f",
|
|
"value": "mh-service.ru"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "mh-service.ru",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb05-bd8c-498b-b4f6-470c950d210f",
|
|
"value": "89.253.235.118"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb05-b74c-4048-ae7d-4e7a950d210f",
|
|
"value": "http://miamirecyclecenters.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb05-55f0-439b-8cfc-6211950d210f",
|
|
"value": "miamirecyclecenters.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb06-f4ac-4d03-b7ca-61c1950d210f",
|
|
"value": "http://monstermx.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb06-a7f4-408e-b861-4260950d210f",
|
|
"value": "monstermx.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "monstermx.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb06-4a78-4e45-8a70-409a950d210f",
|
|
"value": "107.152.98.20"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb07-d698-450c-bf30-b4e9950d210f",
|
|
"value": "http://m-tensou.net/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb07-5648-44f3-bcf3-4b45950d210f",
|
|
"value": "m-tensou.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "m-tensou.net",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb07-5b34-4f88-ae66-4248950d210f",
|
|
"value": "202.218.252.73"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb07-58d0-49b9-adca-4687950d210f",
|
|
"value": "http://paulcruse.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb08-7f8c-48c5-850b-6211950d210f",
|
|
"value": "paulcruse.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "paulcruse.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb08-3ffc-4b6e-b985-4c25950d210f",
|
|
"value": "91.215.186.147"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb08-6f84-49b4-a0be-096f950d210f",
|
|
"value": "http://suncoastot.com/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb08-3724-4f77-b69f-494f950d210f",
|
|
"value": "suncoastot.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "suncoastot.com",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "ip-dst",
|
|
"uuid": "59ddbb09-be44-43f1-a668-4ac6950d210f",
|
|
"value": "98.124.252.176"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "59ddbb09-b674-4272-bef6-4391950d210f",
|
|
"value": "http://nsaflow.info/p66/njhgftrf3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "59ddbb09-78dc-41cf-85c9-31f8950d210f",
|
|
"value": "nsaflow.info"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59dfa831-9e70-435a-816f-431802de0b81",
|
|
"value": "a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59dfa831-eff4-475c-bd04-48e202de0b81",
|
|
"value": "27d90243d7289de58022850f98c5a0333e8da235"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 37c106c0d8e97fbe9ec10a037858ea23",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1507829809",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59dfa831-efd4-4add-a72b-414502de0b81",
|
|
"value": "https://www.virustotal.com/file/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7/analysis/1507743716/"
|
|
}
|
|
]
|
|
}
|
|
} |