132 lines
No EOL
3.9 KiB
JSON
132 lines
No EOL
3.9 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2016-03-28",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - McAfee Labs Threat Advisory Ransomware-Locky",
|
|
"publish_timestamp": "1459152772",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1459152153",
|
|
"uuid": "56f8e284-5b54-46d4-814d-3f2f02de0b81",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#2c4f00",
|
|
"name": "malware_classification:malware-category=\"Ransomware\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151544",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f8e2b8-0c7c-4feb-8a9f-3f2b02de0b81",
|
|
"value": "95.181.171.58"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151545",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f8e2b9-7d3c-4f53-87a9-3f2b02de0b81",
|
|
"value": "185.14.30.97"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151545",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f8e2b9-ff70-4ebf-9e22-3f2b02de0b81",
|
|
"value": "195.22.28.196"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151545",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "56f8e2b9-b300-47de-bb8c-3f2b02de0b81",
|
|
"value": "195.22.28.198"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151546",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56f8e2ba-a25c-4c09-a712-3f2b02de0b81",
|
|
"value": "pvwinlrmwvccuo.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151546",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56f8e2ba-a890-4712-a06f-3f2b02de0b81",
|
|
"value": "cgavqeodnop.it"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151546",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56f8e2ba-a53c-450e-bb42-3f2b02de0b81",
|
|
"value": "kqlxtqptsmys.in"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Imported via the freetext import.",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459151546",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "56f8e2ba-7bbc-4d5b-90a4-3f2b02de0b81",
|
|
"value": "wblejsfob.pw"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1459152153",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "56f8e519-f5d0-4992-84da-3f5d02de0b81",
|
|
"value": "https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf"
|
|
}
|
|
]
|
|
}
|
|
} |