1 line
No EOL
13 KiB
JSON
1 line
No EOL
13 KiB
JSON
{"Event": {"info": "M2M - GlobeImposter \"..doc\" 2017-12-28 :\n \"CCE28122017_001234\" - \"CCE28122017_001234.7z\"", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\""}], "publish_timestamp": "0", "timestamp": "1515012990", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "429839aa-8a63-48c6-a526-9c59fdc171bb", "sharing_group_id": "0", "timestamp": "1515012981", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "429839aa-8a63-48c6-a526-9c59fdc171bb", "uuid": "5a4d4373-4fe4-40ae-b837-4a0602de0b81", "timestamp": "1515012979", "referenced_uuid": "d0120535-9bae-48cb-89ef-3148489930ab", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a4d4372-3400-42f6-97a4-4bf502de0b81", "timestamp": "1515012978", "to_ids": true, "value": "6d30c34e4ee30cc257604ac00b73bd03abdf6f38", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a4d4373-ab88-4b0f-86cf-46e902de0b81", "timestamp": "1515012979", "to_ids": true, "value": "62461a2a840d61f1c1f6ded106666a56", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a4d4373-5488-4153-8cb3-438c02de0b81", "timestamp": "1515012979", "to_ids": true, "value": "f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "d0120535-9bae-48cb-89ef-3148489930ab", "sharing_group_id": "0", "timestamp": "1515012979", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a4d4373-3224-4970-af3e-410002de0b81", "timestamp": "1515012979", "to_ids": false, "value": "https://www.virustotal.com/file/f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232/analysis/1514527094/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a4d4373-7f90-4568-8224-4dbb02de0b81", "timestamp": "1515012979", "to_ids": false, "value": "32/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a4d4373-5ab0-45ca-8387-4dab02de0b81", "timestamp": "1515012979", "to_ids": false, "value": "2017-12-29 05:58:14", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "12590359-7f50-4ee1-b6c7-3308ecb45ea2", "sharing_group_id": "0", "timestamp": "1515012982", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "12590359-7f50-4ee1-b6c7-3308ecb45ea2", "uuid": "5a4d4374-1eac-464a-be83-49ca02de0b81", "timestamp": "1515012980", "referenced_uuid": "3b1a023e-0f4e-4f13-8763-5ca5ffab14c6", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a4d4373-e02c-4b81-9abe-4ec902de0b81", "timestamp": "1515012979", "to_ids": true, "value": "ad7627b1971bc7ac7ce81c77921adf6261bad79e", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a4d4373-c4c0-4c02-8aa0-4fa702de0b81", "timestamp": "1515012979", "to_ids": true, "value": "db0ecea901d4b4bf7aac1f6202e85bff", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a4d4373-ecb4-495a-9c3b-4ea702de0b81", "timestamp": "1515012979", "to_ids": true, "value": "34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "3b1a023e-0f4e-4f13-8763-5ca5ffab14c6", "sharing_group_id": "0", "timestamp": "1515012979", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a4d4373-178c-451f-b7b7-4ed802de0b81", "timestamp": "1515012979", "to_ids": false, "value": "https://www.virustotal.com/file/34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba/analysis/1514457956/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a4d4373-e534-4623-a086-45a302de0b81", "timestamp": "1515012979", "to_ids": false, "value": "11/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a4d4373-1430-49a8-9449-441a02de0b81", "timestamp": "1515012979", "to_ids": false, "value": "2017-12-28 10:45:56", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "1", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a4c917d-1d28-4808-b076-4942950d210f", "timestamp": "1514967421", "to_ids": true, "value": "db0ecea901d4b4bf7aac1f6202e85bff", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a4c917e-09dc-46a6-8dea-44f9950d210f", "timestamp": "1514967422", "to_ids": true, "value": "62461a2a840d61f1c1f6ded106666a56", "disable_correlation": false, "object_relation": null, "type": "md5"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9180-b100-426d-9d3e-4ce8950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://berkahbajamakmur.com/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9181-979c-421b-bad3-4f0b950d210f", "timestamp": "1515012978", "to_ids": true, "value": "berkahbajamakmur.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "berkahbajamakmur.com", "category": "Network activity", "uuid": "5a4c9183-0344-450c-8580-4990950d210f", "timestamp": "1515012978", "to_ids": false, "value": "202.71.103.249", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9184-dee8-419a-b52c-4af8950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://slimthrive.net/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9185-2b28-42b3-b58a-43af950d210f", "timestamp": "1515012978", "to_ids": true, "value": "slimthrive.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "slimthrive.net", "category": "Network activity", "uuid": "5a4c9187-04a0-4b05-bfaf-44e9950d210f", "timestamp": "1515012978", "to_ids": false, "value": "199.188.200.142", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9188-7188-4391-823d-4251950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://smartnewjerseyhomebuyers.com/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9189-7bbc-49ca-b2ef-4fdb950d210f", "timestamp": "1515012978", "to_ids": true, "value": "smartnewjerseyhomebuyers.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "smartnewjerseyhomebuyers.com", "category": "Network activity", "uuid": "5a4c918b-78fc-4790-86b9-4700950d210f", "timestamp": "1515012978", "to_ids": false, "value": "199.188.200.143", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c918c-c8bc-4554-bf8e-4b4b950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://standardfederalproperties.com/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c918d-2180-46cd-82ce-42ec950d210f", "timestamp": "1515012978", "to_ids": true, "value": "standardfederalproperties.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "standardfederalproperties.com", "category": "Network activity", "uuid": "5a4c918f-7f9c-4033-bd46-4226950d210f", "timestamp": "1515012978", "to_ids": false, "value": "162.144.81.164", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9191-67ec-484e-9820-43df950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://swarm-solutions.com/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9192-b3c4-4637-af92-4eed950d210f", "timestamp": "1515012978", "to_ids": true, "value": "swarm-solutions.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "swarm-solutions.com", "category": "Network activity", "uuid": "5a4c9193-69c4-4e05-ac16-4b82950d210f", "timestamp": "1515012978", "to_ids": false, "value": "50.62.228.1", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9195-4664-45df-9632-431a950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://weserve.world/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c9196-adb8-4406-9979-4540950d210f", "timestamp": "1515012978", "to_ids": true, "value": "weserve.world", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "weserve.world", "category": "Network activity", "uuid": "5a4c9198-77cc-47a0-88a4-432c950d210f", "timestamp": "1515012978", "to_ids": false, "value": "199.188.200.150", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c919a-cbd0-4c02-9698-4b49950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://yourappyourway.com/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c919b-b310-4a79-9817-411e950d210f", "timestamp": "1515012978", "to_ids": true, "value": "yourappyourway.com", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "yourappyourway.com", "category": "Network activity", "uuid": "5a4c919c-7d60-4c82-95b6-4c06950d210f", "timestamp": "1515012978", "to_ids": false, "value": "199.188.200.96", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c919d-f548-4b5f-bb53-432f950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://zeeshanasghar.website/06YefeR", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c919e-f1cc-4d65-a67b-477b950d210f", "timestamp": "1515012978", "to_ids": true, "value": "zeeshanasghar.website", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "", "category": "Network activity", "uuid": "5a4c91a0-6c1c-4139-9ec9-4f42950d210f", "timestamp": "1515012978", "to_ids": true, "value": "https://topyzscsu5poprxy.onion.link/shfgealjh.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c91a3-581c-4d8b-abae-4668950d210f", "timestamp": "1515012978", "to_ids": true, "value": "topyzscsu5poprxy.onion.link", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "topyzscsu5poprxy.onion.link", "category": "Network activity", "uuid": "5a4c91a5-3600-4769-bb3b-4c56950d210f", "timestamp": "1515012978", "to_ids": false, "value": "103.198.0.2", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5a4c91a7-a240-4109-894a-4bcf950d210f", "timestamp": "1515012978", "to_ids": true, "value": "http://psoeiras.net/js/count.php?nu=105&fb=110", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5a4c91a9-795c-4777-92c8-4769950d210f", "timestamp": "1515012978", "to_ids": true, "value": "psoeiras.net", "disable_correlation": false, "object_relation": null, "type": "hostname"}, {"comment": "psoeiras.net", "category": "Network activity", "uuid": "5a4c91ab-e288-43b6-a176-432b950d210f", "timestamp": "1515012978", "to_ids": false, "value": "74.220.219.67", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}], "extends_uuid": "", "published": false, "date": "2018-01-03", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a4c917d-b144-44cc-b046-4e53950d210f"}} |