misp-circl-feed/feeds/circl/misp/5a26b608-7e48-48c1-bf61-43a3950d210f.json

506 lines
No EOL
16 KiB
JSON

{
"Event": {
"analysis": "1",
"date": "2017-12-05",
"extends_uuid": "",
"info": "M2M - \"..doc\" 2017-11-30 : \"FL-123456 11.30.2017.7z\"",
"publish_timestamp": "1512555030",
"published": true,
"threat_level_id": "3",
"timestamp": "1512554615",
"uuid": "5a26b608-7e48-48c1-bf61-43a3950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "md5",
"uuid": "5a26b609-e89c-4385-9584-465a950d210f",
"value": "d4ddf8bfcc057fcfece2a498942079ce"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "md5",
"uuid": "5a26b609-c92c-4329-8eea-470e950d210f",
"value": "3ccbb316fdf9b7e6ae89584afc529e5f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "md5",
"uuid": "5a26b609-be98-4d9f-ba28-42b1950d210f",
"value": "612974dcb49adef982d9ad8d9cbdde36"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60a-a510-459b-844b-485f950d210f",
"value": "it2000.mycompany.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60a-b3c0-498b-aee7-4b23950d210f",
"value": "http://accessyouraudience.com/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60a-0794-4355-8983-493d950d210f",
"value": "accessyouraudience.com"
},
{
"category": "Network activity",
"comment": "accessyouraudience.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60b-a070-4eb5-95f6-40d3950d210f",
"value": "98.124.251.75"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60b-e25c-4a95-a17b-44d3950d210f",
"value": "http://alucmuhendislik.com/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60b-3e08-49e3-a06b-c6d3950d210f",
"value": "alucmuhendislik.com"
},
{
"category": "Network activity",
"comment": "alucmuhendislik.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60b-8010-4553-9e9b-4b38950d210f",
"value": "185.85.205.9"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60c-4084-4005-9c85-c53a950d210f",
"value": "http://awholeblueworld.com/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60d-e4e8-4ae3-839f-4e09950d210f",
"value": "awholeblueworld.com"
},
{
"category": "Network activity",
"comment": "awholeblueworld.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60d-4060-441c-a254-4243950d210f",
"value": "66.36.173.215"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60d-5728-42b0-bc69-46ae950d210f",
"value": "http://bit-chasers.com/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60d-c4a0-4af6-997a-4d69950d210f",
"value": "bit-chasers.com"
},
{
"category": "Network activity",
"comment": "bit-chasers.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"value": "98.124.251.176"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60e-a030-4a87-8bee-c6d3950d210f",
"value": "http://datenhaus.info/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60e-2510-488b-a1c2-4890950d210f",
"value": "datenhaus.info"
},
{
"category": "Network activity",
"comment": "datenhaus.info",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60e-bd00-483c-ae8b-42f4950d210f",
"value": "85.214.205.231"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60e-b7b4-4450-9cec-4b20950d210f",
"value": "http://hexacam.com/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60e-a764-4684-a7d6-419c950d210f",
"value": "hexacam.com"
},
{
"category": "Network activity",
"comment": "hexacam.com",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60f-7098-4491-86ae-4cd1950d210f",
"value": "98.124.251.65"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b60f-9220-4b4c-87e6-4cad950d210f",
"value": "http://mh-service.ru/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b60f-4c28-4e42-bd4d-40e1950d210f",
"value": "mh-service.ru"
},
{
"category": "Network activity",
"comment": "mh-service.ru",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b60f-d748-4d1f-be56-4204950d210f",
"value": "89.253.235.118"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b610-ce98-43c6-a598-4bae950d210f",
"value": "http://yamanashi-jyujin.jp/JHGcd476334"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b610-f084-4fe5-9357-c6d3950d210f",
"value": "yamanashi-jyujin.jp"
},
{
"category": "Network activity",
"comment": "yamanashi-jyujin.jp",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b610-e01c-4336-96aa-4669950d210f",
"value": "180.222.185.74"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b611-3390-4b2a-ae6c-4785950d210f",
"value": "https://n224ezvhg4sgyamb.onion.link/shfgealjh.php"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b611-fca0-46b3-afcb-42b3950d210f",
"value": "n224ezvhg4sgyamb.onion.link"
},
{
"category": "Network activity",
"comment": "n224ezvhg4sgyamb.onion.link",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b611-c76c-438e-9927-45ff950d210f",
"value": "188.166.203.69"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "url",
"uuid": "5a26b611-cb7c-4f30-a5b9-4d28950d210f",
"value": "http://summi.space/count.php?nu=105&fb=110"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "hostname",
"uuid": "5a26b612-737c-4c0a-b657-4136950d210f",
"value": "summi.space"
},
{
"category": "Network activity",
"comment": "summi.space",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "ip-dst",
"uuid": "5a26b612-0b58-40a9-b2a7-4d43950d210f",
"value": "198.23.241.227"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha256",
"uuid": "5a27c071-7a20-4a82-b93f-bbb602de0b81",
"value": "13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha1",
"uuid": "5a27c071-e8c8-40c6-ad17-bbb602de0b81",
"value": "b817e361bd0cc1819d7f6a1189f0f5d56ed48721"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "link",
"uuid": "5a27c071-4ca4-4de8-be48-bbb602de0b81",
"value": "https://www.virustotal.com/file/13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920/analysis/1512419605/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha256",
"uuid": "5a27c071-7c68-4d03-b967-bbb602de0b81",
"value": "ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha1",
"uuid": "5a27c071-4048-411c-a49d-bbb602de0b81",
"value": "cc3d01780eaabb8f429cd251acfc52370b95d149"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": false,
"type": "link",
"uuid": "5a27c071-adfc-43bd-b1ae-bbb602de0b81",
"value": "https://www.virustotal.com/file/ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040/analysis/1512362971/"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha256",
"uuid": "5a27c071-ae34-4e17-a860-bbb602de0b81",
"value": "7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc"
},
{
"category": "Artifacts dropped",
"comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554609",
"to_ids": true,
"type": "sha1",
"uuid": "5a27c071-657c-44cd-830c-bbb602de0b81",
"value": "b52e239c775781b1c569d246c88727573ba5904b"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512554610",
"to_ids": false,
"type": "link",
"uuid": "5a27c072-eb0c-4e56-9c49-bbb602de0b81",
"value": "https://www.virustotal.com/file/7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc/analysis/1512374263/"
}
]
}
}